larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

eBook (Watermarked)

  • Sorry, this book is no longer in print.
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2016
  • Dimensions: 6" x 9"
  • Pages: 350
  • Edition: 1st
  • eBook (Watermarked)
  • ISBN-10: 0-13-442381-X
  • ISBN-13: 978-0-13-442381-4

31 Days Before Your CCNA Security Exam

31 Days Before Your CCNA Security Exam offers you an engaging and practical way to understand the certification process, commit to taking the CCNA Security IINS 210-260 certification exam, and finish your preparation using a variety of Primary and Supplemental study resources.

The IINS 210-260 exam tests your knowledge of secure network infrastructure, core security concepts, secure access, VPN encryption, firewalls, intrusion prevention, web/email content security, and endpoint security. It also tests your skills for installing, troubleshooting, and monitoring secure networks to maintain the integrity, confidentiality, and availability of data and devices.

Sign up for the IINS 210-260 exam and use the book’s day-by-day guide and checklist to organize, prepare, and review. Each day in this guide breaks down an exam topic into a manageable bit of information to review using short summaries. A Study Resources section provides you with a quick reference for locating more in-depth treatment of a day’s topics within the Primary and Supplemental resources.

The features of the book empower you to fit exam preparation into a busy schedule:

·         A visual calendar summarizing each day’s study topic

·         A checklist providing advice for preparation activities leading up to the exam

·         A description of the CCNA Security IINS 210-260 exam organization and sign-up process

·         Strategies from the author to be mentally, organizationally, and physically prepared for exam day

·         A conversational tone, which makes your study time more enjoyable

Primary Resources:

CCNA Security 210-260 Official Cert Guide ISBN-13: 978-1-58720-566-8

CCNA Security Course Booklet Version 2 ISBN-13: 978-1-58713-351-0

CCNA Security Lab Manual Version 2 ISBN-13: 978-1-58713-350-3

Supplemental Resources:

CCNA Security 210-260 Complete Video Course ISBN-13: 978-0-13-449931-4

CCNA Security Portable Command Guide, Second Edition ISBN-13: 978-1-58720-575-0

Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition ISBN-13: 978-1-58714-307-6

Category: Certification

Covers: CCNA Security

Sample Pages

Download the sample pages (includes Chapter 29 and Index)

