Cisco courses in Mumbai & CCIE Bootcamps in Mumbai India, Cisco Certified Internetwork Expert.

The CCIE Security exam is an hands-on exam which requires you to configure a series of secure networks to given specifications. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam. Point values and testing criteria are provided. The physical rack for Security is similar to the rack for Routing and Switching with the addition of the PIX, VPN concentrator, and intrusion detection sensor and authentication server

I. Bridging and Switching

A. Basic frame relay configuration *

B. Catalyst VLAN configuration *

C. Catalyst VTP configuration *

D. Port-VLAN assignments *

E. Catalyst management and security

F. 802.1x

G. Traffic control and congestion management

H. Catalyst features and advanced catalyst configuration

II. IGP Routing

A. OSPF, EIGRP and RIP configurations *

B. OSPF, EIGRP and RIP security *

C. PIX routing

D. VPN3000 routing

E. Route filtering, redistribution, summarization and other advanced IGP features

III. PIX Firewall

A. Basic PIX configuration

B. Management

C. Address translation (NAT, global, static)

D. ACL, conduit

E. Routing

F. Object groups

G. VLANs

H. AAA

I. VPN

J. DHCP

K. PPPoE

L. Filtering

M. Fixup protocols

N. Other advanced PIX features

IV. BGP

A. Basic IBGP, EBGP and BGP backbone configurations *

B. BGP security

C. Summarization, filtering and advanced BGP features

V. IP/IOS Features

A. IP services

B. QoS

C. NAT/PAT

D. NTP

E. DHCP

F. SNMP

G. IOS features and user interfaces

H. File management, system management and advanced IP/IOS features

VI. AAA

A. Tacacs+

B. Radius

C. Switch and router management

D. PIX management

E. VPN3000 management

F. Proxy authentication

G. Service authentication FTP, telnet, HTTP, other

H. Advanced AAA features

VII. VPN

A. IPSec LAN-to-LAN (IOS/ PIX/ VPN3000)

B. DMVPN

C. Pre-shared

D. CA (PKI)

E. Remote access VPN (IOS/ PIX/ VPN3000)

F. VPN3000 concentrator

G. Unity client

H. WebVPN

I. EzVPN Hardware client (IOS/ PIX)

J. Xauth, split-tunnel, RRI, NAT-T

K. High availability

L. IPSec redundancy

M. QoS for VPN

N. GRE, mGRE

O. L2TP

P. PPTP

Q. Advanced VPN features

VIII. IOS Firewall

A. CBAC

B. Audit

C. Auth Proxy

D. PAM

E. Access control

F. Performance tuning

G. Advanced IOS firewall features

IX. Advanced Security

A. DoS/DDoS attacks

B. Network/ Host attacks

C. Packet marking techniques

D. Mitigation techniques

E. Security RFCs

F. Service provider security

G. Black holes, sink holes

H. Access lists (standard, extended, named)

I. Lock-and-Key access-list

J. Reflexive access-list

K. TCP intercept

L. uRPF

M. CAR

N. NBAR

O. Netflow

P. 802.1x

Q. PBR

R. Flooding

S. Spoofing

T. Policing

U. Fragmentation

V. Sniffer traces

W. Device security and management (telnet, SSH, pwd, priv lvls)

X. Other advanced features

X. Intrusion Detection System

A. IDS sensor appliance 42XX

B. Sensor configuration

C. Signature tuning

D. Shunning

E. TCP resets

F. Sensor features

G. IDM

H. IEV

I. IOS IDS

J. PIX IDS

K. SPAN, RSPAN

L. Advanced IDS features

CCIE Training Routing & switching security

Certifications