0% found this document useful (0 votes)

248 views5 pages

CCIE Security v6.1 Blueprint

The Cisco CCIE Security Network Security Lab Exam is an eight-hour hands-on exam testing skills across five domains: perimeter security and intrusion prevention (20%), secure connectivity and segmentation (20%), security infrastructure (15%), identity management and access control (25%), and advanced threat protection (20%). Candidates are expected to plan, design, deploy, operate, and optimize dual stack solutions for complex enterprise networks during the exam.

Uploaded by

Zein

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

248 views5 pages

CCIE Security v6.1 Blueprint

Uploaded by

Zein

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 5

CCIE Security v6.

Exam Description: The Cisco CCIE Security Network Security Lab Exam is an eight-hour, hands-on lab
exam that requires a candidate to plan, design, deploy, operate, and optimize dual stack solutions (IPv4
and IPv6) for complex enterprise networks.

Candidates are expected to program and automate the network within their exam, as per exam topics
below.

The following topics are general guidelines for the content likely to be included on the exam. Your
knowledge, skills, and abilities on these topics will be tested throughout the entire network lifecycle,
unless explicitly specified otherwise within this document.

20% 1.0 Perimeter Security and Intrusion Prevention

1.1 Deployment modes on Cisco ASA and Cisco FTD
1.1.a Routed
1.1.b Transparent
1.1.c Single
1.1.d Multi-context
1.1.e Multi-instance

1.2 Firewall features on Cisco ASA and FTD

1.2.a NAT
1.2.b Application inspection
1.2.c Traffic zones
1.2.d Policy-based routing
1.2.e Traffic redirection to service modules
1.2.f Identity firewall

1.3 Security features on Cisco IOS/IOS XE

1.3.a Application awareness
1.3.b Zone-based firewall
1.3.c NAT

1.4 Cisco FMC features

1.4.a Alerting
1.4.b Logging
1.4.c Reporting
1.4.d Dynamic objects

1.5 Cisco NGIPS deployment modes

1.5.a In-line

2023 Cisco Systems, Inc. This document is Cisco Public.Page 1

1.5.b Passive
1.5.c TAP

1.6 Cisco NGFW features

1.6.a SSL inspection
1.6.b User identity
1.6.c Geolocation
1.6.d AVC

1.7 Detect and mitigate common types of attacks

1.7.a DoS/DDoS
1.7.b Evasion techniques
1.7.c Spoofing
1.7.d Man-in-the-middle
1.7.e Botnet

1.8 Clustering and high availability features on Cisco ASA and Cisco FTD

1.9 Policies and rules for traffic control on Cisco ASA and Cisco FTD

1.10 Routing protocols security on Cisco IOS, Cisco ASA, and Cisco FTD

1.11 Network connectivity through Cisco ASA and Cisco FTD

1.12 Correlation and remediation rules on Cisco FMC

20% 2.0 Secure Connectivity and Segmentation

2.1 Cisco AnyConnect client-based, remote-access VPN technologies on Cisco ASA, Cisco
FTD, and Cisco routers
2.2 Cisco IOS CA for VPN authentication
2.3 FlexVPN, DMVPN, and IPsec L2L tunnels
2.4 VPN high availability methods
2.4.a Cisco ASA VPN clustering
2.4.b Dual-hub DMVPN deployments

2.5 Infrastructure segmentation methods

2.5.a VLAN
2.5.b PVLAN
2.5.c GRE
2.5.d VRF-Lite

2.6 Microsegmentation with Cisco TrustSec using SFT and SXP

15% 3.0 Security Infrastructure

3.1 Device hardening techniques and control plane protection methods
3.1.a CoPP
3.1.b IP source routing
3.1.c iACLs

2023 Cisco Systems, Inc. This document is Cisco Public.Page 2

3.2 Management plane protection techniques
3.2.a CPU
3.2.b Memory thresholding
3.2.c Securing device access

3.3 Data plane protection techniques

3.3.a uRPF
3.3.b QoS
3.3.c RTBH

3.4 Layer 2 security techniques

3.4.a DAI
3.4.b IPDT
3.4.c STP security
3.4.d Port security
3.4.e DHCP snooping
3.4.f RA Guard
3.4.g VACL

