Cisco Certified Internetwork Expert – Security or CCIE Security is the highest level of certification provided by Cisco among all the security certifications offered by them. It recognizes the mastery of a network engineers in providing expert solutions related to network security including their proficiency in implementing, configuring and troubleshooting intricate network security setups.
A CCIE Security certified professional is considered to be skilled in a variety of products and technologies such as Cisco Security Manager, Cisco IPS Device Manager, and Cisco IPS Manager Express, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco Intrusion Prevention System (IPS), Cisco IOS Firewall, Cisco IOS IPS, Cisco Easy VPN, Cisco SSL VPN, Cisco Secure Desktop, Cisco Network Admission Control (NAC) Appliance, Cisco Router & Security Device Manager, Cisco Security Agent, Cisco Secure ACS, Cisco Security Monitoring and Analysis and Response System.
Certification Prerequisites:
For this certification there are no prerequisites as such i.e. any prior certification or training is not mandatory.
CCIE Security Exams
Aspirant must clear 2 exams in order to acquire this coveted certification.
CCIE Security Written Exam
The first exam of these two exams is the written exam. The aspirant has to crack the written exam, which consists of up to 110 multiple choice questions covering the various concepts, models and theories related to Network Security including operation systems, security protocol and technologies and Cisco security application and the time duration for this exam is 2 hours. Also, it is mandatory for the candidate to answer a particular question before moving on to the next question in line and all questions must be answered. Clearing CCIE written exam is a prerequisite in order to sit for the Lab exam.
CCIE Security Lab Exam
Once the candidate clears the written exam, then he/she is considered to be eligible for appearing in the Lab Exam which is a practical and hands-on exam where in the candidate is required to configure and troubleshoot multiple secure network setups in a given time slot which can be up to 8 hours. Further, the results of this exam can be view within 48 hours. Along with the result, the candidates are also provided with exclusive feedback on their results with valuable suggestions for improvement.
- CCIE Security
1. Safe perimeter and avoidance of invasion.
1.1 Cisco ASA and Cisco FTD implementation modes.
1.2 Cisco ASA and Cisco FTD firewall features.
1.3 Cisco IOS / IOS-XE security features.
1.4 Features of the Cisco Firepower Center (FMC).
1.5 Deployment modes for NGIPS.
1.6 Features of the next-generation firewall (NGFW).
1.7 Predict common types of attacks and minimize them.
1.8 The Cisco ASA and Cisco FTD support Clustering / HA.
1.9 Cisco ASA and Cisco FTD traffic control policies and rules.
1.10 Cisco IOS, Cisco ASA and Cisco FTD routing security protocols.
1.11 Cisco ASA and Cisco FTD network connectivity.
1.12 Cisco FMC rules on correlation and remediation.
2. Secure connectivity and division.
2.1 AnyConnect Cisco ASA, Cisco FTD, and Cisco Routers Remote Access VPN technologies.
2.2 VPN authentication Cisco IOS CA.
2.3 L2L Tunnels FlexVPN, DMVPN and IPsec.
2.4 MACsec (802.1AE) uplink and downlink.
2.5 Using high availability of VPN.
2.6 Methods of segmentation of infrastructure.
2.7 Cisco TrustSec micro- segmentation using SGT and SXP.
3. Security of the network.
3.1 Methods of hardening devices and methods of control of plane protection.
3.2 Techniques for managing aircraft protection.
3.3 Techniques for the protection of data planes
3.4 Security methods layer two.
3.5 Technology for wireless security.
3.6 System management.
3.7 Security features in compliance with BCP 38 Organizational Security Policy, Procedures and Requirements.
3.8 Cisco SAFE framework for validating the layout of network security and defining threats to different network sites (PINs).
3.9 Network machine communication using basic Python APIs
4. Identity management, sharing of data and regulation of access.
4.1 Use many nodes and men, ISE scalability.
4.2 Cisco switches and ISE network access AAA Wireless LAN Controllers.
4.3 Administrative control tools from Cisco with ISE.
4.4 AAA for 802.1X and ISE MAB network access.
4.5 Using ISE and Cisco Wireless LAN controllers, guest lifecycle management.
4.6 On-board BYOD and flows of network access.
4.7 Compatibility of ISE with external sources of identity.
4.8 AnyConnect supply with ISE and ASA.
4.9 ISE posture evaluation.
4.10 Endpoint analysis, like system detector, using ISE and Cisco network infrastructure.
4.11 MDM ISE implementation.
4.12 ISE-based certificate authentication.
4.13 Methods for authentication.
4.14 ASA, ISE, WSA and FTD identity mapping.
4.15 Integration of pxGrid between WSA, ISE and Cisco FMC security devices.
4.16 Multi-factor authentication integration of ISE.
4.17 Control of access and single sign-on using security technology from Cisco DUO.
5. Enhanced defense of threats and security of content.
5.1 Network AMP, device AMP and application protection AMP (ESA and WSA) respectively.
5.2 Identify, analyze and mitigate incidents involving malware.
5.3 Use Wireshark, tcpdump, SPAN, ERSPAN and RSPAN to capture and analyze packets.
5.4 Using Cisco Umbrella, DNS layer security, smart proxy and user identification.
5.5 Cisco FTD and WSA Web filtering, user identification and Visibility and Control Application (AVC).
5.6 Cisco system redirection to WCCP.
5.7 Security features for email.
5.8 Cisco FTD, WSA and Umbrella HTTPS decryption and testing.
5.9 SMA for centralized management of content protection.
5.10 Cisco developed and integrated risk solutions: Stealthwatch, FMC, AMP, Cognitive Risk Analytics (CTA), Threat Grid, Encrypted Traffic Analytics (ETA), WSA, SMA, CTR, and Umbrella.
**for detailed Course content, kindly visit IPsolutions at Dadar (West) or simply dial in at +91-22-24382924 / +91-9664446998 / +91-9082182793
or fill the Enquiry form, we will call you and email you all the required details.
Thank You !!!