CCNP Security (Cisco Certified Network Professional Security)

CCNP Security (New Version)

Exam Number

Exam Name

1. 300-208 SISAS

Implementing Cisco Secure Access Solutions (SISAS)

2. 300-206 SENSS

Implementing Cisco Edge Network Security Solutions (SENSS)

3. 300-209 SIMOS

Implementing Cisco Secure Mobility Solutions (SIMOS)

4. 300-207 SITCS

Implementing Cisco Threat Control Solutions (SITCS)

 1. 300-208 Implementing Cisco Secure Access Solutions (SISAS)

Exam Description: The Implementing Cisco Secure Access Solutions (SISAS) (300-208) exam tests whether a network security engineer knows the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec. This 90-minute exam consists of 65–75 questions. It tests on Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

 

1.0 Identity Management/Secure Access 

1.1 Implement device administration

1.1.a Compare and select AAA options

1.1.b TACACS+

1.1.c RADIUS

1.1.d Describe Native AD and LDAP

1.2 Describe identity management

1.2.a Describe features and functionality of authentication and authorization

1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)

1.2.c Implement accounting

1.3 Implement wired/wireless 802.1x

1.3.a Describe RADIUS flows

1.3.b AV pairs

1.3.c EAP types

1.3.d Describe supplicant, authenticator, server

1.3.e Supplicant options

1.3.f 802.1X phasing (monitor mode, low impact, closed mode)

1.3.g AAA server

1.3.h Network access devices

1.4 Implement MAB

1.5 Implement network authorization enforcement

1.5.a dACL

1.5.b Dynamic VLAN assignment

1.5.c Describe SGA

1.5.d Named ACL

1.5.e CoA

1.6 Implement central web authorization

1.7 Implement profiling

1.8 Implement guest services

1.9 Implement posturing

1.10 Implement BYOD access

1.10.a Describe elements of a BYOD policy

1.10.b Device registration

1.10.c My devices portal

1.10.d Describe supplicant provisioning

 

2.0 Threat Defense

2.1 Implement firewall

2.1.a Describe SGA ACLs

 

3.0 Troubleshooting, Monitoring, and Reporting Tools

3.1 Troubleshoot identity management solutions

 

4.0 Threat Defense Architectures

4.1 Design highly secure wireless solution

 

5.0 Identity Management Architectures

5.1 Design AAA security solution

5.2 Design profiling security solution

5.3 Design posturing security solution

5.4 Design BYOD security solution

5.5 Design device administration security solution

5.6 Design guest services security solution

 

2. 300-206 Implementing Cisco Edge Network Security Solutions (SENSS)

Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall. This 90-minute exam consists of 65-75 questions and focuses on the technologies used to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Cisco Edge Network Security (SENSS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

 

1.0 Threat Defense

1.1 Implement firewall

1.1.a Implement ACLs

1.1.b Implement static/dynamic NAT/PAT

1.1.c Implement object groups

1.1.d Describe threat detection features

1.1.3 Implement botnet traffic filtering

1.2 Implement Layer 2 security

1.2.a Configure DHCP snooping

1.2.b Describe dynamic ARP inspection

1.2.c Describe storm control

1.2.d Configure port security

1.2.e Describe common Layer 2 threats and attacks and mitigation

1.2.f Describe MACSec

1.3 Configure device hardening per best practices

1.3.a Routers

1.3.b Switches

  1.3.c Firewalls

1.4 Implement firewall

1.4.a Configure application filtering and protocol inspection

1.4.b Describe virtualized firewalls    

 

2.0 Cisco Security Devices GUIs and Secured CLI Management

2.1 Implement SSHv2, SSL, SNMPv3 access on the network devices

2.2 Implement RBAC on the ASA/IOS CLI and on ASDM

2.3 Describe Cisco Prime Infrastructure

2.4 Describe CSM

2.5 Implement device managers

 

3.0 Management Services on Cisco Devices

3.1 Implement NetFlow exporter

3.2 Implement SNMPv3

3.3 Implement logging

3.4 Implement NTP with authentication

3.5 Describe CDP, DNS, SCP, SFTP, and DHCP

 

4.0 Troubleshooting, Monitoring and Reporting Tools

4.1 Monitor firewall using analysis of packet tracer, packet capture, and syslog

 

5.0 Threat Defense Architectures

5.1 Design a firewall solution

5.2 Design Layer 2 security solution

 

6.0 Security Components and Considerations

6.1 Describe security operations management architecture

6.2 Describe Data Center security components and considerations

6.3 Describe Collaboration security components and considerations

6.4 Describe common IPv6 security considerations

  

3. 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS)

Exam Description: The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN). Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.