3.5 Wireless security technologies

3.5.a WPA
3.5.b WPA2
3.5.c WPA3
3.5.d TKIP
3.5.e AES

3.6 Monitoring protocols

3.6.a NetFlow/IPFIX/NSEL
3.6.b SNMP
3.6.c SYSLOG
3.6.d RMON
3.6.e eStreamer

3.7 Security features to comply with organizational security policies, procedures, and
standards BCP 38
3.7.a ISO 27001
3.7.b RFC 2827
3.7.c PCI-DSS

3.8 Cisco SAFE model to validate network security design and to identify threats to different
PINs

3.9 Interaction with network devices through APIs using basic Python scripts
3.9.a REST API requests and responses
3.9.a (i) HTTP action verbs, error codes, cookies, headers
3.9.a (ii) JSON or XML payload
3.9.a (iii) Authentication

2023 Cisco Systems, Inc. This document is Cisco Public.Page 3

3.9.b Data encoding formats
3.9.b (i) JSON
3.9.b (ii) XML
3.9.b (iii) YAML

3.10 Cisco DNAC Northbound APIs use cases

3.10.a Authentication and authorization
3.10.b Network discovery
3.10.c Network device
3.10.d Network host

25% 4.0 Identity Management, Information Exchange, and Access Control

4.1 Cisco ISE scalability using multiple nodes and personas
4.2 Cisco switches and Cisco Wireless LAN Controllers for network access AAA with Cisco ISE
4.3 Cisco devices for administrative access with Cisco ISE
4.4 AAA for network access with 802.1X and MAB using Cisco ISE
4.5 Guest lifecycle management using Cisco ISE and Cisco WLC
4.6 BYOD on-boarding and network access flows
4.7 Cisco ISE integration with external identity sources
4.7.a LDAP
4.7.b AD
4.7.c External RADIUS

4.8 Provisioning Cisco AnyConnect with Cisco ISE and Cisco ASA

4.9 Posture assessment with Cisco ISE

4.10 Endpoint profiling using Cisco ISE and Cisco network infrastructure including device
sensor

4.11 Integration of MDM with Cisco ISE

4.12 Certification-based authentication using Cisco ISE

4.13 Authentication methods

4.13.a EAP Chaining and TEAP
4.13.b MAR

4.14 Identity mapping on Cisco ASA, Cisco ISE, Cisco WSA, and Cisco FTD

4.15 pxGrid integration between security devices Cisco WSA, Cisco ISE, and Cisco FMC

4.16 Integration of Cisco ISE with multifactor authentication

4.17 Access control and single sign-on using Cisco DUO security technology

4.18 Cisco IBNS 2.0 (C3PL) for authentication, access control, and user policy enforcement

2023 Cisco Systems, Inc. This document is Cisco Public.Page 4

20% 5.0 Advanced Threat Protection and Content Security
5.1 Cisco AMP for networks, Cisco AMP for endpoints, and Cisco AMP for content security
(Cisco ESA, and Cisco WSA)
5.2 Detect, analyze, and mitigate malware incidents
5.3 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, ERSPAN, and
RSPAN
5.4 Cloud security
5.4.a DNS proxy through Cisco Umbrella virtual appliance
5.4.b DNS security policies in Cisco Umbrella
5.4.c RBI policies in Cisco Umbrella
5.4.d CASB policies in Cisco Umbrella
5.4.e DLP policies in Cisco Umbrella

5.5 Web filtering, user identification, and Application Visibility and Control (AVC) on Cisco
FTD and Cisco WSA

5.6 WCCP redirection on Cisco devices

5.7 Email security features

5.7.a Mail policies
5.7.b DLP
5.7.c Quarantine
5.7.d Authentication
5.7.e Encryption

5.8 HTTP decryption and inspection on Cisco FTD, Cisco WSA, and Cisco Umbrella

5.9 Cisco SMA for centralized content security management

5.10 Cisco advanced threat solutions and their integration: Cisco Stealthwatch, Cisco FMC,
Cisco AMP, Cisco CTA, Threat Grid, ETA, Cisco WSA, Cisco SMA, Cisco Threat Response,
and Cisco Umbrella

