CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022)

Page 1 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 1 preview image

Page 2 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 2 preview image

Page 3 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 3 preview image

CCNP Security Cisco SecureFirewall and IntrusionPrevention SystemOfficial Cert GuideNazmul RajibCisco Press

Page 4 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 4 preview image

CCNP Security Cisco Secure Firewall andIntrusion Prevention System Official Cert GuideNazmul RajibCopyright© 2022 Cisco Systems, Inc.Published by:Cisco PressAll rights reserved. No part of this book may be reproduced ortransmitted in any form or by any means, electronic or mechanical,including photocopying, recording, or by any information storage andretrieval system, without written permission from the publisher,except for the inclusion of brief quotations in a review.ScoutAutomatedPrintCodeLibrary of Congress Control Number: 2022933632ISBN-13: 978-0-13-658970-9ISBN-10: 0-13-658970-7Warning and DisclaimerThis book is designed to provide information about the CCNPSecurity exam concentrating on Cisco Secure Firewall and IntrusionPrevention System (IPS). Every effort has been made to make thisbook as complete and as accurate as possible, but no warranty orfitness is implied.The information is provided on an “as is” basis. The author, CiscoPress, and Cisco Systems, Inc. shall have neither liability norresponsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book or fromthe use of the discs or programs that may accompany it.

Page 5 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 5 preview image

The opinions expressed in this book belong to the author and are notnecessarily those of Cisco Systems, Inc.Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks orservice marks have been appropriately capitalized. Cisco Press orCisco Systems, Inc., cannot attest to the accuracy of thisinformation. Use of a term in this book should not be regarded asaffecting the validity of any trademark or service mark.Microsoft and/or its respective suppliers make no representationsabout the suitability of the information contained in the documentsand related graphics published as part of the services for anypurpose. All such documents and related graphics are provided “asis” without warranty of any kind. Microsoft and/or its respectivesuppliers hereby disclaim all warranties and conditions with regard tothis information, including all warranties and conditions ofmerchantability, whether express, implied or statutory, fitness for aparticular purpose, title and non-infringement. In no event shallMicrosoft and/or its respective suppliers be liable for any special,indirect or consequential damages or any damages whatsoeverresulting from loss of use, data or profits, whether in an action ofcontract, negligence or other tortious action, arising out of or inconnection with the use or performance of information available fromthe services.The documents and related graphics contained herein could includetechnical inaccuracies or typographical errors. Changes areperiodically added to the information herein. Microsoft and/or itsrespective suppliers may make improvements and/or changes in theproduct(s) and/or the program(s) described herein at any time.Partial screenshots may be viewed in full within the software versionspecified.Microsoft®and Windows®are registered trademarks of the MicrosoftCorporation in the U.S.A. and other countries. Screenshots andicons reprinted with permission from the Microsoft Corporation. This

Page 6 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 6 preview image

book is not sponsored or endorsed by or affiliated with the MicrosoftCorporation.Special SalesFor information about buying this title in bulk quantities, or for specialsales opportunities (which may include electronic versions; customcover designs; and content particular to your business, traininggoals, marketing focus, or branding interests), please contact ourcorporate sales department at corpsales@pearsoned.com or (800)382-3419.For government sales inquiries, please contactgovernmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.Feedback InformationAt Cisco Press, our goal is to create in-depth technical books of thehighest quality and value. Each book is crafted with care andprecision, undergoing rigorous development that involves the uniqueexpertise of members from the professional technical community.Readers’ feedback is a natural continuation of this process. If youhave any comments regarding how we could improve the quality ofthis book, or otherwise alter it to better suit your needs, you cancontact us through email at feedback@ciscopress.com. Pleasemake sure to include the book title and ISBN in your message.We greatly appreciate your assistance.Editor-in-Chief:Mark TaubAlliances Manager, Cisco Press:Arezou GolDirector, ITP Product Management:Brett BartowExecutive Editor:James Manly

