Training
Cisco Certified Network Professional Security(CCNP Security)

  • Cisco Router IOS (ISR) and Catalyst Switch security features & Adaptive Security Appliance (ASA)
  • Secure VPN connectivity &Intrusion Prevention Systems (IPS)
  • Security Enterprise and Device Management & Network Admission Control (NAC)
  • Techniques to optimize these technologies in a single, integrated network security solution are also included. In addition, CCSP leverages the new CCNA Security certification as a prerequisite.
  • CISCO CERTIFIED NETWORK PROFESSIONAL SECURITY PREREQUISITE
  • Valid CCNA Security certification, or Valid CCSP certification, or Valid CCNA certification plus SND exam pass
REQUIRED EXAM(S) RECOMMENDED TRAINING
642-637 SECURE v1.0 Secure v1.0 Securing Networks with Cisco Routers and Switches (SECURE v1.0)
642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)
642-647 VPN v1.0 Deploying Cisco ASA VPN Solutions (VPN v1.0)
642-627 IPS v7.0 Implementing Cisco Intrusion Prevention System v7.0 - (IPS v7.0)

  • Pass any current 642-XXX Professional level exam, or
  • Pass any current CCIE Written Exam,
  • OR any CCIE Certification can act as a pre-requisite, or
  • Pass the current CCDE Written Exam OR current CCDE Practical Exam, or
  • Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications

CCNA certifications are valid for three years. To recertify, pass ONE of the following before the certification expiration date:

  • Pass the current ICND2 exam, or
  • Pass the current CCNA exam, or
  • Pass the current CCDA DESGN exam, or
  • Pass any current CCNA Concentration exam (wireless, or security, or voice, or SP Ops), or
  • Pass any current 642-XXX Professional level exam, or
  • Pass any current Cisco Specialist exam (excluding Sales Specialist exams or MeetingPlace Specialist exams or Implementing Cisco TelePresence Installations exams or Cisco Leading Virtual Classroom Instruction exams), or
  • Pass any current CCIE Written Exam, or
  • Pass the current CCDE Written Exam OR current CCDE Practical Exam, or
  • Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications
REQUIRED EXAM(S) RECOMMENDED TRAINING
640-802 CCNA Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0
  Interconnecting Cisco Networking Devices Part II (ICND1) v1.0

The following topics are general guidelines for the content likely to be included on the Cisco Certified Network Associate exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Hardware requirement for CCIE Security Version 4.0