2023 Cisco Systems, Inc. This document is Cisco Public.Page 5

CCIE Security v6.1-Learning-Matrix
No ratings yet
CCIE Security v6.1-Learning-Matrix
27 pages
CCDE v3.1 Core Technology List Final 0523
No ratings yet
CCDE v3.1 Core Technology List Final 0523
6 pages
350 701 Scor PDF
100% (1)
350 701 Scor PDF
4 pages
Lesson 10 - Securing The LAN
No ratings yet
Lesson 10 - Securing The LAN
86 pages
Slide 3 15 2020
No ratings yet
Slide 3 15 2020
114 pages
350 401 ENCORE v1.1 PDF
100% (1)
350 401 ENCORE v1.1 PDF
4 pages
Cisco Sdwan Security Policy Design Guide
No ratings yet
Cisco Sdwan Security Policy Design Guide
53 pages
Module 10: LAN Security Concepts: Instructor Materials
No ratings yet
Module 10: LAN Security Concepts: Instructor Materials
32 pages
Module 8 Slides
No ratings yet
Module 8 Slides
52 pages
Security Portfolio - Copia Original
No ratings yet
Security Portfolio - Copia Original
41 pages
CCNA7 LAN Security Module
No ratings yet
CCNA7 LAN Security Module
48 pages
CK - 06 - Securing The Local Network
No ratings yet
CK - 06 - Securing The Local Network
145 pages
Network Security and Cyber Security
No ratings yet
Network Security and Cyber Security
26 pages
CCIE Security v6 Learning Matrix
No ratings yet
CCIE Security v6 Learning Matrix
23 pages
300 210 Sitcs
No ratings yet
300 210 Sitcs
3 pages
New CCNP Security v1.1 Release Notes
No ratings yet
New CCNP Security v1.1 Release Notes
10 pages
SRWE Module 10
No ratings yet
SRWE Module 10
26 pages
Cisco Network Security Solutions 1659723258
No ratings yet
Cisco Network Security Solutions 1659723258
1 page
Securing The Local Network Network: CCNA Security
No ratings yet
Securing The Local Network Network: CCNA Security
146 pages
Portuguese CCNA 7 Seguranca LAN
No ratings yet
Portuguese CCNA 7 Seguranca LAN
41 pages
Roadshow Advanced 7.2 V3.2 221004 Final
No ratings yet
Roadshow Advanced 7.2 V3.2 221004 Final
347 pages
Seguridad en Redes LAN - Sesion 11
No ratings yet
Seguridad en Redes LAN - Sesion 11
84 pages
Cisco Industrial Security Design Guide
No ratings yet
Cisco Industrial Security Design Guide
76 pages
NGF TDM Deck
No ratings yet
NGF TDM Deck
154 pages
Chapter 2 Network Security Devices and Cloud Services
No ratings yet
Chapter 2 Network Security Devices and Cloud Services
36 pages
Securing Cisco Network Devices (SND) v2.0 Volume 2 PDF
No ratings yet
Securing Cisco Network Devices (SND) v2.0 Volume 2 PDF
428 pages
Outlines
No ratings yet
Outlines
10 pages
v6 Ccie
No ratings yet
v6 Ccie
23 pages
CCIE Security Lab Exam Topics v4.0 System Hardening and Availability
No ratings yet
CCIE Security Lab Exam Topics v4.0 System Hardening and Availability
3 pages
350 401 Encor PDF
No ratings yet
350 401 Encor PDF
3 pages
Cisco CCIE-EI v1.1 Release Notes
No ratings yet
Cisco CCIE-EI v1.1 Release Notes
8 pages
ProductInfo 05-08-2020 0458
No ratings yet
ProductInfo 05-08-2020 0458
7 pages
CCIE Security v6 Exam Topics
No ratings yet
CCIE Security v6 Exam Topics
6 pages
Interconnecting Cisco Networking Devices Part 1 (100-101) : Exam Description
No ratings yet
Interconnecting Cisco Networking Devices Part 1 (100-101) : Exam Description
5 pages
Interconnecting Cisco Networking Devices Part 1 (100-101) : Exam Description
No ratings yet
Interconnecting Cisco Networking Devices Part 1 (100-101) : Exam Description
5 pages
Cnss
No ratings yet
Cnss
4 pages
Lab 6 4 1 Basic Inter VLAN Routing Topol
No ratings yet
Lab 6 4 1 Basic Inter VLAN Routing Topol
8 pages
350 701 SCOR v1.1
No ratings yet
350 701 SCOR v1.1
4 pages
Implementing Cisco Edge Network Security Solutions (300-206)
No ratings yet
Implementing Cisco Edge Network Security Solutions (300-206)
3 pages
Mwn-Wapr150n User Guide
No ratings yet
Mwn-Wapr150n User Guide
116 pages
0 ISCW Preview
No ratings yet
0 ISCW Preview
81 pages
Implementing Cisco Enterprise Network Core Technologies v1.0 (350-401)
0% (1)
Implementing Cisco Enterprise Network Core Technologies v1.0 (350-401)
3 pages
Implementing Cisco Network Security Exam (210-260)
No ratings yet
Implementing Cisco Network Security Exam (210-260)
4 pages
Interconnecting Cisco Networking Devices Part 1 (100-101) : Exam Description
0% (1)
Interconnecting Cisco Networking Devices Part 1 (100-101) : Exam Description
5 pages
400 251 Cciesecurity
No ratings yet
400 251 Cciesecurity
5 pages
Implementing Cisco Network Security Exam (210-260) : Security Concepts Common Security Principles
No ratings yet
Implementing Cisco Network Security Exam (210-260) : Security Concepts Common Security Principles
4 pages
Ccna Security: Exam Description
No ratings yet
Ccna Security: Exam Description
5 pages
Isilon OneFS CLI Command Guide PDF
No ratings yet
Isilon OneFS CLI Command Guide PDF