Page 7 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 7 preview image

Managing Editor:Sandra SchroederDevelopment Editor:Ellie BruSenior Project Editor:Tonya SimpsonCopy Editor:Chuck HutchinsonTechnical Editors:Ed Mendez, John WiseEditorial Assistant:Cindy TeetersCover Designer:Chuti PrasertsithComposition:codeMantraIndexer:Timothy WrightProofreader:Donna MulderAmericas HeadquartersCisco Systems, Inc.San Jose, CAAsia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.SingaporeEurope HeadquartersCisco Systems International BVAmsterdam, The NetherlandsCisco has more than 200 offices worldwide. Addresses, phonenumbers, and fax numbers are listed on the Cisco Website atwww.cisco.com/go/offices.CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo,Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco

Page 8 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 8 preview image

TelePresence, Cisco WebEx, DCE, and Welcome to the HumanNetwork are trademarks; Changing the Way We Work, Live, Play,and Learn and Cisco Store are service marks; and Access Registrar,Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA,CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisca, the CiscoCertified Internetwork Expert logo, Cisco IOS, Cisco Press, CiscoSystems, Cisco Systems Capital, the Cisco Systems logo, CiscoUnity, Collaboration Without Limitation, EtherFast, EtherSwitch,Event Center, Fast Step, Follow Me Browsing, FormShare,GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study,IronPort, the IronPort logo, LightStream, Linksys, MediaTone,MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers,Networking Academy, Network Registrar, PCNow, PIX,PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet,Spectrum Expert, StackWise. The Fastest Way to Increase YourInternet Quotient, TransPath, WebEx, and the WebEx logo areregistered trademarks of Cisco Systems, Inc. and/or its affiliates inthe United States and certain other countries.All other trademarks mentioned In this document or website are theproperty of their respective owners. The use of the word partnerdoes not imply a partnership relationship between Cisco and anyother company. (0812R)

Page 9 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 9 preview image

Pearson’s Commitment to Diversity,Equity, and InclusionPearson is dedicated to creating bias-free content that reflects thediversity of all learners. We embrace the many dimensions ofdiversity, including but not limited to race, ethnicity, gender,socioeconomic status, ability, age, sexual orientation, and religiousor political beliefs.Education is a powerful force for equity and change in our world. Ithas the potential to deliver opportunities that improve lives andenable economic mobility. As we work with authors to create contentfor every product and service, we acknowledge our responsibility todemonstrate inclusivity and incorporate diverse scholarship so thateveryone can achieve their potential through learning. As the world’sleading learning company, we have a duty to help drive change andlive up to our purpose to help more people create a better life forthemselves and to create a better world.Our ambition is to purposefully contribute to a world whereEveryone has an equitable and lifelong opportunity to succeedthrough learningOur educational products and services are inclusive andrepresent the rich diversity of learnersOur educational content accurately reflects the histories andexperiences of the learners we serveOur educational content prompts deeper discussions withlearners and motivates them to expand their own learning (andworldview)

Page 10 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 10 preview image

While we work hard to present unbiased content, we want to hearfrom you about any concerns or needs with this Pearson product sothat we can investigate and address them.Please contact us with concerns about any potential bias athttps://www.pearson.com/report-bias.html.

Page 11 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 11 preview image

About the AuthorNazmul Rajibis a senior product marketing manager of CiscoSystems, Inc. He leads Cisco’s global initiatives on cybersecurityenablement, focusing on the firewall and intrusion preventiontechnologies. As a senior member of the Security Business Group(SBG), Nazmul regularly advises Cisco on security productroadmaps, content strategies, and technical communications. Hedevelops training programs for the Global Security SalesOrganization (GSSO) and worldwide channel partners. Nazmul alsoworked as a technical marketing engineer in the productmanagement organization, where he was responsible for validatingsecurity designs, researching best practices, publishing whitepapers, and presenting new security capabilities.Prior to joining Cisco’s core business group, Nazmul served as asenior information security consultant in the Cisco advancedservices organization. With more than a decade of experience,Nazmul assisted many Fortune 500 companies, governmentagencies, and international organizations. He frequently met Ciscocustomers to address their critical security concerns and to runworkshops.

