The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v5.0 course. This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA Security Appliance products.
Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Install and configure a Security Appliance for basic network connectivity
Describe the Security Appliance hardware and software architecture
Determine the Security Appliance hardware and software configuration and verify if it is correct
Use setup or the CLI to configure basic network settings, including interface configurations
Use appropriate show commands to verify initial configurations
Configure NAT and global addressing to meet user requirements
Configure DHCP client option
Set default route
Configure logging options
Describe the firewall technology
Explain the information contained in syslog files
Configure static address translations
Configure Network Address Translations: PAT
Verify network address translation operation
Configure a Security Appliance to restrict inbound traffic from untrusted sources
Configure access-lists to filter traffic based on address, time, and protocols
Configure object-groups to optimize access-list processing
Set embryonic and connection limits on the Security Appliance
Configure a Security Appliance to provide secure connectivity using site-to-site VPNs
Explain the basic functionality of IPsec
Configure IKE with preshared keys
Differentiate between the types of encryption
Configure IPsec parameters
Configure crypto-maps and ACLs
Configure a Security Appliance to provide secure connectivity using remote access VPNs
Explain the functions of EasyVPN
Configure IPsec using EasyVPN Server/Client
Configure the Cisco Secure VPN client
Explain the purpose of SSL VPN
Configure WebVPN services: Server/Client
Verify VPN operations
Install and Configure SVCs
Install and Configure Cisco Secure Desktop
Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance
Explain differences between L2 and L3 operating modes
Configure Security Appliance for transparent mode (L2)
Explain purpose of virtual firewalls
Configure Security Appliance to support virtual firewall
Monitor and maintain virtual firewall
Explain the types, purpose and operation of fail-over
Install appropriate topology to support cable-based or LAN-based fail-over
Explain the hardware, software and licensing requirements for high-availability
Configure the Security Appliance for active/standby fail-over
Configure the Security Appliance for stateful fail-over
Configure the Security Appliance for active-active fail-over
Verify fail-over operation
Recover from a fail-over
Allocate resources to virtual firewalls
Configure AAA services for the Security Appliance
Configure ACS for Security Appliance support
Configure Security Appliance to use AAA feature
Configure authentication using both local and external databases
Configure authorization using an external database
Configure the ACS server for downloadable ACLs
Configure accounting of connection start/stop
Verify AAA operation
Configure routing and switching on a Security Appliance
Enable DHCP server and relay functionality
Configure VLANs on a Security Appliance interface
Configure Security Appliance to pass multi-cast traffic
Configure Security Appliance advanced application layer and modular policy features
Configure a class-map
Configure a policy-map
Configure a service-policy
Configure a ftp-map
Configure a http-map
Configure an inspection protocol
Explain the function of protocol inspection
Explain DNS guard feature
Describe the AIP-SSM HW and SW
Load IPS SW in the AIP-SSM
Verify AIP-SSM
Configure an IPS modular policy
Describe the CSC-SSM HW and SW
Configure a typed class map
Configure a typed policy map
Use typed policy maps to specify granular inspection parameters for a policy map
Configure regex class maps
Create regular expressions
Load CSC SW on the SSM
Verify the CSC-SSM
Divert traffic to the CSC-SSM
Initialize the CSC-SSM
Monitor and manage an installed Security Appliance
Obtain and apply OS updates
Backup and restore configurations and software
Explain the Security Appliance file management system
Perform password/lockout recovery procedures
Obtain and upgrade license keys
Configure passwords for various access methods: Telnet, serial, enable, SSH
Configure various access methods: Telnet, SSH, ASDM
Configure command authorization and privilege levels
Configure local username database
Verify access control methods
Enable ASDM functionality
Verify a Security Appliance configuration via ASDM
Verify the licensing available on a Security Appliance
Add, delete, and modify syslog messages
Recommended Training
Securing Networks with PIX and ASA (SNPA) is the recommended training for this exam.
Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.
Additional Resources
A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.
