Cisco Certified Network Professional Security (CCNP Security) certification system is adjusted particularly to the employment part of the Cisco Network Security Engineer in charge of Security in Routers, Switches, Networking gadgets and apparatuses, and additionally picking, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their systems administration situations.
What’s more, The National Security Agency (NSA) and the Committee on National Security Systems (CNSS) perceive that Cisco CCNP Security courseware meets the CNSS 4013 preparing standard.
The current CCNP Security outline is separated into four unique exams which should be passed to get CCNP Security certified. There is a tremendous hole of Security experts available, so Cisco’s present CCNP Security blueprint was worked to prepare engineers on rising technologies and make them prepared for testing genuine situations. Instead of Bootcamp courses, these innovation courses give a blend of slide exhibit, visual clarifications of how advances work and the thinking behind it, trailed by configuration cases to uphold the learning. Slides ought to be utilized as a kind of perspective for the exam, while the case as a source of perspective for genuine deployments. Lab topologies will be planned, clarifying the target for every design, and afterward worked sans preparation by the trainer, nothing being pre-scripted, pre-tested or pre-recorded . Amid the procedure, the trainer will deliberately show the impacts of misconfigurations and disappointments, arbitrarily making learners think how to approach a particular issue, never seen. Furthermore, a center will likewise be on building an appropriate study and learning philosophy, which has nothing to do with order or design format retention.
CCNP Security training is a composite of four modules that an expert must qualify keeping in mind the end goal to acquire this prestigious certification. This training will cover in point of interest each of the accompanying four modules to guarantee that members gain core understanding of actualizing security for Cisco devices:
- SISAS (Cisco Secure Access Solutions) 1.0
- SENSS (Cisco Edge Network Security Solutions) 1.0
- SIMOS (Cisco Secure Mobility Solutions) 1.0
- SITCS (Cisco Threat Control Solutions) 1.0
Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 is designed to prepare security engineers with the knowledge and hands-on experience to prepare them to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls. The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls, Cisco Routers with the firewall feature set, and Cisco Switches. The student will gain hands-on experience with configuring various perimeter security solutions for mitigating outside threats and securing network zones. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco Switches, Cisco ASA, and Router security appliance feature and provide detailed operations support for these products.
- Understanding and implementing Cisco modular Network Security Architectures such as SecureX and TrustSec.
- Deploy Cisco Infrastructure management and control plane security controls.
- Configuring Cisco layer 2 and layer 3 data plane security controls.
- Implement and maintain Cisco ASA Network Address Translations (NAT).
- Implement and maintain Cisco IOS Software Network Address Translations (NAT).
- Designing and deploying Cisco Threat Defences solutions on a Cisco ASA utilizing access policy and application and identity based inspection.
- Implementing Botnet Traffic Filters.
- Deploying Cisco IOS Zone-Based Policy Firewalls (ZBFW).
- Configure and verify Cisco IOS ZBFW Application Inspection Policy.
Implementing Cisco Threat Control Solutions (SITCS) v1.0 is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco’s Next Generation Firewall (NGFW) as well as Web Security, Email Security and Cloud Web Security. The goal of this portion of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls utilizing Cisco Next Generation product solution which integrates Cisco Prime Security Manager for managing identity policies. The student will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco’s Next Generation Firewall security appliance feature and provide operational support for Intrusion Prevention Systems, Email Security, and Web based security appliances.
- Understand Cisco ASA Next-Generation Firewall (NGFW)
- Deploy Cisco Web Security appliance to mitigate malware
- Configure Web Security appliance for acceptable use controls
- Configure Cisco Cloud Web Security Connectors
- Describe Cisco Email Security Solution
- Configure Cisco Email Appliance Incoming and Outgoing Policies
- Describe IPS Threat Controls
- Configure and Implement Cisco IPS Sensor into a Network.
Implementing Cisco Secure Access Solutions (SISAS) v1.0 is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco’s Identity Services Engine and 802.1X secure network access. The goal of this portion of the course is to provide students with foundational knowledge and the capabilities to implement and managed network access security by utilizing Cisco ISE appliance product solution. The student will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing devices connecting to the network. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco’s ISE appliance feature and provide operational support identity and network access control.
- Understand Cisco Identity Services Engine architecture and access control capabilities
- Understand 802.1X architecture, implementation and operation.
- Understand commonly implemented Extensible Authentication Protocols (EAP).
- Implement Public-Key Infrastructure with ISE.
- Understand the implement Internal and External authentication databases.
- Implement MAC Authentication Bypass.
- Implement identity based authorization policies.
- Understand Cisco TrustSec features.
- Implement Web Authentication and Guest Access.
- Implement ISE Posture service.
- Implement ISE Profiling.
- Understand Bring Your Own Device (BYOD) with ISE.
- Troubleshoot ISE .
Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a course designed to prepare network security engineers with the knowledge and skills they need to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. Students of this course will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.
- Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.
- Implement and maintain Cisco site-to-site VPN solutions.
- Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.
- Implement and maintain Cisco clientless SSL VPNs
- Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.
- Implement and maintain endpoint security and dynamic access policies (DAP).
It also covers-
Troubleshooting, Monitoring, and Reporting Tools
Secure Communications Architectures