Page 12 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 12 preview image

Previously, Nazmul was a technical lead in the Cisco CustomerExperiences (CX) organization, where he consistently assisted thesecurity engineers, and spearheaded the engineering efforts to solvebusiness-critical escalations. He developed several trainingprograms and taught many Cisco engineers worldwide. Nazmulpublished numerous articles on the Cisco website. In addition to thisbook, he has authored the best-selling security bookCiscoFirepower Threat Defense(ISBN: 9781587144806).Nazmul is a veteran of Sourcefire, Inc., which developed the world’sgreatest open-source intrusion prevention system. At Sourcefire,Nazmul created and managed the customer knowledge base, newhire onboarding process, and partner certification program. Heroutinely trained Sourcefire’s security engineers and managedsecurity service providers (MSSP) in the United States.Nazmul has a master of science degree in Internetworking. He alsoholds many certifications in the areas of cybersecurity, informationtechnology, technical communication, and product marketing. He is aSourcefire Certified Expert and Sourcefire Certified SecurityEngineer.

Page 13 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 13 preview image

About the Technical ReviewersEd Mendezis a senior instructional design and training managerwith Cisco Systems, Inc. He has been an education specialist andinstructor of many IT security products and technologies for morethan 20 years. Ed works with the Cisco certification developmentteam and develops courseware for various Cisco securitycertification programs. He came to Cisco from the Sourcefireacquisition, where he developed courseware, designed labinfrastructure, and delivered training on many Sourcefire products,including Firepower NGFW, NGIPS, AMP, and Snort. Before joiningSourcefire, he worked at Internet Security Systems (ISS) in theprofessional services and education departments. Besides holdingcertifications on many products for which he developed trainingcourses, he also earned CISSP certification in 2002.John Wiseis a senior security instructor and courseware developerwith Cisco Systems, Inc., specializing in Cisco Secure FirewallThreat Defense (FTD) and Advanced Malware Protection (AMP). Hedevelops and delivers the Cisco training offerings on next-generationfirewall (NGFW) and next-generation intrusion prevention systems(NGIPS). With his decade of teaching and security experiences,John also coaches new instructors at the Cisco CustomerExperience (CX) organization. John has been recognized as aDistinguished Speaker at various Cisco Live events held in theUnited States, Europe, and Latin America.

Page 14 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 14 preview image

DedicationsMy Lord!Grant me wisdom, and join me with the righteous.Bless me with honorable mention among later generations.Glory be to You!We have no knowledge except what You have taught us.You are truly the All-Knowing, All-Wise.(The Quran)

Page 15 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 15 preview image

AcknowledgmentsMy journey to write this book commenced in early 2020. The planwas to conclude the project within a year. However, 2020 turned outto be an unprecedented year. All praise belongs to God for keepingme safe throughout the pandemic and giving me the ability tocomplete this book.It took hundreds of hours to write this book. I would not be able toconcentrate on research and writing without my wife’s support andsacrifice. I am grateful for her unfailing patience and unwaveringdevotion.Sometimes I needed a smile, strength, and stamina to keep goingwith writing. My marvelous princesses did an amazing job to keeptheir dad motivated. Their big hugs, kind words, and prayers inspireme to persevere.I would also like to extend my gratitude to all my colleagues,students, and readers around the world for encouraging me withgreat feedback on my publications. It is delightful to see the photosof my books on your blog posts.Many thanks to the technical reviewers for taking the time to reviewthe chapters and providing me invaluable feedback. Theircomments, compliments, and commitments have beenindispensable to this book.Finally, I would like to recognize all the editors at Cisco Press forworking with me diligently and keeping me on track to get this bookpublished.

Page 16 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 16 preview image

Contents at a GlanceIntroductionPart IGeneral DeploymentChapter 1Introduction to Cisco Secure Firewall and IPSChapter 2Deployment of Secure Firewall VirtualChapter 3Licensing and RegistrationChapter 4Firewall Deployment in Routed ModeChapter 5Firewall Deployment in Transparent ModeChapter 6IPS-Only Deployment in Inline ModeChapter 7Deployment in Detection-Only ModePart IIBasic Security OperationsChapter 8Capturing Traffic for Advanced AnalysisChapter 9Network Discovery PolicyChapter 10 Access Control PolicyChapter 11 Prefilter PolicyChapter 12 Security IntelligenceChapter 13 Domain Name System (DNS) PolicyChapter 14 URL FilteringPart IIIAdvanced Configurations

