Home > Store

CCIE Security v4.0 Practice Labs

Register your product to gain access to bonus material or receive a coupon.

CCIE Security v4.0 Practice Labs

eBook

  • Your Price: $155.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Not for Sale

Description

  • Copyright 2014
  • Edition: 1st
  • eBook
  • ISBN-10: 1-58714-414-X
  • ISBN-13: 978-1-58714-414-1

CCIE Security v4.0 Practice Labs

The material covered in CCIE Security v4.0 Practice Labs is designed to help candidates prepare for the CCIE Security exam by providing a complex topology and two practice labs that force problem solving, troubleshooting, and policy design using topics and equipment that are detailed in the official exam documents.

Each solution is explained in detail to help reinforce a concept and topic. Tech Notes present other deployment options or enhancements and provide additional practical implementation tips. Initial and Final configuration files that can be cut and pasted onto lab devices for further testing and verification are also included.

These labs serve as a practice tool for prospective CCIE Security exam candidates and, through the use of a real-world lab topology and in-depth solutions and technical notes, are also a useful reference for any security professional involved with practical customer deployments that use Cisco products and solutions.

Downloads

Downloads

Please download the files associated with CCIE Security v4.0 Practice Labs here.

Sample Content

Online Sample Chapter

CCIE Security v4.0 Practice Lab

Sample Pages

Download the sample pages (includes Chapter 1 and Index)

Table of Contents

Introduction xxiii

Part I Lab Topology Components, Cabling, and Routing and Switching Configuration 1

Equipment List 2

General Guidelines 4

Prelab Setup Instructions 5

    Catalyst Switchport Cabling Diagram 5

    Lab Topology Diagram 7

    Lab Guide Addressing Scheme 8

    Lab Guide IP Routing Details 11

    VPN Solutions Diagrams 15

    Initial Device Configurations 18

Final Configuration Files 18

CCIE Security Exam Study and Preparation Tips 18

    CCIE Security Written Exam 18

Part II Practice Lab 1 19

Section 1 Perimeter Security and Services 19

Exercise 1.1: Initialize the Cisco ASA in Multi-Context Routed Mode 19

    Notes 21

Exercise 1.2: Configure Routing and Basic Access on ASA2 21

    Notes 22

Exercise 1.3: Configure IP Services on ASA1 22

    Task 1: Configure Network Object NAT 23

    Task 2: Configure Twice NAT 23

    Task 3: Configure and Troubleshoot NTP Services Using Authentication 23

    Task 4: Configure Support for IPv6 in IPv4 Tunneling Through ASA1 23

Exercise 1.4: Configure IP Routing Security on ASA2 23

    Task 1: BGP Connectivity Through the ASA2 24

    Task 2: OSPF Authentication for Routing Update Security 24

Section 2 Intrusion Prevention and Content Security 25

Exercise 2.1: Initialize and Deploy the Cisco IPS Sensor Appliance 25

    Task 1: Initialize the Cisco IPS Sensor 25

    Task 2: Deploy the Cisco IPS Sensor in Inline VLAN Pair Mode 26

    Task 3: Deploy the Cisco IPS Sensor in Inline Interface Pair Mode 27

    Task 4: Deploy the Cisco IPS Sensor in Promiscuous Mode 27

Exercise 2.2: Initialize the Cisco WSA 27

Exercise 2.3: Enable Web Content Features on the Cisco WSA 29

    Task 1: Configure WCCPv2 Proxy Support on the WSA (Client) and ASA1 (Server) 29

    Task 2: Configure Proxy Bypass on the WSA 30

    Task 3: Create a Custom URL Access Policy on the WSA 30

Section 3 Secure Access 30

Exercise 3.1: Configure and Troubleshoot IPsec EZVPN 30

Exercise 3.2: Troubleshoot DMVPN Phase 3: DMVPNv3 32

Exercise 3.3: Configure Security Features on the Cisco WLC 33

    Task 1: Initialize the WLC and Establish Control over the Cisco Access Points (AP) 33

