Performing One-Step Lockdown With Security Device Manager
To pass the 640-553 Implementing Cisco IOS Network Security (IINS) exam and become CCNA Security certified, you’ll have to master the ins and outs of the Security Device Manager – SDM. (You also must become a CCNA first – that’s a prerequisite for all three additional CCNA certifications.)
SDM is a Cisco GUI that can perform tasks from creating VPNs to carrying out a security audit on your router. In today’s CCNA Security tutorial, we’ll take a look at the process of performing a lockdown on a router.
I have no first-hand knowledge of this, but when a prison goes into lockdown, everyone and everything is locked up so there will be no trouble. When you perform a lockdown on a router, you’ll enabling and disabling certain network services – so there will be no trouble!
Performing a lockdown does not guarantee the router is 100% safe, but it’s going to be more secure than it was before. Later in this tutorial, we’ll talk about how a lockdown can actually cause trouble – so do read this tutorial to learn how to use SDM for a lockdown, but do not rush to work tomorrow to run one!
The first golden rule of SDM: If you need to carry out a task, always start by clicking the Configure button. After doing so, I’ll click on Security Audit.
SDM does give excellent descriptions of the task you’re about to carry out, and the Security Audit section is no exception. We’ll be shown two options on the Security Audit screen, with the first being the Security Audit option itself.
The option below that is to run a one-step lockdown.
So our options at present are to run a security audit, after which we’ll be given the opportunity to implement the audit’s suggestions, and a one-step lockdown, which places our router in lockdown with no input or further permission needed from us.
I’ll choose the one-step lockdown, and here’s the next screen:
As I always say, when a Cisco router or program asks you “Are you sure?”, don’t just click it – think about it!
And when you see a window like this that not only asks you if you’re sure you want to perform this task, but also tells you how to roll the changes back if you don’t like them, you better really consider what you’re about to do!
Having said that, we’ll pick up the next part of this CCNA Security tutorial by saying “Yes” to the above question and then seeing what happens!
To become CCNA Security certified, you’ve got to first be a CCNA. The new CCNA certifications are going to present huge opportunities to those who are ready to take advantage of those opportunities – so if you’re not CCNA certified at present, you need to get started now!
There’s never been a better time to become a CCNA, and with these additional opportunities, there’s never been a more important time to do so!
Five Minutes From Now, You Can Be Studying For CCNA Exam Success Just As Thousands Of Other CCNA Candidates Around The World Have – With Chris Bryant, CCIE #12933 With You Every Step Of The Way – With The Ultimate CCNA Exam Study Package!
Question: 6
Which of these correctly matches the CLI command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. Cisco Common Classification Policy Language configuration commands and the SDM Site-
to-Site VPNn wizard
B. Auto secure exec command and the SDM One-Step Lockdown wizard
C. Setup exec command and the SDM Security Audit wizard
D. Class-maps, policy-maps, and service-policy configuration commands and the SDM IPS
wizard
E. Aaa configuration commands and the SDM Basic Firewall wizard
Answer: B Question: 7
What is the key difference between host-based and network-based intrusion prevention?
A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B. Network-based IPS provides better protection against OS kernel-level attacks against hosts and servers.
C. Network-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers.
D. Host-based IPS can work in promiscuous mode or inline mode.
E. Host-based IPS is more scalable then network-based IPS.
F. Host-based IPS deployment requires less planning than network-based IPS.
Answer: C
Question: 8
Refer to the exhibit.
You are a network manager for your organization. You are looking at your Syslog server reports. Based on the Syslog message shown, which two statements are true? (Choose two.)
A. Service timestamps have been globally enabled.
B. This is a normal system-generated information message and does not require further investigation.
C. This message is unimportant and can be ignored. D. This message is a level 5 notification message.
Answer: A, D
Question: 9
You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic
from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two.)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN E. Place unused active ports in an unused VLAN
Answer: B, D Question: 10
Which three statements about SSL-based VPNs are true? (Choose three.)
A. Asymmetric algorithms are used for authentication and key exchange.
B. SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router. C. Symmetric algorithms are used for bulk encryption.
Free download:pass4sure 640-553
Free download:PassGuide 640-553
password:www.ciscoexams.org
Download Latest Passforsure P4S Rapidshare links
- Free CCNA 640-533 Security Official Exam Certification Guide Download
- Free P4S Cisco VPN and Security Exam 642-541 v2.93 Download
- Free 5 CCNA Certification Exam Dumps Download
- Free CCNA Security Practice Exam Training Questions Download
- Free New CCNA Security, Wireless and Voice Products Available From Cisco Press Download
- Free Lock In Your Future With CCNA Security Download
- Free CCNA Security Prep from Networkers Download
- Free CCNA Security Quick Reference CHAPTER 5 Cisco IOS IPS Download
- Free pass4sure ccna security 640-553 exam Download
- Free PassGuide ccna security 640-553 exam Download
- Free PassGuide ccna security 640-553 Download
- Free CCNA 640-553 IINS Certification Exam Download
- Free CCNA Security Certification Resource Page Download
- Free CCNA Security 640-553 Quick Reference Download
- Free Pass4sure CCNA Security 640-553 Download
[...] http://www.pass4sure.cc/ccna-security-certification-exam-tutorial/ [...]
CCNA Security Boot Camp
CCBOOTCAMP® is pleased to offer the official authorized Cisco CCNA® Security course. Our CCNA Security Boot Camp contains five days of intense training from our Cisco® certified industry experts. This course is designed to assist students in obtaining their CCNA Security certification for an unbelievably low price.
Pre-Requisites
Valid CCNA
Course Summary
This official authorized Cisco course is offered by CCBOOTCAMP, sponsored by a Cisco Learning Solutions Partner®, and is designed specifically to prepare students for the CCNA Security Exam. CCNA Security Certification meets the needs of IT professionals who are responsible for network security. It confirms an individual’s skills for job roles such as Network Security Specialists, Security Administrators, and Network Security Support Engineers. This certification validates skills including installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security structure.
Students completing the recommended Cisco training will gain an introduction to core security technologies as well as how to develop security policies and mitigate risks. IT organizations that employ CCNA Security-holders will have IT staff that can develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.
Course Description Introduction
This course is designed specifically to prepare students to pass the CCNA Security Exam.
CCBOOTCAMP offers its students on-site instructor-led training at any of our locations throughout North America.
Class length is five consecutive days, and runs Monday through Friday, typically from 9:00 AM to 5:00 PM. In addition to classroom time, there will be daily homework assignments to be completed at night. These are very full days, so students should arrive at our facility rested and prepared to work.
CCNA Security class will have a maximum of twelve students.
Each student receives dedicated instructor mentoring to ensure all concepts are completely understood.
We offer the most advanced equipment in the industry. You get your own equipment to work with. No gear sharing!
Access is provided to the classroom racks 24 hours a day.
Free practice questions and one test attempt is included (a $125 value)!
Price for this class is $2495
Financing is available.
Cisco Exams Covered
640-553 Implementing Cisco IOS Network Security (IINS)
Recertification requirements
The CCNA Security is valid for three years. To recertify, Pass any current CCNA concentration exam (wireless, security, voice) OR pass a current 642 professional exam, OR pass the current CCIE written exam or the current CCDE written exam.