Page 17 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 17 preview image

Chapter 15 Network Analysis and Intrusion PoliciesChapter 16 Malware and File PolicyChapter 17 Network Address Translation (NAT)Chapter 18 Traffic Decryption PolicyChapter 19 Virtual Private Network (VPN)Chapter 20 Quality of Service (QoS)Chapter 21 System Logging (Syslog)Part IV ConclusionChapter 22 Final PreparationPart VAppendixesAppendix A Answers to the “Do I Know This Already?” QuestionsAppendix BCCNP Security Cisco Secure Firewall and IntrusionPrevention System Official Cert GuideUpdatesGlossaryIndexOnline ElementsAppendix C Memory TablesAppendix D Memory Tables Answer KeyAppendix E Study PlannerGlossary

Page 18 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 18 preview image

Reader ServicesOther FeaturesIn addition to the features in each of the core chapters, this book hasadditional study resources on the companion website, including thefollowing:Practice exams: The companion website contains an examengine that enables you to review practice exam questions. Usethese to prepare with a sample exam and to pinpoint topicswhere you need more study.Interactive exercises and quizzes: The companion websitecontains interactive hands-on exercises and interactive quizzesso that you can test your knowledge on the spot.Glossary quizzes: The companion website contains interactivequizzes that enable you to test yourself on every glossary termin the book.To access this additional content, simply register your product. Tostart the registration process, go to www.ciscopress.com/register andlog in or create an account*. Enter the product ISBN 9780136589709and click Submit. After the process is complete, you will find anyavailable bonus content under Registered Products.*Be sure to check the box that you would like to hear from us toreceive exclusive discounts on future editions of this product.

Page 19 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 19 preview image

ContentsIntroductionPart IGeneral DeploymentChapter 1Introduction to Cisco Secure Firewall and IPS“Do I Know This Already?” QuizFoundation TopicsEvolution of Next-Generation FirewallCisco Secure Firewall SolutionsProduct Evolution and LifecycleSoftware and Hardware ArchitectureScalability and ResiliencyClusteringMulti-InstanceHigh AvailabilityResiliency in ConnectivitySummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 2Deployment of Secure Firewall Virtual“Do I Know This Already?” QuizFoundation TopicsCisco Secure Firewall on a Virtual Platform

Page 20 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 20 preview image

Hosting Environment SettingsVirtual Resource AllocationSoftware Package SelectionBest PracticesConfigurationVirtual Network for Management TrafficVirtual Network for Data TrafficVirtual Machine Creation for Secure FirewallSystem Initialization and ValidationSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 3Licensing and RegistrationDo I Know This Already?Foundation TopicsCisco Licensing ArchitectureDirect Cloud AccessOn-Premises ServerOffline AccessCisco Secure Firewall LicensesFeature LicenseExport-Controlled LicenseEvaluation LicenseValidation of LicensingDevice RegistrationBest Practices for RegistrationConfigurations on Threat DefenseConfigurations on Management Center

Page 21 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 21 preview image

Management Communication over the InternetValidation of RegistrationSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 4Firewall Deployment in Routed Mode“Do I Know This Already?” QuizFoundation TopicsRouted Mode EssentialsBest Practices for Routed Mode ConfigurationFulfilling PrerequisitesEnabling the Routed Firewall ModeConfiguration of the Routed InterfaceConfiguring Interfaces with Static IP AddressesConfiguring Interfaces with Automatic IP AddressesValidation of Interface ConfigurationSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 5Firewall Deployment in Transparent Mode“ Do I Know This Already? ” QuizFoundation TopicsTransparent Mode EssentialsBest Practices for Transparent Mode ConfigurationFulfilling PrerequisitesEnabling the Transparent Firewall Mode