    Task 2: Enable IP Services on the WLC to Enhance Security 35

    Task 3: Creating and Assigning Security Policy to WLANs and Users 35

Exercise 3.4: Configure the Cisco IOS Certificate Server 36

Section 4 System Hardening and Availability 37

Exercise 4.1: Configure SPAN on the Cisco Catalyst Switch 37

Exercise 4.2: Troubleshoot Secure Routing Using OSPFv3 in Cisco IOS 38

Exercise 4.3: Configure Control Plane Policing (CoPP) 39

Exercise 4.4: Troubleshoot Management Plane Protection 39

Exercise 4.5: Device Hardening on the Cisco WLC 40

    Task 1: Disable SSID Broadcasting 40

    Task 2: Protect the WLC Against Associating with a Rogue AP 40

    Task 3: Enable Infrastructure Management Frame Protection on the WLC 40

    Task 4: Enable Encryption for CAPWAP Packets 40

    Task 5: Create a Rate Limiting Policy for Guest Users on the Guest WLAN 40

Section 5 Threat Identification and Mitigation 41

Exercise 5.1: Troubleshoot IPv6 in IPv4 Tunnel 41

Exercise 5.2: Mitigating DHCP Attacks on a Cisco Catalyst Switch 41

Exercise 5.3: Identifying Attacks with NetFlow and Mitigating Attacks Using Flexible Packet Matching 42

Exercise 5.4: Application Protocol Protection 43

Section 6: Identity Management 43

Exercise 6.1: Configure Router Command Authorization and Access Control 43

Exercise 6.2: Configure Cut-Through Proxy on ASA2 Using TACACS+ 45

Exercise 6.3: Configure Support for MAB/802.1X for Voice and Data VLANs 45

Exercise 6.3a: Authentication and Authorization Using MAB 45

Exercise 6.3b: Authentication and Authorization Using 802.1X 47

Part II Practice Lab 1 Solutions 51

Section 1 Perimeter Security and Services 51

Solution and Verification for Exercise 1.1: Initialize the Cisco ASA in Multi-Context Routed Mode 51

    Skills Tested 51

    Solution and Verification 52

        Basic Parameters 52

        Admin Context Parameters 53

        Context c1 Parameters 54

        Context c2 Parameters 56

    ASA1 Configuration 57

    Tech Notes 60

Solution and Verification for Exercise 1.2: Configure Routing and Basic Access on ASA2 62

    Skills Tested 62

    Solution and Verification 62

    Configuration 66

    Tech Notes 67

Solution and Verification for Exercise 1.3: Configure IP Services on ASA1 68

    Skills Tested 68

    Solution and Verification 68

        Task 1: Network Object NAT 69

        Task 2: Twice NAT 69

        Task 3: NTP with Authentication 70

        Task 4: Tunneling ipv6ip 71

    Configuration 71

    Tech Notes 72

Solution and Verification for Exercise 1.4: Configure IP Routing Security on ASA2 77

    Skills Tested 77

    Solution and Verification 77

        Task 1: BGP Connectivity Through ASA2 77

        Task 2: OSPF Authentication for Routing Update Security 78

    Configuration 79

    Tech Notes 80

Section 2 Intrusion Prevention and Content Security 80

Solution and Verification for Exercise 2.1: Initialize and Deploy the Cisco IPS Sensor Appliance 80

    Skills Tested 80

    Solution and Verification 81

        Task 1: Initialize the Cisco IPS 81

        Task 2: Deploy the Cisco IPS Sensor in Inline VLAN Pair Mode 82

        Task 3: Deploy the Cisco IPS Sensor in Inline Interface Pair Mode 83

        Task 4: Deploy the Cisco IPS Sensor in Promiscuous Mode 83

    Configuration 84

    Tech Notes 85

Solution and Verification for Exercise 2.2: Initialize the Cisco WSA 86

    Skills Tested 86

    Solution and Verification 86

    Tech Notes 88

Solution and Verification for Exercise 2.3: Enable Web Content Features on the Cisco WSA 89

    Skills Tested 89

    Solution and Verification 89

        Task 1: Configure WCCPv2 Proxy Support on the Cisco WSA (Client) and the Cisco ASA (Server) 90

        Task 2: Configure Proxy Bypass on the Cisco WSA 91

        Task 3: Create a Custom URL Access Policy on the Cisco WSA 92

    Configuration 92

    Tech Notes 92

        WCCP Support Across Cisco Products 92

        Transparent Proxy Versus Explicit Proxy 92

        Connection Assignment and Redirection 93

        Service Groups 94

Section 3 Secure Access 95

Solution and Verification for Exercise 3.1: Configure and Troubleshoot IPsec EZVPN 95

