A worthwhile study guide

People studying for Cisco certification exams have always been able to get solid study guides directly from Cisco Press. Like its brethren, the third edition of the CCSP SNPA will give the student a well-mapped path for preparing for the certification exam.

The book, like the exam, covers the configuration and functionality of PIX 500 series firewalls and the ASA 5500 series Adaptive Security Appliances. It begins with chapters in network security and firewall technologies in general, then describes Cisco's technologies in particular. Subsequent chapters deal with controlling access; failover; VPNs; authentication, authorization, and accounting (AAA); and intrusion protection functions together with rarer protocols. The book teaches concepts and CLI commands first and only gets to the use of the GUI, the Adaptive Security Device Manager (ADSM), later. It ends with a case study that brings everything together.

Each chapter begins with a set of multiple choice questions to enable readers to determine whether they know the material well enough to skip the chapter. Each chapter ends end with a summary section and another set of questions to reinforce what the student has just learned. These require short answers rather than simply choosing or guessing the right one. Students who can provide the answer to these without looking them up can be confident that they have mastered the material.

The book is not perfect. The vocabulary used for the overview of network security will be strange to many: how many people refer to vertical and horizontal scans, for instance? That may be less a problem with this book than with Cisco, but the difficulty created is needless.

One chapter, on VPNs, has a scenario, complete with fill-in-the-blank configurations, that may be as close to hands-on as a reader can get without opening a command prompt. Similar exercises to accompany other chapters would have been useful.

Some concepts could use fuller explanations. RIP and OSPF and the differences between link status and distance vector routing protocols in an early chapter, and then voice over IP protocols later are only touched on. As this is not a book on routing or VOIP, the editors may have considered it wasteful to spend more ink on these topics, but at least a reference or two to go to for fuller explanations would be welcome to many readers.

As with most Cisco books, the prose style is serviceable and generally clear. It gets the job done. Unfortunately, the text is marred by sporadic explosions of typos, which occur just frequently enough to be slightly jarring.

The CD-ROM contains an electronic copy of the book, copies of chapters of other Cisco Press books, a printable version of the appendix with the questions that appear in the text with their answers, and a test engine with 281 questions. The last is from BOSON, long the standard for CISCO practice tests. The questions include those from the text and 98 more. With the questions divided among 19 categories, this is a minimal amount that many will find inadequate, but more questions can be purchased through a link found on the CD.

Full disclosure compels me to note that I received my copy of this book as part of the Cisco Press Reader Review Program.

Other Reviews

• Horrible, avoid this book
• Worst Cisco Press Book Ever
• A worthwhile study guide
• Good book with tons of errors
• Title.