Course Features

 
Duration
150 Hrs
 
Faculty
CCNP certified, also available after course completion on request with prior
 
Equipment
Two Dedicated fully loaded CISCO Racks
 
Author
Keith Barker
Scott Morris
 
Courseware
From Cisco Publications
 
Practice Time
Unlimited & Even at night (subject to availability of Lab & Racks)
ccnp-security

42-637 SECURE v1.0 Exam Topics (Blueprint)

Exam Description

The 642-637 Secure v1.0 Securing Networks with Cisco Routers and Switches exam is associated with the CCSP, and CCNP Security certifications. This exam tests a candidate’s knowledge and skills needed to secure Cisco IOS Software router and switch-based networks, and provide security services based on Cisco IOS Software. Candidates can prepare for this exam by taking the Securing Networks with Cisco Routers and Switches course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Pre-Production Design

  • Choose Cisco IOS technologies to implement HLD
  • Choose Cisco products to implement HLD
  • Choose Cisco IOS features to implement HLD 2
  • Integrate Cisco network security solutions with other security technologies
  • Create and test initial Cisco IOS configurations for new devices/services
  • Configure and verify ASA VPN feature configurations

Complex Operations Support

  • Optimize Cisco IOS security infrastructure device performance
  • Create complex network security rules to meet the security policy requirements
  • Optimize security functions, rules, and configuration
  • Configure & verify Classic IOS Firewall and NAT to dynamically mitigate identified threats to the network
  • Configure & verify IOS Zone Based Firewalls including advanced application inspections and URL filtering
  • Configure & verify the IPS features to identify threats and dynamically block them from entering the network
  • Maintain, update and tune IPS signatures
  • Configure & verify IOS VPN features
  • Configure & verify Layer 2 and Layer 3 security features

Advanced Troubleshooting

  • Advanced Cisco IOS security software configuraiton fault finding and repairing
  • Advanced Cisco routers and switches hardware fault finding and repairing

642-617 Deploying Cisco ASA Firewall Solutions Exam Topics (Blueprint)

Exam Description

The 642-617 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0) exam is associated with the CCSP, CCNP Security and Cisco Firewall Specialist certifications. This exam tests a candidate’s knowledge and skills needed to implement and maintain Cisco ASA-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA Firewall Solutions course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Pre-Production Design

  • Choose ASA Perimeter Security technologies/features to implement HLD based on given security requirements
  • Choose the correct ASA model to implement HLD based on given performance requirements
  • Create and test initial ASA appliance configurations using CLI
    Determine which ASA licenses will be required based on given requirements
  • Complex Operations Support
  • Optimize ASA Perimeter Security features performance, functions, and configurations
  • Create complex ASA security perimeter policies? such as ACLs, NAT/PAT, L3/L4/L7 stateful inspections, QoS policies, cut-thru proxy, threat detection, botnet detection/filter using CLI and/or ASDM
  • Perform initial setup on the AIP-SSM and CSC-SSM using CLI and/or ASDM
  • Configure, verify and troubleshoot High Availability ASAs (A/S and A/A FO) operations using CLI and/or ASDM
  • Configure, verify and troubleshoot static routing and dynamic routing protocols on the ASA using CLI and/or ASDM
  • Configure, verify and troubleshoot ASA transparent firewall operations using CLI
  • Configure, verify and troubleshoot management access/protocols on the ASA using CLI and/or ASDM

Describe Advanced Troubleshooting

Advanced ASA security perimeter configuraiton/software/hardware troubleshooting using CLI and/or ASD fault finding and repairing

642-647 VPN v1.0 Exam Topics (Blueprint)

Exam Description

Deploying Cisco ASA VPN Solutions (VPN v1.0) exam is associated with the CCSP, CCNP Security and Cisco VPN Specialist certifications. This exam tests a candidate’s knowledge and skills needed to deploy Cisco ASA-based VPN solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA VPN features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA VPN Solutions course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Pre-Production Design

  • Choose ASA VPN technologies to implement HLD based on given requirements
  • Choose the correct ASA model and license to implement HLD based on given performance requirements
  • Choose the correct ASA VPN features to implement HLD based on given corporate security policy and network requirements
  • Integrate ASA VPN solutions with other security technology domains (CSD, ACS, Device managers, Cert servers, etc.)

Complex Operations Support

  • Optimize ASA VPN performance, functions, and configurations
  • Configure and verify complex ASA VPN networks using features such as DAP, CSD, Smart tunnels, Anyconnect SSLVPN, Clientless SSLVPN, Site-to-Site VPN, RA VPN, certificates, QOS, etc. to meet security policy requirements.
  • Create complex ASA network security rules using such features as ACLs, DAP, VPN profiles, certificates, MPF, etc, to meet the corporate security policy

Advanced Troubleshooting

Perform advanced ASA VPN configuration and troubleshooting

642-627 IPS v7.0 Exam Topics (Blueprint)

Exam Description

Implementing Cisco Intrusion Prevention System v7.0 (IPS v7.0) exam is associated with the Cisco Certified Security Professional certification. This exam tests a candidate’s knowledge and skills needed to deploy Cisco IPS-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS. Candidates can prepare for this exam by taking the Implementing Cisco Intrusion Prevention System course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Pre-Production Design

  • Choose Cisco IPS technologies to implement HLD
  • Choose Cisco products to implement HLD
  • Choose Cisco IPS features to implement HLD
  • Integrate Cisco network security solutions with other security technologies
  • Create and test initial Cisco IPS configurations for new devices/services
    Complex Support Operations
  • Optimize Cisco IPS security infrastructure device performance
  • Create complex network security rules, to meet the security policy requirements
  • Configure and verify the IPS features to identify threats and dynamically block them from entering the network
  • Maintain, update and tune IPS signatures
  • Use CSM and MARS for IPS management, deployment, and advanced event correlation.
  • Optimize security functions, rules, and configuration

Advanced Troubleshooting

  • Advanced Cisco IPS security software configuraiton fault finding and repairing
  • Advanced Cisco IPS sensor and module hardware fault finding and repairing