Page 22 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 22 preview image

Configuring Transparent Mode in a Layer 2 NetworkConfiguring the Physical and Virtual InterfacesVerifying the Interface StatusVerifying Basic Connectivity and OperationsDeploying a Threat Defense Between Layer 3 NetworksSelecting a Default ActionAdding an Access Control Rule for a Routing ProtocolCreating an Access Control Rule for the SSH ProtocolVerifying Access Control ListsIntegrated Routing and Bridging (IRB)SummaryExam Preparation TasksReview All Key TopicsMemory Tables and ListsDefine Key TermsChapter 6IPS-Only Deployment in Inline Mode“Do I Know This Already?” QuizFoundation TopicsInline Mode EssentialsInline Mode Versus Passive ModeInline Mode Versus Transparent ModeBest Practices for Inline ModeInline Mode ConfigurationFulfilling PrerequisitesInterface SetupInline Set ConfigurationVerificationEvent Analysis in IPS-Only ModeSummaryExam Preparation Tasks

Page 23 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 23 preview image

Review All Key TopicsMemory Tables and ListsDefine Key TermsChapter 7Deployment in Detection-Only Mode“ Do I Know This Already? ” QuizFoundation TopicsDetection-Only Mode EssentialsPassive Monitoring TechnologyInterface Modes: Inline, Inline Tap, and PassiveBest Practices for Detection-Only DeploymentInline Tap ModeConfiguration of Inline Tap ModeVerification of Inline Tap ConfigurationPassive Interface ModeConfiguration of Passive Interface ModeConfiguring Passive Interface Mode on a ThreatDefenseConfiguring a SPAN Port on a SwitchVerification of Passive Interface ConfigurationEvent Analysis in Detection-Only ModeSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsPart IIBasic Security OperationsChapter 8Capturing Traffic for Advanced Analysis“Do I Know This Already?” QuizFoundation Topics

Page 24 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 24 preview image

Packet Capture EssentialsBest Practices for Capturing TrafficCapturing of Packets Using Secure FirewallConfigurationVerificationPacket Capture versus Packet TracerSummaryExam Preparation TasksReview All Key TopicsMemory Tables and ListsDefine Key TermsChapter 9Network Discovery Policy“Do I Know This Already?” QuizFoundation TopicsNetwork Discovery EssentialsApplication DetectorsNetwork Discovery OperationsBest Practices for Network DiscoveryFulfilling PrerequisitesConfigurationsReusable ObjectsNetwork Discovery PolicyVerificationAnalyzing Application DiscoveryAnalyzing Host DiscoveryUndiscovered New HostsSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from Memory

Page 25 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 25 preview image

Define Key TermsChapter 10Access Control Policy“Do I Know This Already?” QuizFoundation TopicsAccess Control Policy EssentialsPolicy EditorRule EditorBest Practices for Access Control PolicyAccess Control Policy ConfigurationFulfilling PrerequisitesCreating RulesVerificationSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 11Prefilter Policy“Do I Know This Already?” QuizFoundation TopicsPrefilter Policy EssentialsPrefilter Policy: Rules and ActionsBypassing Deep Packet InspectionBest Practices for a Prefilter PolicyEnabling Bypass Through a Prefilter PolicyFulfilling PrerequisitesConfiguring a Rule in a Prefilter PolicyInvoking a Prefilter Policy into an Access ControlPolicy

Page 26 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 26 preview image

Establishing Trust Through an Access Control PolicyVerificationManaging Encapsulated Traffic InspectionSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 12Security Intelligence“Do I Know This Already?” QuizFoundation TopicsSecurity Intelligence EssentialsBest Practices for Security IntelligenceFulfilling PrerequisitesAutomatic Blocking Using Cisco Intelligence FeedVerifying the Action of Cisco Intelligence FeedOverriding the Cisco Intelligence Feed OutcomeInstant Blocking Using Context MenuAdding an Address to the Block ListDeleting an Address from the Block ListManual Blocking Using Custom ListEnabling Security Intelligence in Monitor-Only ModeThreat Intelligence DirectorEnabling Threat Intelligence DirectorAdding Sources and Importing IndicatorsSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key Terms

Page 27 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 27 preview image

Chapter 13Domain Name System (DNS) Policy“Do I Know This Already?” QuizFoundation TopicsDNS Policy EssentialsDomain Name System (DNS)Blocking of a DNS Query Using a Secure FirewallDNS Rule ActionsActions That Can Interrupt DNS QueriesActions That Allow DNS QueriesSources of IntelligenceBest Practices for Blocking DNS QueriesFulfilling PrerequisitesConfiguring DNS PolicyAdd a New Rule to a DNS PolicyInvoke the DNS PolicyVerificationSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 14URL Filtering“Do I Know This Already?” QuizFoundation TopicsURL Filtering EssentialsCategory and ReputationURL DatabaseFulfilling PrerequisitesBest Practices for URL Filtering ConfigurationEnabling URL Filtering