  • Describe the purpose and functions of various network devices
  • Select the components required to meet a network specification
  • Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
  • Describe common networked applications including web applications
  • Describe the purpose and basic operation of the protocols in the OSI and TCP models
  • Describe the impact of applications (Voice Over IP and Video Over IP) on a network
  • Interpret network diagrams
  • Determine the path between two hosts across a network
  • Describe the components required for network and Internet communications
  • Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
  • Differentiate between LAN/WAN operation and features
Configure, verify and troubleshoot a switch with VLANs and interswitch communications
  • Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  • Explain the technology and media access control method for Ethernet networks
  • Explain network segmentation and basic traffic management concepts
  • Explain basic switching concepts and the operation of Cisco switches
  • Perform and verify initial switch configuration tasks including remote access management
  • Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commands
  • Identify, prescribe, and resolve common switched network media issues, configuration issues, auto negotiation, and switch hardware failures
  • Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)
  • Describe how VLANs create logically separate networks and the need for routing between them
  • Configure, verify, and troubleshoot VLANs
  • Configure, verify, and troubleshoot trunking on Cisco switches
  • Configure, verify, and troubleshoot interVLAN routing
  • Configure, verify, and troubleshoot VTP
  • Configure, verify, and troubleshoot RSTP operation
  • Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network.
  • Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)
Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network
  • Describe the purpose and functions of various network devices
  • Select the components required to meet a network specification
  • Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
  • Describe common networked applications including web applications
  • Describe the purpose and basic operation of the protocols in the OSI and TCP models
  • Describe the impact of applications (Voice Over IP and Video Over IP) on a network
  • Interpret network diagrams
  • Determine the path between two hosts across a network
  • Describe the components required for network and Internet communications
  • Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
  • Differentiate between LAN/WAN operation and features
Configure, verify, and troubleshoot basic router operation and routing on Cisco devices
  • Describe basic routing concepts (including: packet forwarding, router lookup process)
  • Describe the operation of Cisco routers (including: router bootup process, POST, router components)
  • Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts
  • Configure, verify, and troubleshoot RIPv2
  • Access and utilize the router to set basic parameters.(including: CLI/SDM)
  • Connect, configure, and verify operation status of a device interface
  • Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
  • Perform and verify routing configuration tasks for a static or default route given specific routing requirements
  • Manage IOS configuration files. (including: save, edit, upgrade, restore)
  • Manage Cisco IOS
  • Compare and contrast methods of routing and routing protocols
  • Configure, verify, and troubleshoot OSPF
  • Configure, verify, and troubleshoot EIGRP
  • Verify network connectivity (including: using ping, traceroute, and telnet or SSH)
  • Troubleshoot routing issues
  • Verify router hardware and software operation using SHOW & DEBUG commands.
  • Implement basic router security
Explain and select the appropriate administrative tasks required for a WLAN
  • Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)
  • Identify and describe the purpose of the components in a small wireless network. (Including: SSID, BSS, ESS)
  • Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point
  • Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2)
  • Identify common issues with implementing wireless networks. (Including: Interface, missconfiguration)
Identify security threats to a network and describe general methods to mitigate those threats
  • Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats
  • Explain general methods to mitigate common security threats to network devices, hosts, and applications
  • Describe the functions of common security appliances and applications
  • Describe security recommended practices including initial steps to secure network devices
Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network
  • Describe the purpose and types of ACLs
  • Configure and apply ACLs based on network filtering requirements.(including: CLI/SDM)
  • Configure and apply an ACLs to limit telnet and SSH access to the router using (including: SDM/CLI)
  • Verify and monitor ACLs in a network environment
  • Troubleshoot ACL issues
  • Explain the basic operation of NAT
  • Configure NAT for given network requirements using (including: CLI/SDM)
  • Troubleshoot NAT issues
Implement and verify WAN links
  • Describe different methods for connecting to a WAN
  • Configure and verify a basic WAN serial connection
  • Configure and verify Frame Relay on Cisco routers
  • Troubleshoot WAN implementation issues
  • Describe VPN technology (including: importance, benefits, role, impact, components)
  • Configure and verify a PPP connection between Cisco routers.

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.
Prerequisites
Valid Cisco CCNA Voice or any Cisco CCIE certification can act as a prerequisite.

REQUIRED EXAM(S) RECOMMENDED TRAINING
642-618 FIREWALL Securing Networks with Cisco Routers and Switches (SECURE)
642-648 VPN Deploying Cisco ASA Firewall Solutions (FIREWALL)
642-627 IPS Deploying Cisco ASA VPN Solutions (VPN)
642-627 IPS v7.0 Implementing Cisco Intrusion Prevention System (IPS )
Train & Study
Valid Cisco CCNA Voice or any Cisco CCIE certification can act as a prerequisite.

The best way to prepare for this certification is to take the Cisco-approved training:
Securing Networks with Cisco Routers and Switches (SECURE)

This five-day course is aimed at providing network security engineers with the knowledge and skills needed to secure Cisco IOS Software router- and switch-based networks, and provide security services based on Cisco IOS Software.

Deploying Cisco ASA Firewall Solutions (FIREWALL)

This five-day instructor-led course is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco ASA security appliances.

Deploying Cisco ASA VPN Solutions (VPN)

This five-day course is amied at choosing, configuring, and troubleshooting the majority of Cisco ASA adaptive security appliance remote access and site-to-site VPN features to reduce risk to IT infrastructure and its applications.

Implementing Cisco Intrusion Prevention System (IPS)

This five-day instructor-led course is aimed at providing network security engineers with the knowledge and skills needed to deploy Cisco IPS-based security solutions.
Self-Study Materials

The following resources are suggested study supplements; they are not designed to serve as a complete self-study program.

  • CCNP Security Syllabus
  • 642-637 SECURE Exam Topics
  • 642-618 FIREWALL Exam Topics
  • 642-648 VPN Exam Topics
  • 642-627 IPS Exam Topics
  • Cisco Learning Network - A variety of self-study materials can be found here.

Community-Generated Content

CCNP Security Study Group

Learning Partner Content

Partners: Log in for Partner Education Connection (PEC) curricula.
Learning Partner Lounges - Find materials provided by Cisco Authorized Learning Partners.

 

 
Find More information at: https://learningnetwork.cisco.com/community/certifications/ccnpsecurity