CCNP Security

Enquire Now

 

Overview

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

CCNP Security in divided in 4 different topics:

  • Implementing Cisco Secure Access Solutions (SISAS)
  • Implementing Cisco Edge Network Security Solutions (SENSS)
  • Implementing Cisco Secure Mobility Solutions (SIMOS)
  • Implementing Cisco Threat Control Solutions (SITCS)

Implementing Cisco Secure Access Solutions: It is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco’s Identity Services Engine and 802.1X secure network access. The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed network access security by utilizing Cisco ISE appliance product solution.

Implementing Cisco Edge Network Security Solutions: It is designed to prepare security engineers with the knowledge and hands-on experience to prepare them to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls. The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls, Cisco Routers with the firewall feature set, and Cisco Switches.

Implementing Cisco Secure Mobility Solutions: This course is designed to prepare network security engineers with the knowledge and skills they need to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. Students of this course will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.

Implementing Cisco Threat Control Solutions: This course provides network professional with the knowledge to implement Cisco FirePOWER NGIPS (Next-Generation Intrusion Prevention System) and Cisco AMP (Advanced Malware Protection), as well as Web Security, Email Security and Cloud Web Security. You will gain hands-on experience configuring various advance Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall.

Key Features of CCNP Training:

  • Guaranteed Training on Real Time Devices.
  • CCNA Concepts explained in practical and theoretical context.
  • 24*7 Lab Access.
  • 60+ hours of classroom-style training using an interactive whiteboard and projector session.
  • Course Revision – By enrolling once you can avail classes for same training up to 2 times.
  • Smart classrooms fully equipped with projectors, Wi-Fi connectivity, Digital Pads.
  • Support and Guidance if you are applying for Cisco Global Certification.
  • Late night and early morning batch facility
  • 24*7 Trainers Availability
  • Training delivered by Experienced and Certified Trainers.
  • Mr. Naiman Khan #54008 Mumbai

    CCIE Security

  • Mr. Maqsood #XXXXX Delhi

    CCIE Collaboration

  • Mr. Farhan #XXXXX Bangalore

    CCIE Collaboration, Data Center

  • Mr. Vikas #XXXXX Pune

    CCIE Collaboration

Devices to be used during the Training Program:

  • Routers: Cisco 1841 (Version 15.x), 2610, 2611, 2611xm, 2811
  • Switches: Cisco 2950, 3560 POE, 3750 (Version 12.x)
  • Firewall: Cisco 5510 (Version 8.x & 9.x)
  • Cisco IPS: 4255 (Version 7.x)
  • Cisco WSA: Virtual (Version 8.x & 9.x)
  • Cisco ESA: Virtual (Version 9.x)
  • Cisco ISE: Virtual (Version 1.x & 2.x)
  • Cisco WLC: Virtual (Version 8.x)
  • Cisco AP: 1242

Course Details

Course Prerequisites

Skills and knowledge equivalent to those learned in CCNA R&S.
Working knowledge of the Windows operating system.
Working knowledge of Cisco IOS networking and concepts.
Skills and knowledge equivalent to those learned in CCNA Security.

( Not sure if you meet all the prerequisites? Chat with the Experts Now! )

Topics:

300-208 SISAS

Threat Defense

1.1 Implement firewall (ASA or IOS depending on which supports the implementation)

    

  • 1.1.a Implement ACLs
  • 1.1.b Implement static/dynamic NAT/PAT
  • 1.1.c Implement object groups
  • 1.1.d Describe threat detection features
  • 1.1.e Implement botnet traffic filtering
  • 1.1.f Configure application filtering and protocol inspection
  • 1.1.g Describe ASA security contexts

  

1.2 Implement Layer 2 Security

    

  • 1.2.a Configure DHCP snooping
  • 1.2.b Describe dynamic ARP inspection
  • 1.2.c Describe storm control
  • 1.2.d Configure port security
  • 1.2.e Describe common Layer 2 threats and attacks and mitigation
  • 1.2.f Describe MACSec
  • 1.2.g Configure IP source verification

