About This Book

This book is one more tool to help you get ready for this challenging exam. It is not a substitute for reading the source documentation, though! You must read the document that the exam focuses on, SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks . You would also be wise to read the original SAFE document, sometimes known as "Enterprise SAFE," although its actual title is SAFE: A Security Blueprint for Enterprise Networks . You also should read the version that goes into more depth for VPNS, SAFE VPN: IPSec Virtual Private Networks in Depth . "SAFE," by the way, has been used by Cisco for these blueprints as though it were an acronym, but it has never been spelled out.

Each topical Exam Cram 2 chapter follows a regular structure and contains graphical cues about important or useful information. Here's the structure of a typical chapter:

• Opening hotlists Each chapter begins with a list of the terms, tools, and techniques that you must learn and understand before you can be fully conversant with that chapter's subject matter. The hotlists are followed by one or two introductory paragraphs to set the stage for the rest of the chapter.

• Topical coverage After the opening hotlists and introductory text, each chapter covers a series of topics related to the chapter's subject. Throughout that section, I highlight topics or concepts that are likely to appear on a test, using a special element called an alert:

  This is what an alert looks like. Normally, an alert stresses concepts, terms, software, or activities that are likely to relate to one or more certification-test questions. For that reason, I think any information in an alert is worthy of unusual attentiveness on your part.

  
  

  You should pay close attention to material flagged in Exam Alerts. Although all the information in this book pertains to what you need to know to pass the exam, Exam Alerts contain information that is really important. You'll find what appears in the meat of each chapter to be worth knowing, too, when preparing for the test. Because this book's material is very condensed, we recommend that you use this book along with other resources to achieve the maximum benefit.

  In addition to the alerts, I provide tips that will help you build a better foundation for Cisco SAFE knowledge. Although the tip information might not be on the exam, it is certainly related and will make you a better-informed test-taker.

  This is how tips are formatted. Keep your eyes open for these, and you'll become a Cisco CCSP guru in no time!

  
  

  This is how notes are formatted. Notes direct your attention to important pieces of information that relate to Cisco certification.

  
  

• Exam prep questions Although I talk about test questions and topics throughout the book, the section at the end of each chapter presents a series of mock test questions and explanations of both correct and incorrect answers.

• Details and resources Every chapter ends with a section titled "Need to Know More?" That section provides direct pointers to Cisco and third-party resources that offer more details on the chapter's subject. In addition, that section tries to rank or at least rate the quality and thoroughness of the topic's coverage by each resource. If you find a resource that you like in that collection, you should use it, but you shouldn't feel compelled to use all the resources. On the other hand, I recommend only resources that I use on a regular basis, so none of my recommendations will be a waste of your time or money.

As a tool, this book is organized to be sure you have all the information you need to pass the exam. Because Cisco exams need not be taken in a particular sequence, you might find material here that you already know quite well but that others who perhaps have not yet taken other exams do need. Even if you see material that you are confident about, it never hurts to review it; I encourage you to at least skim what is here on that topic. The chapters follow this sequence:

• Chapter 1: Overview of Cisco Certification

• Chapter 2: Information Assets

• Chapter 3: Threats

• Chapter 4: The Security Policy

• Chapter 5: Management Protocols and Functions

• Chapter 6: The SAFE Security Blueprint

• Chapter 7: The Extended SAFE Blueprints

• Chapter 8: Products in the Campus

• Chapter 9: Products in the Edge

• Chapter 10: The Small Network Implementation

• Chapter 11: The Medium Network Implementation

• Chapter 12: The Remote-User Design

• Chapter 13: Practice Exam 1

• Chapter 14: Answers to Practice Exam 1

• Chapter 15: Practice Exam 2

• Chapter 16: Answers to Practice Exam 2

• Appendixes and Glossary

The two practice exams in Chapters 13 and 15 are a completely separate set of questions, so the combination gives you two looks at testing yourself on the material. Finally, each chapter has a section called "Need to Know More?" This section provides information on books and Web sites where you can flesh out your knowledge of the material relevant to that particular chapter.

