CCIE Security Zero to Hero Course

Overview

Cisco Certified Internetwork Expert (CCIE) in Security is the highest level of Cisco certification in Security track. CCIE Security certification integrated course consists of CCNA Security, CCNP Security and CCIE Security back to back in which we start from basics and cover in-depth of Security technologies. After completion of CCIE Security course training from us candidate will have to go through CCIE Security written exam. After clearing CCIE Security written exam, he/she can start preparing for CCIE Security Lab exam.

Key Features of CCIE Training:

  • Guaranteed Training on Real Time Devices.
  • CCIE Concepts explained in practical and theoretical context.
  • 24*7 Lab Access.
  • 60+ hours of classroom-style training using an interactive whiteboard and projector session.
  • Course Revision – By enrolling once you can avail classes for same training up to 2 times.
  • Smart classrooms fully equipped with projectors, Wi-Fi connectivity, Digital Pads.
  • Support and Guidance if you are applying for Cisco Global Certification.
  • Late night and early morning batch facility
  • 24*7 Trainers Availability
  • Training delivered by Experienced and Certified Trainers.

Devices to be used during the Training Program:

Virtual Machines:

Security Appliances

  • Cisco Identity Services Engine (ISE): 2.1.0
  • Cisco Secure Access Control System (ACS): 5.8.0.32
  • Cisco Web Security Appliance (WSA): 9.2.0
  • Cisco Email Security Appliance (ESA): 9.7.1
  • Cisco Wireless Controller (WLC): 8.0.133
  • Cisco Firepower Management Center Virtual Appliance: 6.0.1 and/or 6.1
  • Cisco Firepower NGIPSv: 6.0.1
  • Cisco Firepower Threat Defense: 6.0.1

Core Devices

  • IOSv L2: 15.2
  • IOSv L3: 15.5(2)T
  • Cisco CSR 1000V Series Cloud Services Router: 3.16.02.S
  • Cisco Adaptive Security Virtual Appliance (ASAv): 9.6.1

Others

  • Test PC: Microsoft Windows 7
  • Active Directory: Microsoft Windows Server 2008
  • Cisco Application Policy Infrastructure Controller Enterprise Module: 1.2
  • Cisco Unified Communications Manager: 8.6.(1)
  • FireAMP Private Cloud
  • AnyConnect 4.2

Physical Devices

  • Cisco Catalyst Switch
    WS-C3850-24U 03.07.04E
  • Cisco Adaptive Security Appliance
    5512-X: 9.6.1
  • Cisco 2504 Wireless Controller
    2504: 8.0.133.0
  • Cisco Aironet
    1602E: 15.3.3-JC
  • Cisco Unified IP Phone
    7965: 9.2(3)
Training Plan
Weekday Batch: Total Duration Timing: Mode:
Mon - Fri 5 Months 4 Hours / Day Online/Onsite

Group Discount
In a Group of 2 discount will be 10% per head
In a Group of 3 discount will be 15% per head
In a Group of 4 discount will be 20% per head

Trainer's Profile

Lab Facility

CCIE Security Integrated Course Details

Prerequisite:

Before starting this course one should have knowledge of CCNA, CCNP and CCIE Security (written), and dedication to learn Labs for the same.

Topics Covered:

1.0 Perimeter Security and Intrusion Prevention

1.1 Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)

1.2 Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD

1.3 Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD

1.4 Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD

1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing,  traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD

1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and  TCP intercept on Cisco IOS/IOS-XE

1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD

1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting

1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC

1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes

1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC  (Firepower appliance)

1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

2.0 Advanced Threat Protection and Content Security

2.1 Compare and contrast different AMP solutions including public and private cloud deployment models

2.2 Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)

2.3 Detect, analyze, and mitigate malware incidents

2.4 Describe the benefit of threat intelligence provided by AMP Threat GRID

2.5 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN

2.6 Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)