  

1.3 Configure device hardening per best practices

    

  • 1.3.a Routers
  • 1.3.b Switches
  • 1.3.c Firewalls

2.0 Cisco Security Devices GUIs and Secured CLI Management

2.1 Implement SSHv2, HTTPS, and SNMPv3 access on the network devices

  

2.2 Implement RBAC on the ASA/IOS using CLI and ASDM

  

2.3 Describe Cisco Prime Infrastructure

    

  • 2.3.a Functions and use cases of Cisco Prime
  • 2.3.b Device Management

  

2.4 Describe Cisco Security Manager (CSM)

    

  • 2.4.a Functions and use cases of CSM
  • 2.4.b Device Management

  

2.5 Implement Device Managers

    

  • 2.5.a Implement ASA firewall features using ASDM

3.0 Management Services on Cisco Devices

3.1 Configure NetFlow exporter on Cisco Routers, Switches, and ASA

  

3.2 Implement SNMPv3

    

  • 3.2.a Create views, groups, users, authentication, and encryption

  

3.3 Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices

  

3.4 Implement NTP with authentication on Cisco Routers, Switches, and ASA

  

3.5 Describe CDP, DNS, SCP, SFTP, and DHCP

    

  • 3.5.a Describe security implications of using CDP on routers and switches
  • 3.5.b Need for dnssec

4.0 Troubleshooting, Monitoring and Reporting Tools

4.1 Monitor firewall using analysis of packet tracer, packet capture, and syslog

    

  • 4.1.a Analyze packet tracer on the firewall using CLI/ASDM
  • 4.1.b Configure and analyze packet capture using CLI/ASDM
  • 4.1.c Analyze syslog events generated from ASA

5.0 Threat Defense Architectures

5.1 Design a Firewall Solution

    

  • 5.1.a High-availability
  • 5.1.b Basic concepts of security zoning
  • 5.1.c Transparent & Routed Modes
  • 5.1.d Security Contexts

  

5.2 Layer 2 Security Solutions

    

  • 5.2.a Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
  • 5.2.b Describe best practices for implementation
  • 5.2.c Describe how PVLANs can be used to segregate network traffic at Layer 2

6.0 Security Components and Considerations

6.1 Describe security operations management architectures

    

  • 6.1.a Single device manager vs. multi-device manager

  

6.2 Describe Data Center security components and considerations

    

  • 6.2.a Virtualization and Cloud security

  

6.3 Describe Collaboration security components and considerations

    

  • 6.3.a Basic ASA UC Inspection features

  

6.4 Describe common IPv6 security considerations

    

  • 6.4.a Unified IPv6/IPv4 ACL on the ASA
300-206 SENSS

1.0 Identity Management/Secure Access

1.1 Implement device administration

  

  • 1.1.a Compare and select AAA options
  • 1.1.b TACACS+
  • 1.1.c RADIUS
  • 1.1.d Describe Native AD and LDAP

1.2 Describe identity management

  

  • 1.2.a Describe features and functionality of authentication and authorization
  • 1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
  • 1.2.c Implement accounting

1.3 Implement wired/wireless 802.1X

  

  • 1.3.a Describe RADIUS flows
  • 1.3.b AV pairs
  • 1.3.c EAP types
  • 1.3.d Describe supplicant, authenticator, and server
  • 1.3.e Supplicant options
  • 1.3.f 802.1X phasing (monitor mode, low impact, closed mode)
  • 1.3.g AAA server
  • 1.3.h Network access devices

1.4 Implement MAB

  

  • 1.4.a Describe the MAB process within an 802.1X framework
  • 1.4.b Flexible authentication configuration
  • 1.4.c ISE authentication/authorization policies
  • 1.4.d ISE endpoint identity configuration
  • 1.4.e Verify MAB Operation

