Exam Profile: CCNP Security FIREWALL 642-618 (Firewall v2.0)
Date: Jun 21, 2012
The Cisco CCNP Security Deploying ASA Firewall Solutions exam (FIREWALL 642-618) is one of five exams required to successfully achieve the CCNP Security certification. As stated by Cisco, “This exam tests a candidate's knowledge and skills needed to implement and maintain Cisco ASA-based perimeter solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA.”
As with many Cisco professional level exams, hands-on experience is essential to ensure success on the Cisco Deploying ASA Firewall Solutions exam. The exam is catered to industry professionals with extensive experience with Cisco ASA design, configuration, and deployment. Moreover, one must possess an integral understanding (including, but not limited to) the following ASA features and solutions: orders of operations, architecture, VPN configurations, access control, filtering, and permissions, high availability, monitoring and logging features, and deployment strategies and solutions.
Exam Details
- Types of Questions: This exam may include the following formats: Multiple-choice (single and multiple answer), drag-and-drop, fill-in-the-blank, testlet, simlet, and simulations.
- Number of Questions: The exam consists of approximately 60-70 questions, and once an answer is submitted you are not permitted to revisit the question.
- Passing Score: The scoring of this exam is based on a scale of 300 to 1000 points with a required passing score of 769.
- Time Limit: 90 minutes
- How to Register: pearsonvue.com
Trouble Spots
The challenges presented by the Cisco Deploying ASA Firewall Solutions exam consist of exam simulations and answer deducing. Regarding exam simulations, the challenge here is time. The activities/objectives can prove time consuming. The keys to success here is hands-on experience with both CLI and ASDM related configuration. This exam does indeed expect test takers to have mastery in both the GUI and the CLI.
Answer deducing should not be new to Cisco exam takers, as it is quite common to experience questions in which you are able to eliminate some answer choices, but not all. The answer choices typically come down to two or three options. The key here is to possess the resolve to deduce the most adequate answer given specific details by reviewing the helpful resources that follow this document, in addition to any training courses.
Detailed challenges include the following:
- Performing the basic ASA configurations in the ASDM and the CLI
- Configuring all routing options on the ASA
- Performing basic and advanced inspections using the ASA
- Configuring advanced network protection capabilities
- Ensuring high availability of Cisco ASA functionality
Preparation Hints
Proper preparation yields success; take the adequate time to prepare yourself. Utilize the resources listed below in addition to any formal or supplemental training offerings or solutions. Once at the exam site, prior to beginning your exam, take the time to write down any notes or details that will help you visually. You can save time by drawing out ASA diagrams or key information you recall that is pertinent, as this is your last chance to do so prior to racing the clock.
A recurring theme in exam preparation is hands-on experience; there is no substitute, and this exam will challenge your experience from theory to practice. A quick tip here is to note that many people can configure equipment such as ASAs, but few actually understand the details of what they are configuring, and the affect it has on the ASA and traffic that it is processing. Take the time to review and understand such details; this is where leveraging the ASA configuration guides and command references (listed in the helpful resource listing below) are of monumental help.
Recommended Study Resources
Helpful resources include the following:
- Cisco ASA 5500 Series Adaptive Security Appliance Configuration Guides
- Cisco ASA 5500 Series Adaptive Security Appliance Command References
- Books, including: CCNP Security FIREWALL 642-618 Official Cert Guide by David Hucaby, Dave Garneau, Anthony Sequeira
- The Cisco Learning Network: This site provides learning resources to aid candidates in their preparation.
Exam Objectives
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.
Cisco ASA Adaptive Security Appliance Basic Configurations
- Identify the ASA product family
- Implement ASA licensing
- Manage the ASA boot process
- Implement ASA interface settings
- Implement ASA management features
- Implement ASA access control features
- Implement Network Address Translation (NAT) on the ASA
- Implement ASDM public server feature
- Implement ASA quality of service (QoS) settings
- Implement ASA transparent firewall
ASA Routing Features
- Configure ASA static routing
- Configure ASA dynamic routing
ASA Inspection Policy
- Implement ASA inspections features
ASA Advanced Network Protections
- Implement ASA Botnet traffic filter
ASA High Availability
- Implement ASA Interface redundancy and load sharing features
- Implement ASA virtualization feature
- Implement ASA Stateful failover
Where to Go from Here
After successful completion of the Cisco Deploying ASA Firewall Solutions exam, focus should be set on completing the remaining CCNP Security exams, (complete listing below), in order to successfully achieve the CCNP Security designation.
CCNP Security Certification Requirements:
- Prerequisites: valid CCNA Security certification, or valid CCSP certification, or valid CCNA certification plus SND exam pass
- Securing Networks with Cisco Routers and Switches (642-637)
- Deploying Cisco ASA Firewall Solutions (642-618)
- Deploying Cisco ASA VPN Solutions (642-648)
- Implementing Cisco Intrusion Prevention Systems (642-627)