Table of Contents

Introduction xxii

Digital Study Guide xxvi

Day 31: Common Security Principles 1

CCNA Security 210-260 IINS Exam Topics 1

Key Topics 1

Confidentiality, Integrity, and Availability (CIA) 1


Common Network Security Terms 2

Security Zones 2

Study Resources 4

Day 30: Common Security Threats 5

CCNA Security 210-260 IINS Exam Topics 5

Key Topics 5

Network Attacks 5

    Reconnaissance Attacks 5

    Access Attacks 5

    DoS and DDoS Attacks 6

Social Engineering 7

    Types 7

    Defenses 8

Malware 8

Data Loss 9

Study Resources 10

Day 29: Cryptographic Technologies 11

CCNA Security 210-260 IINS Exam Topics 11

Key Topics 11

CIA Triad 11

Key Exchange and Management 11

Hash Algorithms 12

    Well-known Hash Functions 12

    Authentication Using Hashing 13

    Hashing in Cisco Products 14

Symmetric and Asymmetric Encryption 15

    Encryption Overview 15

    Symmetric Encryption Algorithms 15

    Asymmetric Encryption Algorithms 16

Digital Signatures and RSA Certificates 18

Study Resources 19

Day 28: PKI and Network Security Architectures 21

CCNA Security 210-260 IINS Exam Topics 21

Key Topics 21

Public Key Infrastructure 21

    PKI Terminology, Components, and Classes of Certificates 22

    PKI Topologies 23

    PKI Standards 24

    PKI Operations 25

    Enrollment and Revocation 27

Network Architectures and Topologies 28

    Campus-Area Network (CAN) 28

    WAN and Branch/SOHO 29

    Data Center 31

    Cloud and Virtual Networks 31

Study Resources 33

Day 27: Secure Management Systems 35

CCNA Security 210-260 IINS Exam Topics 35

Key Topics 35

In-band and Out-of-band Management 35

Management Plane Security 36

    Access Security 36

    SSH/HTTPS 38

    Syslog 38

Simple Network Management Protocol (SNMP) 39

Network Time Protocol (NTP) 42

Secure Copy Protocol (SCP) 43

Study Resources 44

Day 26: AAA Concepts 45

CCNA Security 210-260 IINS Exam Topics 45

Key Topics 45

AAA 45


    RADIUS 46

    TACACS+ 47

ACS and ISE 48

    ACS 49

    ISE 49

Study Resources 50

Day 25: TACACS+ and RADIUS Implementation 51

CCNA Security 210-260 IINS Exam Topics 51

Key Topics 51

Server-based AAA Authentication 51

Server-based AAA Authorization 53

Server-based AAA Accounting 54

Server-based AAA Verification and Troubleshooting 55

Study Resources 58

Day 24: 802.1X 61

CCNA Security 210-260 IINS Exam Topics 61

Key Topics 61

802.1X 61

    Terminology and Concepts 61

    Configuration and Verification 63

Study Resources 65

Day 23: BYOD 67

CCNA Security 210-260 IINS Exam Topics 67

Key Topics 67

BYOD Architecture 67

BYOD Management 69

Study Resources 72

Day 22: IPsec Technologies 73

CCNA Security 210-260 IINS Exam Topics 73

Key Topics 73

VPNs 73

IPsec Framework 76

    IPsec Protocols 77

        AH 77

        ESP 78

        IPsec Modes of Operations 78

    Confidentiality 79

    Data Integrity 79

    Origin Authentication 80

    Key Management 80

    Suite B Cryptographic Standard 81

IKE 81

    IKEv1 Phase 1 82

    IKEv1 Phase 2 83

    IKEv2 83

Study Resources 84

Day 21: Clientless Remote-Access VPN 85

CCNA Security 210-260 IINS Exam Topics 85

Key Concepts 85

Clientless SSL VPN Concepts 85

Clientless SSL VPN Configuration 87

    Task 1: Launch Clientless SSL VPN Wizard from ASDM 88

    Task 2: Configure the SSL VPN URL and Interface 88

    Task 3: Configure User Authentication 89

    Task 4: Configure User Group Policy 90

    Task 5: Configure Bookmarks 90

Clientless SSL VPN Verification 95

Study Resources 97

Day 20: AnyConnect Remote Access VPN 99

CCNA Security 210-260 IINS Exam Topics 99

Key Topics 99

AnyConnect SSL VPN Concepts 99

    SSL VPN Server Authentication 100

    SSL VPN Client Authentication 100