    Skills Tested 95

    Solution and Verification 95

    Configuration 100

    Tech Notes 101

        Initiating the EZVPN Tunnel 101

        Split Tunnel Options 101

        EZVPN Client Modes of Operation in Cisco IOS 102

        Client U-Turn Versus IPsec Hairpinning 102

        External Versus Internal Policy 102

Solution and Verification for Exercise 3.2: Troubleshoot DMVPN Phase 3: DMVPNv3 103

    Skills Tested 103

    Solution and Verification 103

        NHRP Spoke Registration 104

        Spoke-to-Spoke Connection from R4 to R3 108

        Verification 113

    Configuration 121

    Tech Notes 123

        DMVPNv1 123

        DMVPNv2 124

        DMVPNv3 125

Solution and Verification for Exercise 3.3: Configure Security Features on the Cisco WLC 127

    Task 1: Initialize the Cisco WLC and Establish Control over the Cisco Access Points 127

    Task 2: Enable IP Services on the Cisco WLC to Enhance Security 128

    Task 3: Creating and Assigning Security Policy to WLANs and Users 129

    Configuration 132

    Solution and Verification for Exercise 3.4: Configure the Cisco IOS Certificate Server 132

    Skills Tested 132

    Solution and Verification 133

    Configuration 135

    Tech Notes 135

Section 4 System Hardening and Availability 136

Solution and Verification for Exercise 4.1: Configure SPAN on the Cisco Catalyst Switch 136

    Skills Tested 136

    Solution and Verification 136

    Configuration 138

    Tech Notes 138

        SPAN Versus RSPAN 138

        SPAN and RSPAN Terminology and Guidelines 138

        VLAN-Based SPAN 139

Solution and Verification for Exercise 4.2: Troubleshoot Secure Routing

    Using OSPFv3 in Cisco IOS 140

    Skills Tested 140

    Solution and Verification 140

    Configuration 143

    Tech Notes 144

Solution and Verification for Exercise 4.3: Configure Control Plane Policing (CoPP) 145

    Skills Tested 145

    Solution and Verification 145

        Verification 146

    Configuration 150

    Tech Notes 151

        Router Planes 151

        CoPP Versus CPPr 152

Solution and Verification for Exercise 4.4: Troubleshoot Management Plane Protection 153

    Skills Tested 153

    Solution and Verification 153

    Configuration 154

Solution and Verification for Exercise 4.5: Device Hardening on the Cisco WLC 154

    Skills Tested 154

    Solution and Verification 154

        Task 1: Disable SSID Broadcasting 155

        Task 2: Protect the WLC Against Associating with a Rogue AP 155

        Task 3: Enable Infrastructure Management Frame Protection on the Cisco WLC 156

        Task 4: Enable Encryption for CAPWAP Packets 157

        Task 5: Create a Rate Limiting Policy for Guest Users on the Guest WLAN 157

    Configuration 158

    Tech Notes 159

        Summary of Wireless Attacks 159

        Management Frame Protection via 802.11w 160

Section 5 Threat Identification and Mitigation 160

Solution and Verification for Exercise 5.1: Troubleshoot IPv6 in IPv4 Tunnel 161

    Skills Tested 161

    Solution and Verification 161

    Configuration 163

Solution and Verification for Exercise 5.2: Mitigating DHCP Attacks on a Cisco Catalyst Switch 164

    Skills Tested 164

    Solution and Verification 164

    Configuration 166

    Tech Notes 166

    DHCP Implementation Notes 167

        DHCP Option 82 167

        DHCP Snooping and the DHCP Server on Cisco IOS Routers 168

Solution and Verification for Exercise 5.3: Identifying Attacks with NetFlow and Mitigating Attacks Using Flexible Packet Matching 169

    Skills Tested 169

    Solution and Verification 169

    Configuration 171

Solution and Verification for Exercise 5.4: Application Protocol Protection 171

    Skills Tested 171

    Solution and Verification 171

    Configuration 173

Section 6 Identity Management 174

Solution and Verification for Exercise 6.1: Configure Router Command Authorization and Access Control 174