Page 28 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 28 preview image

Blocking URLs of a Certain CategoryVerifying the Operation of a URL Filtering RuleAllowing a Specific URLAnalyzing the Default Category OverrideHandling Uncategorized URLsInvestigating the Uncategorized URLsSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsPart IIIAdvanced ConfigurationsChapter 15Network Analysis and Intrusion Policies“Do I Know This Already?” QuizFoundation TopicsIntrusion Prevention System EssentialsNetwork Analysis PolicyIntrusion PolicySystem-Provided Variable SetsSystem-Provided Base PoliciesBest Practices for Intrusion Policy DeploymentConfiguring a Network Analysis PolicyConfiguring an Intrusion PolicyCreating a Policy with a Default RulesetIncorporating Intrusion Rule RecommendationsEnabling or Disabling an Intrusion RuleSetting Up a Variable SetPolicy DeploymentVerification

Page 29 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 29 preview image

SummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 16Malware and File Policy“Do I Know This Already?” QuizFoundation TopicsFile Policy EssentialsFile Type DetectionMalware AnalysisBest Practices for File Policy ConfigurationFulfilling PrerequisitesConfiguring a File PolicyCreating a File PolicyDeploying a File PolicyVerificationAnalyzing File EventsAnalyzing Malware EventsThe Management Center Is Unable to Communicatewith the CloudThe Management Center Performs a Cloud LookupThe Threat Defense Blocks MalwareOverriding a Malware DispositionNetwork TrajectorySummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key Terms

Page 30 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 30 preview image

Chapter 17Network Address Translation (NAT)“Do I Know This Already?” QuizFoundation TopicsNAT EssentialsNAT TechniquesNAT Rule TypesBest Practices for NAT DeploymentFulfilling PrerequisitesConfiguring NATMasquerading a Source Address (Source NAT forOutbound Connection)Configuring a Dynamic NAT RuleVerifying the ConfigurationVerifying the Operation: Inside to OutsideVerifying the Operation: Outside to InsideConnecting to a Masqueraded Destination (DestinationNAT for Inbound Connection)Configuring a Static NAT RuleVerifying the Operation: Outside to DMZSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 18Traffic Decryption Policy“Do I Know This Already?” QuizFoundation TopicsTraffic Decryption EssentialsOverview of SSL and TLS ProtocolsDecryption Techniques on Secure Firewall

Page 31 of 31

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 31 preview image

Best Practices for Traffic DecryptionConfiguring a Decryption PolicyPKI ObjectsInternal CAs ObjectInternal Certs ObjectSSL PolicyFile PolicyAccess Control PolicyVerificationSummaryExam Preparation TasksReview All Key TopicsComplete Tables and Lists from MemoryDefine Key TermsChapter 19Virtual Private Network (VPN)“Do I Know This Already?” QuizFoundation TopicsVPN EssentialsSite-to-Site VPNRemote Access VPNIPsec EssentialsMode of OperationSecurity Association and Key ExchangeIKEv1IKEv2AuthenticationSite-to-Site VPN DeploymentPrerequisitesConfigurations

Preview Mode

This document has 1222 pages. Sign in to access the full document!

Report

Learning Tools

Writing Tools

Browse Resources

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022) - Page 1

Study Now!

Document Details

Related Documents

CCNP Enterprise Certification Study Guide (2020)

CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide (2020)

CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide (2024)

CCNP and CCIE Data Center Core DCCOR 350-601 2nd Ed Official Cert Guide (2024)

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

CCNP Enterprise Design ENSLD 300-420 Official Cert Guide (2024)

CCNP and CCIE Enterprise Core and CCNP Advanced Routing Portable Command Guide: All ENCOR (350-401) and ENARSI (300-410) (2020)

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

CCNP Enterprise Design ENSLD 300-420 Official Cert Guide: Designing Cisco Enterprise Networks (2020)

CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide (2023)

Company

Explore

Study Tools