19 pages
4.4.2.8 Lab - Using Wireshark To Examine Ethernet Frames-NAVAL
No ratings yet
4.4.2.8 Lab - Using Wireshark To Examine Ethernet Frames-NAVAL
7 pages
Understanding Cisco Cybersecurity Fundamentals (210-250) Blueprint
No ratings yet
Understanding Cisco Cybersecurity Fundamentals (210-250) Blueprint
6 pages
CCIE Security Lab Exam v3
No ratings yet
CCIE Security Lab Exam v3
11 pages
CCIE Enterprise Infrastructure (v1.0) Exam Topics - Practical Exam
No ratings yet
CCIE Enterprise Infrastructure (v1.0) Exam Topics - Practical Exam
8 pages
Unit 4
No ratings yet
Unit 4
16 pages
CCIE Enterprise Wireless v1 Exam Topics
No ratings yet
CCIE Enterprise Wireless v1 Exam Topics
6 pages
MultipathTCP Netsys
No ratings yet
MultipathTCP Netsys
163 pages
Basic Dfwmac
No ratings yet
Basic Dfwmac
6 pages
Eds500 Series
No ratings yet
Eds500 Series
46 pages
Fortigate Authentication 52 PDF
No ratings yet
Fortigate Authentication 52 PDF
187 pages
BRKSEC-2002 Understanding and Preventing Layer 2 Attacks PDF
No ratings yet
BRKSEC-2002 Understanding and Preventing Layer 2 Attacks PDF
103 pages
Building Linux IPv6 DNS Server
100% (4)
Building Linux IPv6 DNS Server
47 pages
Elementary TCP Sockets
No ratings yet
Elementary TCP Sockets
23 pages
Option N EtherNet IP 4189340801 UK
No ratings yet
Option N EtherNet IP 4189340801 UK
155 pages
CCNA Routing and Switching: Connecting Networks: Instructor Packet Tracer Manual
No ratings yet
CCNA Routing and Switching: Connecting Networks: Instructor Packet Tracer Manual
157 pages
AVAYA CM 52 Gateway Traps
No ratings yet
AVAYA CM 52 Gateway Traps
52 pages
Computer Networks Notes-Shashi
No ratings yet
Computer Networks Notes-Shashi
27 pages
CN Unit-IV Transport Layer 04-11-2024
No ratings yet
CN Unit-IV Transport Layer 04-11-2024
27 pages
IP Advanced PDF
No ratings yet
IP Advanced PDF
306 pages
Exfo Ftb-8130nge Specifications Spec Sheet 3f94
No ratings yet
Exfo Ftb-8130nge Specifications Spec Sheet 3f94
23 pages
TR-383 Common YANG Modules For Access Networks
No ratings yet
TR-383 Common YANG Modules For Access Networks
27 pages
Pexip Infinity Management API V23.a
No ratings yet
Pexip Infinity Management API V23.a
50 pages
Sample 11
No ratings yet
Sample 11
20 pages
Lab3 CM
No ratings yet
Lab3 CM
7 pages
Message
No ratings yet
Message
3 pages
Ed Systems OSI
No ratings yet
Ed Systems OSI
13 pages
Session Border Controller
No ratings yet
Session Border Controller
14 pages
Wifi Glossary
No ratings yet
Wifi Glossary
11 pages
Deficit Idle Count: Examples and Explanation of How The RS Aligns The Start Control Character
No ratings yet
Deficit Idle Count: Examples and Explanation of How The RS Aligns The Start Control Character
10 pages
Cisco Packet Tracer 6 Moduls
No ratings yet
Cisco Packet Tracer 6 Moduls
5 pages
SSH Configuration Auditor
No ratings yet
SSH Configuration Auditor
2 pages
Fundamentos de Seguridad de la Red
From Everand
Fundamentos de Seguridad de la Red
NUMA EDITORIAL
No ratings yet
Mastering the Art of Network Programming: Unraveling the Secrets of Expert-Level Programming
From Everand
Mastering the Art of Network Programming: Unraveling the Secrets of Expert-Level Programming
Steve Jones
No ratings yet
Understanding TCP/IP
From Everand
Understanding TCP/IP
Alena KabelovÃ¡
4/5 (2)
gVisor Architecture and Integration: The Complete Guide for Developers and Engineers
From Everand
gVisor Architecture and Integration: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
CompTIA CySA+ Study Guide: Exam CS0-003
From Everand
CompTIA CySA+ Study Guide: Exam CS0-003
Mike Chapple
2/5 (1)
Container Security Strategies: Advanced Techniques for Safeguarding Docker Environments
From Everand
Container Security Strategies: Advanced Techniques for Safeguarding Docker Environments
Adam Jones
No ratings yet
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
From Everand
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
Redouane MEDDANE
No ratings yet
SR-IOV Networking in Kubernetes: The Complete Guide for Developers and Engineers
From Everand
SR-IOV Networking in Kubernetes: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
Comprehensive Guide to Aircrack-ng: Definitive Reference for Developers and Engineers
From Everand
Comprehensive Guide to Aircrack-ng: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
CompTIA Cloud+ Study Guide: Exam CV0-003
From Everand
CompTIA Cloud+ Study Guide: Exam CV0-003
Ben Piper
No ratings yet
Mastering Docker for Scalable Deployment: From Container Basics to Orchestrating Complex Work
From Everand
Mastering Docker for Scalable Deployment: From Container Basics to Orchestrating Complex Work
Kameron Hussain
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