2.7 Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA

2.8 Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA

2.9 Describe, implement, and troubleshoot SMTP encryption on ESA

2.10 Compare and contrast different LDAP query types on ESA

2.11 Describe, implement, and troubleshoot WCCP redirection

2.12 Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent

2.13 Describe, implement, and troubleshoot HTTPS decryption and DLP

2.14 Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA

2.15 Describe the security benefits of leveraging the OpenDNS solution.

2.16 Describe, implement, and troubleshoot SMA for centralized content security management

2.17 Describe the security benefits of leveraging Lancope

3.0 Secure Connectivity and Segmentation

3.1 Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5

3.2 Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA

3.3 Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts

3.4 Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication

3.5 Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD

3.6 Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec

3.7 Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)

3.8 Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments

3.9 Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL,  TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP

3.10 Describe the security benefits of network segmentation and isolation

3.11 Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN

3.12 Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP

3.13 Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE

3.14 Describe the functionality of Cisco VSG used to secure virtual environments

3.15 Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

4.0 Identity Management, Information Exchange, and Access Control

4.1 Describe, implement, and troubleshoot various personas of ISE in a multinode deployment

4.2 Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA

4.3 Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS

4.4 Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.

4.5 Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server

4.6 Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure

4.7 Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA

4.8 Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS

4.9 Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML

4.10 Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA

4.11 Describe, implement, verify, and troubleshoot posture assessment with ISE

4.12 Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor

4.13 Describe, implement, verify, and troubleshoot integration of MDM with ISE

4.14 Describe, implement, verify, and troubleshoot certificate based authentication using ISE

4.15 Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)

4.16 Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST,  EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2

4.17 Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER

4.18 Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

5.0 Infrastructure Security, Virtualization, and Automation

5.1 Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques

5.2 Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.

5.3 Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access

5.4 Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH

5.5 Describe, implement, and troubleshoot IPv4/v6 routing protocols security

5.6 Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL

5.7 Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES

5.8 Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)

5.9 Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER

5.10 Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC,  NTP, and DHCP

5.11 Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3,  RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP

5.12 Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv

5.13 Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts

5.14 Describe the northbound and southbound APIs of SDN controllers such as APIC-EM

5.15 Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC  2827, and PCI-DSS

5.16 Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE

5.17 Validate network security design for adherence to Cisco SAFE recommended practices

5.18 Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python

5.19 Describe Cisco Digital Network Architecture (DNA) principles and components.

6.0 Evolving Technologies v1.1

6.1 Cloud

  • 6.1.a Compare and contrast public, private, hybrid, and multicloud design considerations
    • 6.1.a [i] Infrastructure, platform, and software as a service (XaaS)
    • 6.1.a [ii] Performance, scalability, and high availability
    • 6.1.a [iii] Security implications, compliance, and policy
    • 6.1.a [iv] Workload migration
  • 6.1.b Describe cloud infrastructure and operations
    • 6.1.b [i] Compute virtualization (containers and virtual machines)
    • 6.1.b [ii] Connectivity (virtual switches, SD-WAN and SD-Access)
    • 6.1.b [iii] Virtualization functions (NFVi, VNF, and L4/L6)
    • 6.1.b [iv] Automation and orchestration tools (CloudCenter, DNA-center, and Kubernetes)

6.2 Network programmability (SDN)

  • 6.2.a Describe architectural and operational considerations for a programmable network
    • 6.2.a [i] Data models and structures (YANG, JSON and XML)
    • 6.2.a [i] Device programmability (gRPC, NETCONF and RESTCONF)
    • 6.2.a [ii] Controller based network design (policy driven configuration and northbound/ southbound APIs)
    • 6.2.a [iii] Configuration management tools (agent and agentless) and version control systems (Git and SVN)

6.3 Internet of things (IoT)

  • 6.3.a Describe architectural framework and deployment considerations for IoT
    • 6.3.a [i] IoT technology stack (IoT Network Hierarchy, data acquisition and flow)
    • 6.3.a [ii] IoT standards and protocols (characteristics within IT and OT environment)
    • 6.3.a [iii] IoT security (network segmentation, device profiling, and secure remote)

Candidates need to undertake below exam

Exam Name: Exam Code : Duration: Registration:
CCIE Security Written Exam 400-251 120 minutes (90-110 questions) Pearson VUE

Lab Exam Details

The lab exam is an eight-hour, hands-on exam which requires you to configure and troubleshoot a series of complex networks to given specifications. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE Collaboration lab exam.