    SSL VPN Client IP Address Assignment 100

AnyConnect SSL VPN Configuration and Verification 101

    Phase 1: Configure Cisco ASA for Cisco AnyConnect 101

        Task 1: Connection Profile Identification 101

        Task 2: VPN Protocols and Device Certificate 102

        Task 3: Client Image 102

        Task 4: Authentication Methods 103

        Task 5: Client Address Assignment 103

        Task 6: Network Name Resolution Servers 104

        Task 7: Network Address Translation Exemption 104

        Task 8: AnyConnect Client Deployment and Summary 105

    Phase 2: Configure the Cisco AnyConnect VPN Client 106

    Phase 3: Verify AnyConnect Configuration and Connection 108

Study Resources 111

Day 19: Site-to-Site VPN 113

CCNA Security 210-260 IINS Exam Topics 113

Key Topics 113

IPsec Negotiation 113

Cisco IOS CLI-based Site-to-Site IPsec VPN 114

    Configuration 115

        Step 1: ACL Compatibility 115

        Step 2: IKE Phase 1–ISAKMP Policy 115

        Step 3: IKE Phase 2–IPsec Transform Set 117

        Step 4: Crypto ACLs 117

        Step 5: IPsec Crypto Map 118

    Verification 119

Cisco ASA Site-to-Site IPsec VPN 122

    Configuration 123

        Step 1: Launch the ASDM Site-to-Site VPN Wizard 123

        Step 2: Peer Device Identification 123

        Step 3: Traffic to Protect 124

        Step 4: Security 124

        Step 5: NAT Exempt 125

    Verification 125

Study Resources 128

Day 18: VPN Advanced Topics 131

CCNA Security 210-260 IINS Exam Topics 131

Key Topics 131

Hairpinning and Client U-Turn 131

Split Tunneling 132

Always-on VPN 134

NAT Traversal 134

Endpoint Posture Assessment 135

Study Resources 136

Day 17: Secure Device Access 137

CCNA Security 210-260 IINS Exam Topics 137

Key Topics 137

Cisco IOS Authorization with Privilege Levels 137

Authorization with Role-Based CLI 138

Cisco IOS Resilient Configuration 139

Cisco IOS File Authenticity 140

Study Resources 142

Day 16: Secure Routing Protocols 143

CCNA Security 210-260 IINS Exam Topics 143

Key Topics 143

Routing Protocol Authentication 143

OSPF MD5 Authentication 144

    MD5 Authentication with Key Chain 144

    MD5 Authentication Without Key Chain 145

OSPF SHA Authentication 146

Study Resources 148

Day 15: Control Plane Security 149

CCNA Security 210-260 IINS Exam Topics 149

Key Topics 149

Functional Planes of the Network 149

Control Plane Policing 150

Control Plane Protection 151

Study Resources 152

Day 14: Layer 2 Infrastructure Security 153

CCNA Security 210-260 IINS Exam Topics 153

Key Topics 153

Common Layer 2 Attacks 153

    STP Attacks 153

    ARP Spoofing 155

    MAC Spoofing 156

    CAM Table Overflows 157

    CDP/LLDP Reconnaissance 157

    VLAN Hopping 157

    DHCP Spoofing 158

Study Resources 159

Day 13: Layer 2 Protocols Security 161

CCNA Security 210-260 IINS Exam Topics 161

Key Topics 161

DHCP Snooping 161

Dynamic ARP Inspection 163

IP Source Guard 164

Port Security 165

STP Security Mechanisms 167

    PortFast 167

    BPDU Guard 168

    Root Guard 168

    Loop Guard 168

Study Resources 169

Day 12: VLAN Security 171

CCNA Security 210-260 IINS Exam Topics 171

Key Topics 171

Private VLANs 171

PVLAN Edge 174

ACLs on Switches 175

    PACL Configuration 176

    VACL Configuration 177

Native VLAN 178

Study Resources 180

Day 11: Firewall Technologies 181

CCNA Security 210-260 IINS Exam Topics 181

Key Topics 181

Firewall Overview 181

Packet Filtering 183

Proxy and Application Firewalls 185

Stateful Firewalls 187

Next-Generation Firewalls 188

Personal Firewall 189

Study Resources 189

Day 10: Cisco ASA NAT Implementation 191

CCNA Security 210-260 IINS Exam Topics 191

Key Topics 191

NAT Fundamentals 191

NAT on Cisco ASA 193

Static NAT 195