The following topics are general guidelines for the content likely to be included on the exam.

 

1.0 Secure Communications

1.1 Implement site-to-site VPNs on routers and firewalls

1.1.a Describe GETVPN

1.1.b Implement IPsec (with IKEv1 and IKEv2)

1.1.c Implement DMVPN (hub-Spoke and spoke-spoke)

1.2 Implement remote access VPNs on routers and firewalls

1.2.a Implement AnyConnect IKEv2 VPNs

1.2.b Implement SSLVPN: client and clientless

1.3 Implement site-to-site VPNs on routers and firewalls

1.3.a Implement FlexVPN

1.4 Implement remote access VPNs on routers and firewalls

1.4.a Implement SSLVPN: client and clientless

1.4.b Implement FLEX VPN

 

2.0 Troubleshooting, Monitoring, and Reporting Tools

2.1 Analyze syslog and VPN debug logs using ASDM

 

3.0 Secure Communications Architectures

3.1 Design site-to-site VPN solution

3.2 Design remote access VPN solution

3.3 Describe encryption, hashing, NGE

 

4. 300-207 Implementing Cisco Threat Control Solutions (SITCS)

Exam Description: The Implementing Cisco Threat Control Solutions (SITCS) (300-207) exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. This 90-minute exam consists of 65–75 questions and covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions. Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

 

1.0 Content Security

1.1 Implement Cisco CX

1.1.a Describe features and functionality

1.1.b Implement web usage control

1.1.c Implement AVC

1.1.d Implement decryption policies

1.1.e Describe traffic redirection and capture methods

1.2 Implement Cisco Cloud Web Security

1.2.a Describe features and functionality

1.2.b Implement IOS and ASA connectors

1.2.c Implement AnyConnect web security module

1.2.d Describe web usage control

1.2.e Describe AVC

1.2.f Describe anti-malware

1.2.g Describe decryption policies

1.3 Implement Cisco WSA

1.3.a Implement data security

1.3.b Describe traffic redirection and capture methods

1.4 Implement Cisco ESA

1.4.a Describe features and functionality

1.4.b Implement email encryption

1.4.c Implement anti-spam policies

1.4.d Implement virus outbreak filter

1.4.e Implement DLP policies

1.4.f Implement anti-malware                

1.4.g Implement inbound and outbound mail policies and authentication

1.4.h Describe traffic redirection and capture methods

 

2.0 Threat Defense

2.1 Implement network IPS

2.1.a Describe traffic redirection and capture methods

2.1.b Configure network IPS

2.1.c Describe signatures

2.1.d Implement event actions

2.1.e Configure event action overrides

2.1.f Implement risk ratings

2.1.g Describe router-based IPS

2.2 Configure device hardening per best practices

2.2.a IPS

2.2.b Content Security appliances

2.3 Implement Network IPS

2.3.a Describe signatures

2.3.b Configure blocking

2.3.c Implement anomaly detection

 

3.0 Devices GUIs and Secured CLI

3.1 Implement Content Security

 

4.0 Troubleshooting, Monitoring, and Reporting Tools

4.1 Configure IME and IP logging for IPS

4.2 Monitor Content Security

4.3 Monitor Cisco Security IntelliShield

 

5.0 Threat Defense Architectures

5.1 Design IPS solution

 

6.0 Content Security Architectures

6.1 Design Web Security solution

6.2 Design Email Security solution

6.3 Design Application Security solution

 

We assure your best learning. If you have any quire please feel free to call # +88 01711-452688

Enquire Now