1.5 Implement network authorization enforcement

  

  • 1.5.a dACL
  • 1.5.b Dynamic VLAN assignment
  • 1.5.c Describe SGA
  • 1.5.d Named ACL
  • 1.5.e CoA

1.6 Implement Central Web Authentication (CWA)

  

  • 1.6.a Describe the function of CoA to support web authentication
  • 1.6.b Configure authentication policy to facilitate CWA
  • 1.6.c URL redirect policy
  • 1.6.d Redirect ACL
  • 1.6.e Customize web portal
  • 1.6.f Verify central web authentication operation

1.7 Implement profiling

  

  • 1.7.a Enable the profiling services
  • 1.7.b Network probes
  • 1.7.c IOS Device Sensor
  • 1.7.d Feed service
  • 1.7.e Profiling policy rules
  • 1.7.f Utilize profile assignment in authorization policies
  • 1.7.g Verify profiling operation

1.8 Implement guest services

  

  • 1.8.a Managing sponsor accounts
  • 1.8.b Sponsor portals
  • 1.8.c Guest portals
  • 1.8.d Guest Policies
  • 1.8.e Self registration
  • 1.8.f Guest activation
  • 1.8.g Differentiated secure access
  • 1.8.h Verify guest services operation

1.9 Implement posture services

  

  • 1.9.a Describe the function of CoA to support posture services
  • 1.9.b Agent options
  • 1.9.c Client provisioning policy and redirect ACL
  • 1.9.d Posture policy
  • 1.9.e Quarantine/remediation
  • 1.9.f Verify posture service operation

1.10 Implement BYOD access

  

  • 1.10.a Describe elements of a BYOD policy
  • 1.10.b Device registration
  • 1.10.c My devices portal
  • 1.10.d Describe supplicant provisioning

2.0 Threat Defense

2.1 Describe TrustSec Architecture

  

  • 2.1.a SGT Classification – dynamic/static
  • 2.1.b SGT Transport – inline tagging and SXP
  • 2.1.c SGT Enforcement – SGACL and SGFW
  • 2.1.d MACsec

3.0 Troubleshooting, Monitoring and Reporting Tools

3.1 Troubleshoot identity management solutions

  

  • 3.1.a Identify issues using authentication event details in Cisco ISE
  • 3.1.b Troubleshoot using Cisco ISE diagnostic tools
  • 3.1.c Troubleshoot endpoint issues
  • 3.1.d Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
  • 3.1.e Troubleshoot backup operations

4.0 Threat Defense Architectures

4.1 Design highly secure wireless solution with ISE  

  • 4.1.a Identity Management
  • 4.1.b 802.1X
  • 4.1.c MAB
  • 4.1.d Network authorization enforcement
  • 4.1.e CWA
  • 4.1.f Profiling
  • 4.1.g Guest Services
  • 4.1.h Posture Services
  • 4.1.i BYOD Access

5.0 Identity Management Architectures

5.1 Device administration

5.2 Identity Management

5.3 Profiling

5.4 Guest Services

5.5 Posturing Services

5.6 BYOD Access

300-209 SIMOS

1.0 Identity Management/Secure Access

1.1 Implement device administration

  

  • 1.1.a Compare and select AAA options
  • 1.1.b TACACS+
  • 1.1.c RADIUS
  • 1.1.d Describe Native AD and LDAP

1.2 Describe identity management

  

  • 1.2.a Describe features and functionality of authentication and authorization
  • 1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
  • 1.2.c Implement accounting

1.3 Implement wired/wireless 802.1X

  

  • 1.3.a Describe RADIUS flows
  • 1.3.b AV pairs
  • 1.3.c EAP types
  • 1.3.d Describe supplicant, authenticator, and server
  • 1.3.e Supplicant options
  • 1.3.f 802.1X phasing (monitor mode, low impact, closed mode)
  • 1.3.g AAA server
  • 1.3.h Network access devices