Lab Exam can be booked once CCIE Written exam is cleared

Candidates will have Employment Opportunities with following Job Title:

  • Network Engineers
  • Networking Administrators
  • Networking Specialists
  • Network Support Specialists
  • Network Consultants
  • System Integrators
  • System Engineers

Schedule

Upcoming Batches
Weekday Batch :
1 october 2018

Reviews & Comments

Student Reviews

{"number_of_column":"1","number_of_column_desktop":"1","number_of_column_small_desktop":"1","number_of_column_tablet":"1","number_of_column_mobile":"1","auto_play":"true","auto_play_speed":"3000","scroll_speed":"600","pause_on_hover":"true","infinite_loop":"true","navigation":"true","pagination":"false","swipe_on":"true","mouse_draggable":"true","rtl_mode":"false"}

#CCNP_Jan_2019 #Octa_Networks Yesterday we learned the basics of BGP including property, message types, states,role of igp into bgp and Rathod sir explained how messages are involved with states of bgp. I left the class after half session because of office work 😞 and could not attend the remaining last 45 minuets. But one thing is best and will be always best that our Trainer Jagdish Sir is always in positive mode and clear our doubt positively. Thank you Jagdish sir, Arshad Sir and Octa networks for providing such an opportunity to learn the technology. Jagdish Sir is doing his best in all session with same energy..........

My self Krishnendu form Kolkata i have attended CCNA Service provider and CCNP routing and Switching training from Octa Network. My trainer is Mr jagdish Rathod. He teaches us everything in detail. Today we have competed HSRP, VRRP and GLBP theory as well as Practical sessions. I have cleared all my doubts related to HSRP. Thank you Octa Networks, Rathod Jagdish, Arshad Dhunna, and Joaquim Fernandes sir.

I have attended the CCNA Wireless 8am-10am class.I learnt about RRM and AP group RF. Mr.Vibhor Sir explained these concept in very well manner.He keeps the session very interactive and solves all the queries raised by Students.Thanks Octa networks for providing such a talented mentor. Thank You Octa Networks arshad Dhunna and Joaquim Fernandes for providing this Great Opportunity.

Yes its true 🤩 First of all I am giving 100/100 and I strongly recommended Octa Networks to all from this entire world that if want to start your carrier in Networking field (it doesn’t matter you are from technical background on not) Octa Networks will makes you champion in Networking (CCNA, CCNP, CCIE in all tracks). Wish you all the best Octa Networks. Arshad Dhunna. Rathod Jagdish.

Amitesh Arnav, India

Attending CCNA Security class from Manuhar Khan, he is delivering very good security lecture, very polite & answer all the queries. One thing that I must tell you about him, his example are really interesting by relating real environment, That you can't forget easily. Recommending OCTA NETWORKS 👌👌👌👌👌

Shan Vel

Octa network is such great place . To hole world global training Centre . I such a trainer is Jagdish Rathore sir provide training CCNA. / CCNP/ CCIE tramendous.. there his mind set .it's great mentor , trainer , motivations .he is practically Person. Repeated every dout particular topic Clear..

Gaurav Kabre

Currently, I am taking CCNA Data Center training which is lead by Mr. Ronak Vyas. I appreciate his efforts in guiding and explaining the DC concepts. Also, he answers all the questions or doubts raised by the participants after explaining the topic. Mr.Ronak very well explained step by step on concepts like UCS, OTV and VPC in Lab rack setup practically. Thanks Octa Networks


Get In Touch

[dynamichidden dynamichidden-816 class:post-title-fld "shortcode attribute='value'"]

Request a call back