SENSS 1.0: Deploying Advanced Cisco ASA Access Policies

Anyone wishing to obtain the Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful. Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.


Expected Duration
111 minutes

Advanced Cisco Adaptive Security Appliance access policies allow security administrators to apply different policies to different types of traffic. For example, traffic coming from the Internet could be analyzed for any sign of malicious software. On the other hand, voice over IP traffic could be prioritized on all Cisco ASA interfaces to prevent delays and packet losses. The Cisco modular policy framework is a configuration tools which enables security administrators to assign different network policies to different traffic flows in flexible and granular manner. The MPF enhances ASA interface access control lists by allowing the administrator to specify a multitude of advanced access controls on network flows independently of interface ACLs. This course first provides an overview of advanced access controls and policies. Then the course describes the Cisco MPF, which is used to implement advanced policies. Then the course discusses how to tune OSI layer 3-4 stateful inspection and inspection of dynamic protocols. The course concludes with application inspection of HTTP and FTP protocols.


Advanced Cisco ASA Access Policies

  • start the course
  • identify examples of advanced policies
  • describe the deployment of the Cisco MPF on the Cisco ASA security appliance
  • describe how OSI layer 3–4 policies interact with traffic criteria
  • identify the policy actions that can be applied to traffic
  • describe the default inspection policy and its tuning options on the Cisco ASA
  • recognize how to tune inspection on the Cisco ASA for OSI layers 3 and 4
  • describe the commands used to tune and verify OSI layer 3–4 stateful tracking
  • describe how dynamic protocols are supported on the ASA
  • recognize how to configure support for dynamic protocols using the Cisco MPF on the Cisco ASA
  • verify Cisco ASA support for dynamic protocols using the CLI
  • identify the functions of application inspections and controls
  • identify the differences between class maps and policy maps
  • identify the function of regular expressions
  • describe how HTTP Inspector can provide protection of both HTTP clients and servers
  • create an HTTP inspection policy map
  • configure HTTP payload minimization
  • apply a HTTP inspection policy map
  • identify the commands used to configure HTTP inspection on the Cisco ASA device
  • verify HTTP inspection
  • describe characteristics of the Cisco ASA FTP inspector
  • identify how the Cisco ASA supports application layer inspection for application layer protocols

Practice: Advanced Cisco ASA Access Policies

  • configure advanced ASA access policies in a given scenario





Multi-license discounts available for Annual and Monthly subscriptions.