Cisco’s Latest CCNP Security Updates
By Anthony Sequeira, Network World | July 7th, 2014
This post describes the new courses and exams that make up the 2014 version of the CCNP Security Certification from Cisco Systems.
Cisco has given us a big makeover for one of their premier Professional Level Certifications – the Cisco Certified Network Professional Security (CCNP Security) Certification. The 2014 updates retire some devices and technologies from coverage, and replace these with some of the latest and greatest in Cisco’s security portfolio. It does seem that in the area of security, Cisco makes the most sweeping changes, retiring products with no warning. The ever-changing network security landscape certainly helps to make this a reality.
As we examine this updated certification, the first thing to consider is the prerequisite requirements.
The most common method of meeting the prerequisites is to simply possess the CCNA Security certification. The simplest path to CCNA Security is to possess the CCENT Certification and then pass 640-554 IINS.
A less common method of meeting the prerequisites is to possess any valid CCIE Certification from Cisco Systems. This is actually how I can move right to this new CCNP Security as I possess the CCIE R&S cert.
What about if you passed the older CCNA Security exams? As usual, Cisco is very fair about this. Candidates who have a valid CCNA Routing and Switching certification and have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid through December 31, 2014.
CCNP Security Requirements
Four new exams are required for this premier Certification:
300-206 SENSS – the Implementing Cisco Edge Network Security (SENSS) (300-206) focuses on Cisco network perimeter edge devices such as Cisco switches, Cisco routers, and Cisco ASA firewalls. The exam is 90 total minutes and consists of 65-75 questions.
The main sections and content you need to be ready for are:
- Threat Defense – 25% of your exam is this area. It covers ASA firewalls, Layer 2 security, and the hardening of Cisco devices like routers and switches.
- Cisco Security Devices GUIs and Secured CLI Management – 25% of your exam is in this area. Topics in this area are SSHv2, HTTPS, SNMPv3, RBAC in ASA and IOS, Cisco Prime, Cisco Security Manager, and the ASA’s ASDM GUI.
- Management Services on Cisco Devices – 12% of your exam is in this area. Topics are the NetFlow exporter, logging best practices, NTP, CDP, DNS, SCP, SFTP, and DHCP.
- Troubleshooting, Monitoring and Reporting Tools – 10% of your exam is in this area. Topics are monitoring firewalls using analysis of packet tracer, packet capture, and syslog data.
- Threat Defense Architectures – 16% of your exam is in this area. Topics are the design of firewall solutions as well as additional Layer 2 security mechanisms.
- Security Components and Considerations – 12% of your exam is in this area. Topics are security operations management architectures, Data Center security components and considerations, collaboration security components and considerations, and common IPv6 security considerations.
300-208 SISAS – the Implementing Cisco Secure Access Solutions (SISAS) (300-208) exam challenges your knowledge of the components and architecture of secure access utilizing 802.1X and Cisco TrustSec. This exam is 90 minutes and consists of 65-75 questions. The main sections you need to be ready for are:
- Identity Management and Secure Access – 33% of your exam is in this area. Topics are TACACS+, RADIUS, Native AD, LDAP, identity management, 802.1X, MAB, network authorization enforcement, Central Web Authentication, profiling, guest services, posture services, and BYOD access.
- Threat Defense – 10% of your exam is in this area. The topic is the TrustSec architecture.
- Troubleshooting, Monitoring and Reporting Tools – 7% of your exam is in this area. The topic is troubleshooting the ISE and AAA solutions.
- Threat Defense Architectures – 17% of your exam is in this area. The topic is designing a highly secure wireless solution with ISE.
- Design Identity Management Architectures – 33% of your exam is in this area. Topics are device administration, identity management, profiling, guest services, posturing services, and BYOD access.
300-209 SIMOS – the Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam challenges you on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. The exam is 90 minutes and consists of 65-75 questions. The topics are:
- Secure Communications – 32% of your exam is in this area. The topics are site-to-site VPNs and remote access VPNs.
- Troubleshooting, Monitoring and Reporting Tools – 38% of your exam is in this area. The topic is the troubleshooting of all of the VPN variants.
- Secure Communications Architectures – 30% of your exam is in this area. The topics are designing site-to-site and remote access VPN solutions, and encryption, hashing, and Next Generation Encryption (NGE).
300-207 SITCS – the Implementing Cisco Threat Control Solutions (SITCS) (300-207) exam seeks to challenge you on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. The exam is 90 minutes and consists of 65-75 questions. Topics include:
- Content Security – 22% of your exam is in this area. The topics are the Cisco ASA 5500-X NGFW Security Services, Cisco Cloud Web Security, Cisco WSA, and Cisco ESA.
- Threat Defense – 23% of your exam is in this area. The topic is the configuration of Cisco IPS.
- Devices GUIs and Secured CLI – 16% of your exam is in this area. The topic is content security.
- Troubleshooting, Monitoring and Reporting Tools – 19% of your exam is in this area. Topics are IME and IP logging for IPS, content security, and Cisco Security IntelliShield.
- Threat Defense Architectures – 8% of your exam is in this area. The topic is the design of an IPS solution.
- Content Security Architectures – 12% of your exam is in this area. Topics are the design of Web, email, and application security solutions.
As you can clearly see, this revamp of the Certification ensures candidates are well armed with the latest Cisco Security technologies and helps to prove their value to medium-to-large enterprise organizations. I hope you are as excited as I am and look for more posts in this critical area of Cisco Certification. Remember, study with passion!