    Skills Tested 174

    Solution and Verification 174

        ACS Solution 177

    Configuration 183

    Tech Notes 184

        Tracing the Command Authorization Process 184

        Understanding AAA and Login on the Router Lines 186

        Test AAA Commands 188

        AAA Accounting 189

Solution and Verification for Exercise 6.2: Configure Cut-Through Proxy on ASA2 Using TACACS+ 189

    Skills Tested 189

    Solution and Verification 189

        CiscoSecure ACS Configuration 190

    Configuration 193

    Tech Notes 193

Solution and Verification for Exercise 6.3: Configure Support for MAB/802.1X for Voice and Data VLANs 193

    Skills Tested 193

        Verification: Part A 195

        Verification: Part B 196

    Configuration 197

    Cisco ISE Configuration 198

    Tech Notes 203

Part III Practice Lab 2 205

Section 1 Perimeter Security 205

Exercise 1.1: Configure a Redundant Interface on ASA2 205

Exercise 1.2: SSH Management Authentication and Local Command Authorization on ASA1 206

Exercise 1.3: Configuring Advanced Network Protection on the ASA 206

    Task 1: Botnet Traffic Filtering on ASA1 206

    Task 2: Threat Detection on ASA2 207

    Task 3: IP Audit on ASA1 207

Exercise 1.4: Configure IPv6 on ASA2 207

Exercise 1.5: Cisco IOS Zone-Based Firewall with Support for Secure Group Tagging 208

Section 2 Intrusion Prevention and Content Security 209

Exercise 2.1: Configuring Custom Signatures on the Cisco IPS Sensor 209

    Custom Signature to Track OSPF TTL 209

    Custom Signature to Identify and Deny Large ICMP Packets 210

    Custom Signature to Identify and Deny an ICMP Flood Attack 210

Exercise 2.2: Enable Support for HTTPS on the Cisco WSA 211

Exercise 2.3: Enable User Authentication for Transparent Proxy Using LDAP 212

Exercise 2.4: Guest User Support on the Cisco WSA 213

Section 3 Secure Access 214

Exercise 3.1: Configure and Troubleshoot IPsec Static VTI with IPv6 214

Exercise 3.2: Troubleshoot and Configure GETVPN 216

Exercise 3.3: SSL Client and Clientless VPNs 218

Exercise 3.4: Configure and Troubleshoot FlexVPN Site-to-Site Using RADIUS Tunnel Attributes 219

Exercise 3.5: Configure and Troubleshoot FlexVPN Remote Access (Client to Server) 221

Section 4 System Hardening and Availability 222

Exercise 4.1: BGP TTL-Security Through the Cisco ASA 222

Exercise 4.2: Configure and Troubleshoot Control Plane Protection 223

Exercise 4.3: Control Plane Protection for IPv6 Cisco IOS 223

Section 5 Threat Identification and Mitigation 223

Exercise 5.1: Preventing IP Address Spoofing on the Cisco ASA 223

Exercise 5.2: Monitor and Protect Against Wireless Intrusion Attacks 224

Exercise 5.3: Identifying and Protecting Against SYN Attacks 224

Exercise 5.4: Using NBAR for Inspection of HTTP Traffic with PAM and Flexible NetFlow 225

Section 6 Identity Management 226

Exercise 6.1: Cisco TrustSec–Dynamically Assigning Secure Group Tagging and SGACLs: 802.1X and MAB 227

    Part A: Configuring SGTs on the Cisco ISE 227

    Part B: Dynamically Assigning SGTs via 802.1X and MAB 227

        Task 1: Cisco Access Point as an 802.1X Supplicant with SGTs 227

        Task 2: Cisco IP Phone Using MAB and SGTs 228

    Part C: Create the SGA Egress Policy 229

Exercise 6.2: Cisco TrustSec–NDAC and MACsec 230

Exercise 6.3: Cisco TrustSec–SGT Exchange Protocol over TCP 231

Part III Practice Lab 2 Solutions 233

Section 1 Perimeter Security 233

Solution and Verification for Exercise 1.1: Configure a Redundant Interface on ASA2 233

    Skills Tested: 233

    Solution and Verification 233

    Configuration 236

Solution and Verification for Exercise 1.2: SSH Management Authentication and Local Command Authorization on ASA1 236