1.4 Implement MAB

  

  • 1.4.a Describe the MAB process within an 802.1X framework
  • 1.4.b Flexible authentication configuration
  • 1.4.c ISE authentication/authorization policies
  • 1.4.d ISE endpoint identity configuration
  • 1.4.e Verify MAB Operation

1.5 Implement network authorization enforcement

  

  • 1.5.a dACL
  • 1.5.b Dynamic VLAN assignment
  • 1.5.c Describe SGA
  • 1.5.d Named ACL
  • 1.5.e CoA

1.6 Implement Central Web Authentication (CWA)

  

  • 1.6.a Describe the function of CoA to support web authentication
  • 1.6.b Configure authentication policy to facilitate CWA
  • 1.6.c URL redirect policy
  • 1.6.d Redirect ACL
  • 1.6.e Customize web portal
  • 1.6.f Verify central web authentication operation

1.7 Implement profiling

  

  • 1.7.a Enable the profiling services
  • 1.7.b Network probes
  • 1.7.c IOS Device Sensor
  • 1.7.d Feed service
  • 1.7.e Profiling policy rules
  • 1.7.f Utilize profile assignment in authorization policies
  • 1.7.g Verify profiling operation

1.8 Implement guest services

  

  • 1.8.a Managing sponsor accounts
  • 1.8.b Sponsor portals
  • 1.8.c Guest portals
  • 1.8.d Guest Policies
  • 1.8.e Self registration
  • 1.8.f Guest activation
  • 1.8.g Differentiated secure access
  • 1.8.h Verify guest services operation

1.9 Implement posture services

  

  • 1.9.a Describe the function of CoA to support posture services
  • 1.9.b Agent options
  • 1.9.c Client provisioning policy and redirect ACL
  • 1.9.d Posture policy
  • 1.9.e Quarantine/remediation
  • 1.9.f Verify posture service operation

1.10 Implement BYOD access  

  • 1.10.a Describe elements of a BYOD policy
  • 1.10.b Device registration
  • 1.10.c My devices portal
  • 1.10.d Describe supplicant provisioning

2.0 Threat Defense

2.1 Describe TrustSec Architecture  

  • 2.1.a SGT Classification – dynamic/static
  • 2.1.b SGT Transport – inline tagging and SXP
  • 2.1.c SGT Enforcement – SGACL and SGFW
  • 2.1.d MACsec

3.0 Troubleshooting, Monitoring and Reporting Tools

3.1 Troubleshoot identity management solutions

  

  • 3.1.a Identify issues using authentication event details in Cisco ISE
  • 3.1.b Troubleshoot using Cisco ISE diagnostic tools
  • 3.1.c Troubleshoot endpoint issues
  • 3.1.d Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
  • 3.1.e Troubleshoot backup operations

4.0 Threat Defense Architectures

4.1 Design highly secure wireless solution with ISE  

  • 4.1.a Identity Management
  • 4.1.b 802.1X
  • 4.1.c MAB
  • 4.1.d Network authorization enforcement
  • 4.1.e CWA
  • 4.1.f Profiling
  • 4.1.g Guest Services
  • 4.1.h Posture Services
  • 4.1.i BYOD Access

5.0 Identity Management Architectures

5.1 Device administration

5.2 Identity Management

5.3 Profiling

5.4 Guest Services

5.5 Posturing Services

5.6 BYOD Access

300-210 SITCS

1.0 Content Security

1.1 Cisco Cloud Web Security (CWS)

  • 1.1.a Describe the features and functionality
  • 1.1.b Implement the IOS and ASA connectors
  • 1.1.c Implement the Cisco AnyConnect web security module
  • 1.1.d Implement web usage control
  • 1.1.e Implement AVC
  • 1.1.f Implement antimalware
  • 1.1.g Implement decryption policies