This book includes a number of diagrams. Although some authors like to use the Cisco icon set, which can be downloaded from Cisco's Web page (if you have Visio, you can search for "visio icons" at Cisco's Web page and get a set to use with that program), I don't. Some of the icons look a great deal alike (such as a router versus a router with a firewallthe difference is in the edging of the flat cylinder figure), and there are now many icons because the range of specialized network products has grown so rapidly . It's easy to lose track of which icon is which product, but with labeled figures, it is easier to keep track. For those who know the icons, using labeled figures also means that you have to look at the diagram rather than glance over it. I want to get your mind engaged in the diagram by making you look at it carefully .

In a number of cases, I have provided sample commands and command syntax. The syntax presented uses the same conventions that you will see in any documentation you download from Cisco:

• Items in bold are syntax you enter as is.

• Items in curly braces{ a b c} represent choices from which you must select one; one of these is required.

• Items in square braces[a b c]are optional choices; you can use one of these or none of them.

• Items in plain_italics are variable names ; you should replace each of them with an appropriate value (such as replacing ip_address with 192.168.12.18).

The software releases from which I took the commands referenced were IOS 12.2 Mainline for routers, PIX Firewall OS Version 6.2, and Catalyst 3550 Version 12.1(13)EA1.

One comment about the two practice exams, then a disagreement , and then we can get to work! Two practice exams are included at the end of this book (Chapters 13 and 15the answers are in Chapters 14 and 16). These two exams are as much like the real exam as I could make them without violating the NDA. Part of that similarity is that, although the end-of-chapter Exam Prep questions have an icon to designate especially tricky questions, these practice exams do not use the "Trick Question" icon, even though there are some tricky questions in them. Cisco won't tell you on the exam that a question was intended to be tricky (or even that it turned out to be tricky), so having to deal with them as they show up is good practice. Likewise, sometimes in the exam you might have a cluster of questions (three or even four) in a row on the same topic, but the rest of the time the topics will bounce from one to another. Therefore, I set up the practice exams in both ways: In Chapter 13, the questions are generally clustered by topic, with a little bouncing around; in Chapter 15, the theme is to bounce all over, with an occasional pair of questions on a topic. You'll get practice at both approaches.

Here's the disagreement: Cisco tends to keep its certification program evolving, which means that the training and the exams also evolve . In August 2003, while I was writing this book, a few of us on the GroupStudy list argued about the idea of the "four threat types," which one person said was a part of the "SAFE Test Blueprint." Actually, as I'll note in Chapter 1, neither the Exam Description nor the Exam Topics mention "threat types," much less specify a number of them. However, the CSI Training offered by Cisco training partners mentions "four threat types." That was where the argument really began : One person insisted he had seen in his training that the four types were structured, unstructured, internal, and external. However, I pointed out that previous training had listed four threat types as the four I have used in this book: reconnaissance, unauthorized access, denial of service, and data manipulation. Although we can argue over which training is reflected in the current release of the exam as you read this, the release of the exam that I took (642-541, on June 28, 2003) included a question that reflected the four types I have used.

By the time you take the exam, the question might have evolved to match the list the other person cited. Of course, it could still reflect the list I saw. Look at the wording of the question and the list of possible answers, and answer accordingly . You might see a question such as, "Which of these is not one of the four threat types but commonly occurs?" If three of the answers are structured, unstructured, and internal, and the other answer is unauthorized access, the last is the correct answer to the question. If the available answers are data manipulation, denial of service, unauthorized access, and internal, the answer is internal. Look for the one that is not from the same group as the others, and bear in mind any clever phrasing in the question.

You have to understand a great deal of material to really understand what goes on in the SAFE Blueprints: why certain technologies are used and why they are used in some places and not others. This book will help by ensuring that you have background material on network security (Chapters 24) and that you understand the security aspects of management protocols (Chapter 5), the Blueprints themselves (Chapters 67), the Cisco products used in them (Chapters 89), and, finally, how the three main parts of the SAFE SMR Blueprint put all the pieces together (Chapters 1012).

The place to begin, of course, is Chapter 1, where I'll talk a little about the exam itself and what you can expect.