    Skills Tested 236

    Solution and Verification 236

    Configuration 239

    Tech Notes 240

Solution and Verification for Exercise 1.3: Configuring Advanced Network Protection on the ASA 240

    Skills Tested 240

    Solution and Verification 241

        Task 1: Botnet Traffic Filtering on ASA1 241

        Task 2: Threat Detection on ASA2 243

        Task 3: IP Audit 243

    Configuration 244

    Tech Notes 245

Solution and Verification for Exercise 1.4: Configure IPv6 on ASA2 246

    Skills Tested 246

    Solution and Verification 246

    Configuration 248

    Tech Notes 248

        IPv6 Addressing Review 248

        IPv6 Addressing Notation 249

        IPv6 Address Types 249

        IPv6 Address Allocation 251

        IPv6 Addressing Standards 251

Solution and Verification for Exercise 1.5: Cisco IOS Zone-Based Firewall with Support for Secure Group Tagging 252

    Skills Tested 252

    Solution and Verification 252

    Configuration 257

    Tech Notes 259

Section 2 Intrusion Prevention and Content Security 263

Solution and Verification for Exercise 2.1: Configuring Custom Signatures on the Cisco IPS Sensor 263

    Skills Tested 263

    Solution and Verification 263

        Custom Signature to Track OSPF TTL 264

        Custom Signature to Identify and Deny Large ICMP Packets 265

        Custom Signature to Identify and Deny an ICMP Flood Attack 266

    Configuration 268

    Tech Notes 270

        Risk Ratings 270

        Understanding Threat Rating 271

Solution and Verification for Exercise 2.2: Enable Support for HTTPS on the Cisco WSA 272

    Skills Tested 272

    Solution and Verification 272

    Configuration 274

Solution and Verification for Exercise 2.3: Enable User Authentication for Transparent Proxy Using LDAP 274

    Skills Tested 274

    Solution and Verification 274

Solution and Verification for Exercise 2.4: Guest User Support on the Cisco WSA 278

    Skills Tested 278

    Solution and Verification 278

    WSA Configuration 279

Section 3 Secure Access 280

Solution and Verification for Exercise 3.1: Configure and Troubleshoot IPsec Static VTI with IPv6 280

    Skills Tested 280

    Solution and Verification 280

    Configuration 286

    Tech Notes 289

        Tip and Tricks 289

        Static VTIs for IPv6 Using Preshared Keys 289

Solution and Verification for Exercise 3.2: Troubleshoot and Configure GETVPN 290

    Skills Tested 290

    Solution and Verification 290

        Verify Network Connectivity 292

        Configure and Verify the COOP Key Servers 293

        Configure and Verify the Group Members 298

        Configure and Verify DPD and Authorization 302

    Configuration 303

    Tech Notes 308

        Key Server Design Considerations for IKE 308

        Key Server Design Considerations for IPsec 309

        Key Server Design Considerations for Traffic Encryption Key Lifetime 309

        Key Server Design Considerations for ACLs in a Traffic Encryption Policy 310

        Key Server Design Considerations for Key Encryption Key Lifetime 311

        Rekey Retransmit Interval 311

        Time-Based Antireplay 311

        Key Server Design Considerations for Authentication Policies for GM Registration 312

        Implementing Rekeying Mechanisms 312

        Unicast Rekeying 313

        Implementing Multicast Rekeying with No ASA Considerations 313

        Implementing Multicast Rekeying Through the ASA in Routed Mode 314

Solution and Verification for Exercise 3.3: SSL Client and Clientless VPNs 315

    Skills Tested 315

    Solution and Verification 315

    Configuration 321

    Tech Notes 323

        Importing Third-Party Trusted CA Certificates 323

        Default Group Policy and Attribute Inheritance 328

Solution and Verification for Exercise 3.4: Configure and Troubleshoot FlexVPN Site-to-Site Using RADIUS Tunnel Attributes 328

    Skills Tested 328

    Solution and Verification 328

    Configuration 332

    Tech Notes 334

        IKEv2 Smart Defaults 334

        IKEv2 Anti-Clogging Cookie 334

        RADIUS Tunnel Attributes and IKEv2 335

Solution and Verification for Exercise 3.5: Configure and Troubleshoot FlexVPN Remote Access (Client to Server) 337