1.2 Cisco Web Security Appliance (WSA)

  • 1.2.a Describe the features and functionality
  • 1.2.b Implement data security
  • 1.2.c Implement WSA identity and authentication, including transparent user identification
  • 1.2.d Implement web usage control
  • 1.2.e Implement AVC
  • 1.2.f Implement antimalware and AMP
  • 1.2.g Implement decryption policies
  • 1.2.h Implement traffic redirection and capture methods (explicit proxy vs. transparent proxy)

1.3 Cisco Email Security Appliance

  • 1.3.a Describe the features and functionality
  • 1.3.b Implement email encryption
  • 1.3.c Implement antispam policies
  • 1.3.d Implement virus outbreak filter
  • 1.3.e Implement DLP policies
  • 1.3.f Implement antimalware and AMP
  • 1.3.g Implement inbound and outbound mail policies and authentication
  • 1.3.h Implement traffic redirection and capture methods
  • 1.3.i Implement ESA GUI for message tracking

2.0 Network Threat Defense

2.1 Cisco Next-Generation Firewall (NGFW) Security Services

  • 2.1.a Implement application awareness
  • 2.1.b Implement access control policies (URL-filtering, reputation based, file filtering)
  • 2.1.c Configure and verify traffic redirection
  • 2.1.d Implement Cisco AMP for Networks

2.2 Cisco Advanced Malware Protection (AMP)

  • 2.2.a Describe cloud detection technologies
  • 2.2.b Compare and contrast AMP architectures (public cloud, private cloud)
  • 2.2.c Configure AMP endpoint deployments
  • 2.2.d Describe analysis tools
  • 2.2.e Describe incident response functionality
  • 2.2.f Describe sandbox analysis
  • 2.2.g Describe AMP integration

3.0 Cisco FirePOWER Next-Generation IPS (NGIPS)

3.1 Configurations

3.2 Describe traffic redirection and capture methods

  • 3.2.a Describe preprocessors and detection engines
  • 3.2.b Implement event actions and suppression thresholds
  • 3.2.c Implement correlation policies
  • 3.2.d Describe SNORT rules
  • 3.2.e Implement SSL decryption policies

3.3 Deployments

  • 3.3.a Deploy inline or passive modes
  • 3.3.b Deploy NGIPS as appliance, virtual appliance, or module within an ASA
  • 3.3.c Describe the need for traffic symmetry
  • 3.3.d Compare inline modes: inline interface pair and inline tap mode

4.0 Security Architectures

4.1 Design a web security solution

  • 4.1.a Compare and contrast Cisco FirePOWER NGFW, WSA, and CWS
  • 4.1.b Compare and contrast physical WSA and virtual WSA
  • 4.1.c Describe the available CWS connectors

4.2 Design an email security solution

  • 4.2.a Compare and contrast physical ESA and virtual ESA
  • 4.2.b Describe hybrid mode

4.3 Design Cisco FirePOWER solutions

  • 4.3.a Configure the virtual routed, switched, and hybrid interfaces
  • 4.3.b Configure the physical routed interfaces

5.0 Troubleshooting, Monitoring, and Reporting Tools

5.1 Design a web security solution

  • 5.1.a Compare and contrast FirePOWER NGFW, WSA, and CWS
  • 5.1.b Compare and contrast physical WSA and virtual WSA
  • 5.1.c Describe the available CWS connectors

5.2 Cisco Web Security Appliance (WSA) 

  • 5.2.a Implement the WSA Policy Trace tool
  • 5.2.b Describe WSA reporting functionality
  • 5.2.c Troubleshoot using CLI tools

5.3 Cisco Email Security Appliance (ESA)

  • 5.3.a Implement the ESA Policy Trace tool
  • 5.3.b Describe ESA reporting functionality
  • 5.3.c Troubleshoot using CLI tools