CCIE Security v6.1 Blueprint

Uploaded by

CCIE Security v6.1 Blueprint

Uploaded by

CCIE Security v6.

20% 1.0 Perimeter Security and Intrusion Prevention

1.2 Firewall features on Cisco ASA and FTD

1.3 Security features on Cisco IOS/IOS XE

1.4 Cisco FMC features

1.5 Cisco NGIPS deployment modes

2023 Cisco Systems, Inc. This document is Cisco Public.Page 1

1.6 Cisco NGFW features

1.7 Detect and mitigate common types of attacks

1.11 Network connectivity through Cisco ASA and Cisco FTD

1.12 Correlation and remediation rules on Cisco FMC

20% 2.0 Secure Connectivity and Segmentation

2.5 Infrastructure segmentation methods

2.6 Microsegmentation with Cisco TrustSec using SFT and SXP

15% 3.0 Security Infrastructure

2023 Cisco Systems, Inc. This document is Cisco Public.Page 2

3.3 Data plane protection techniques

3.4 Layer 2 security techniques

3.5 Wireless security technologies

3.6 Monitoring protocols

2023 Cisco Systems, Inc. This document is Cisco Public.Page 3

3.10 Cisco DNAC Northbound APIs use cases

25% 4.0 Identity Management, Information Exchange, and Access Control

4.9 Posture assessment with Cisco ISE

4.11 Integration of MDM with Cisco ISE

4.12 Certification-based authentication using Cisco ISE

4.13 Authentication methods

4.16 Integration of Cisco ISE with multifactor authentication

2023 Cisco Systems, Inc. This document is Cisco Public.Page 4

5.6 WCCP redirection on Cisco devices

5.7 Email security features

5.9 Cisco SMA for centralized content security management

2023 Cisco Systems, Inc. This document is Cisco Public.Page 5

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.