Dynamic NAT 198

Dynamic PAT 201

Policy NAT 203

Study Resources 208

Day 9: Cisco IOS Zone-Based Policy Firewall 209

CCNA Security 210-260 IINS Exam Topics 209

Key Topics 209

ZPF Concepts 209

ZPF Zones and Zone Pairs 210

Introduction to C3PL 211

    Class Maps 212

    Policy Maps 212

    Service Policy 213

Default Policies and Traffic Flows 213

ZPF Configuration and Verification 214

    Configuring Class Maps 214

    Configuring Policy Maps 215

    Configuration and Verification 216

Study Resources 218

Day 8: Cisco ASA Firewall Concepts 219

CCNA Security 210-260 IINS Exam Topics 219

Key Topics 219

Cisco ASA Family 219

ASA Features and Services 221

ASA Deployments 222

ASA High Availability 223

ASA Contexts 225

Study Resources 226

Day 7: ASA Firewall Configuration 227

CCNA Security 210-260 IINS Exam Topics 227

Key Topics 227

ASA Default Configuration 227

ASA Management Access 229

ASA Interfaces 230

ASA Access Rules 232

ASA Objects and Object Groups 234

ASA Modular Policy Framework 240

Study Resources 244

Day 6: IDS/IPS Concepts 245

CCNA Security 210-260 IINS Exam Topics 245

Key Topics 245

IDS vs. IPS 245

Host-based vs. Network-based IPS 247

IPS Deployment Options 248

IPS Placement 249

IPS Terminology 250

Study Resources 251

Day 5: IDS/IPS Technologies 253

CCNA Security 210-260 IINS Exam Topics 253

Key Topics 253

Detection Technologies 253

Signatures 254

Trigger Actions 255

Blacklisting 256

Next-Generation IPS with FirePOWER 256

Study Resources 257

Day 4: Email-based Threat Mitigation 259

CCNA Security 210-260 IINS Exam Topics 259

Key Topics 259

ESA Overview 259

ESA Deployment 260

ESA Features 263

    Filtering Spam 263

    Fighting Viruses and Malware 264

    Email Data Loss Prevention 264

    Advanced Malware Protection 264

ESA Mail Processing 265

    Incoming Mail Processing 265

    Outgoing Mail Processing 266

Study Resources 267

Day 3: Web-based Threat Mitigation 269

CCNA Security 210-260 IINS Exam Topics 269

Key Topics 269

Cisco WSA 269

Cisco CWS 272

Study Resources 274

Day 2: Endpoint Protection 275

CCNA Security 210-260 IINS Exam Topics 275

Key Topics 275

Endpoint Security Overview 275

Personal Firewalls 276

Antivirus 276

Antispyware 277

Antimalware 278

Data Encryption 279

Study Resources 280

Day 1: CCNA Security Skills Review and Practice 281

CCNA Security 210-260 IINS Exam Topics 281

Key Topics 281

CCNA Security Skills Practice 281

    Introduction 281

    Topology Diagram 281

    Addressing Table 282

    ISP Configuration 283

    Implementation 283

        Step 1: Cable the Network As Shown in the Topology 283

        Step 2: Configure Initial Settings for R1_BRANCH 283

        Step 3: Configure Initial Settings for HQ_SW 284

        Step 4: Configure Initial Settings for HQ-ASA 285

        Step 5: Configure Clientless SSL VPN 286

        Step 6: Configure Site-to-Site IPsec VPN 286

        Step 7: Configure a Zone-Based Policy Firewall 288

Answers to CCNA Security Skills Practice 289

    Step 1: Cable the Network As Shown in the Topology 289

    Step 2: Configure Initial Settings for R1_BRANCH 289

    Step 3: Configure Initial Settings for HQ_SW 290

    Step 4: Configure Initial Settings for HQ-ASA 291

    Step 5: Configure Clientless SSL VPN 293

    Step 6: Configure Site-to-Site IPsec VPN 294

    Step 7: Configure a Zone-Based Policy Firewall 295

Exam Day 299

What You Need for the Exam 299

What You Should Receive After Completion 299

Summary 300

Post-Exam Information 301

Receiving Your Certificate 301

U.S. Government Recognition 301

Examining Certification Options 302

If You Failed the Exam 302

Summary 302

9781587205781   TOC   5/24/2016


We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020