5.4 Cisco FirePOWER

  • 5.4.a Describe the Cisco FirePOWER Management Center dashboards and reports
  • 5.4.b Implement health policy
  • 5.4.c Configure email, SNMP, and syslog alerts
  • 5.4.d Troubleshoot NGIPS using CLI tools

Exam Details

Exam Name Exam Code Duration Registration
Implementing Cisco Secure Access Solutions (SISAS) 300-208 SISAS 90 minutes (55 - 65 questions) Pearson VUE
Implementing Cisco Edge Network Security Solutions (SENSS) 300-206 SENSS 90 minutes (65-75 questions) Pearson VUE
Implementing Cisco Secure Mobility Solutions (SIMOS) 300-209 SIMOS 90 minutes (65-75 questions) Pearson VUE
Implementing Cisco Threat Control Solutions (SITCS) 300-210 SITCS 90 minutes (65-75 questions) Pearson VUE

Upon completion of the course, students will have the knowledge and skills to:

  • 1

    Understand Cisco Identity Services Engine architecture and access control capabilities.

  • 2

    Understand 802.1X architecture, implementation and operation.

  • 3

    Understand commonly implemented Extensible Authentication Protocols (EAP).

  • 4

    Implement Public-Key Infrastructure with ISE, MAC Authentication Bypass, Identity based authorization policies, Web Authentication and Guest Access, ISE Posture service & ISE Profiling.

  • 5

    Understand the implement Internal and External authentication databases.

  • 6

    Understand Cisco TrustSec features.

  • 7

    Understand Bring Your Own Device (BYOD) with ISE.

  • 8

    Understanding and implementing Cisco modular Network Security Architectures such as SecureX and TrustSec.

  • 9

    Deploy Cisco Infrastructure management and control plane security controls.

  • 10

    Configuring Cisco layer 2 and layer 3 data plane security controls.

  • 11

    Implement and maintain Cisco ASA Network Address Translations (NAT).

  • 12

    Implement and maintain Cisco IOS Software Network Address Translations (NAT).

  • 13

    Designing and deploying Cisco Threat Defense solutions on a Cisco ASA utilizing access policy and application and identity based inspection.

  • 14

    Deploying Cisco IOS Zone-Based Policy Firewalls (ZBFW).

  • 15

    Configure and verify Cisco IOS ZBFW Application Inspection Policy.

  • 16

    Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.

  • 17

    Implement and maintain Cisco site-to-site VPN solutions.

  • 18

    Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.

  • 19

    Implement and maintain Cisco clientless SSL VPNs.

  • 20

    Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.

  • 21

    Implement and maintain endpoint security and dynamic access policies (DAP).

Job Oppurnities

  • Network Engineers
  • Networking Administrators
  • Networking Specialists
  • Network Support Specialists
  • Network Consultants
  • System Integrators
  • System Engineers

Training Plan

Weekday Batch: Mon - Fri
Duration Timing Mode Cost
4 weeks 4 Hours / Day Online/Onsite 60000 INR
Weekend Batch: Sat - Sun
Duration Timing Mode Cost
2 months 6 Hours / Day Online/Onsite 60000 INR

Group Discount

  • In a Group of 2 discount will be 10% per head
  • In a Group of 3 discount will be 15% per head
  • In a Group of 4 discount will be 20% per head

Schedule

Upcoming Batches
Batch Date Location
Weekday 1 Jan 2018 Delhi
29 Jan 2018 Mumbai
24 Feb 2018 Gurgaon
23 Mar 2018 Bangalore
21 Apr 2018 Pune
20 May 2018 Mumbai
Weekend 6 Jan 2018 Delhi
25 Feb 2018 Mumbai
25 Mar 2018 Bangalore
25 Apr 2018 Pune
25 May 2018 Gurgaon
25 Jun 2018 Delhi
  • Demo Videos
  • Online Training Videos
  • Onsite Training Videos

Post a Review

Reviews

Name
Email
Review Title
Rating
Review Content

Get In Touch

captcha