    Skills Tested 337

    Solution and Verification 337

    Configuration 341

    Tech Notes 343

        Debugging FlexVPN 343

        Understanding IKEv2 Routing Options 348

Section 4 System Hardening and Availability 349

Solution and Verification for Exercise 4.1: BGP TTL-Security through the Cisco ASA 349

    Skills Tested 349

    Solution and Verification 349

    Configuration 351

    Tech Notes 351

Solution and Verification for Exercise 4.2: Configure and Troubleshoot Control Plane Protection 352

    Skills Tested 352

    Solution and Verification 352

    Configuration 354

    Tech Notes 354

Solution and Verification for Exercise 4.3: Control Plane Protection for IPv6 Cisco IOS 354

    Skills Tested 354

    Solution and Verification 355

    Configuration 356

Section 5 Threat Identification and Mitigation 357

Solution and Verification for Exercise 5.1: Preventing IP Address Spoofing on the Cisco ASA 357

    Skills Tested 357

    Solution and Verification 357

    Configuration 358

    Tech Notes 359

        Understanding Unicast Reverse Path Forwarding in Cisco IOS: Technology Overview 359

        Understanding Unicast Reverse Path Forwarding: Deployment Guidelines 359

        Understanding Unicast Reverse Path Forwarding: Other Guidelines 360

Solution and Verification for Exercise 5.2: Monitor and Protect Against Wireless Intrusion Attacks 361

    Skills Tested 361

    Solution and Verification 361

    Configuration 362

Solution and Verification for Exercise 5.3: Identifying and Protecting Against SYN Attacks 362

    Skills Tested 362

    Solution and Verification 362

    Configuration 363

    Tech Notes 364

        Configuring Maximum Connections 364

        TCP Intercept and Limiting Embryonic Connections 364

Solution and Verification for Exercise 5.4: Using NBAR for Inspection of HTTP Traffic with PAM and Flexible NetFlow 365

    Skills Tested 365

    Solution and Verification 365

    Configuration 369

    Tech Notes 370

        Configuring a NetfFlow Exporter 370

        Comparing NetFlow Types 370

        Migrating from Traditional Netflow to Flexible Netflow 371

Section 6 Identity Management 372

Solution and Verification for Exercise 6.1: Cisco TrustSec–Dynamically Assigning Secure Group Tagging and SGACLs: 802.1X and MAB 372

    Skills Tested 372

    Solution and Verification 372

        Part A: Configuring SGTs on the Cisco ISE 373

        Part B: Dynamically Assigning SGT’s via 802.1X and MAB 374

        Part C: Create the SGA Egress Policy 376

    Configuration 377

    Tech Notes 378

        IP Device Tracking 378

Solution and Verification for Exercise 6.2: Cisco TrustSec–NDAC and MACsec 378

    Skills Tested 378

    Solution and Verification 378

    Configuration 389

    Tech Notes 390

        Protected Access Credential 390

        MACsec Overview 391

Solution and Verification for Exercise 6.3: Cisco TrustSec–SGT Exchange Protocol over TCP 393

    Skills Tested 393

    Solution and Verification 393

    Configuration 398

    Tech Notes 399

        SXP on the Cisco WLC 399

        Summary of Secure Group Access Features 400

Part IV Appendixes

Appendix A Manual Configuration Guide 401

Cisco Catalyst Switches: SW1, SW2 401

Cisco Routers R1, R2, R3, R4, R5, R6, R7 402

Cisco Router R6: Also Used as the CME Server 403

Cisco ASA Appliances ASA1, ASA2 403

Cisco WLC 405

Cisco IPS Sensor 406

Cisco WSA 407

Appendix B Preparing for the CCIE Exam 411

CCIE Certification Process 411

CCIE Security Written Exam 411

CCIE Security Lab Exam 412

Planning Resources 413

Assessing Strengths and Weaknesses 414

Training, Practice Labs, and Boot Camps 414

Books and Online Materials 414

Lab Preparation 415

Lab Exam Tips 415

A Word on Cheating... 416

Appendix C Sample Written Exam Questions and Answers 417

9781587144141   TOC   4/22/2014

Updates

Submit Errata

More Information

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020