CCIE Security v6 Bootcamp Training

• CCNP Security level Knowledge.
• You should have three to five years of job experience into Network Security domain before attempting CCIE Security Certification
• Detailed understanding of Cisco Network Security products.

• Candidates preparing for CCIE Security Written and Lab Examination or CCCIE Security v6.0 Certification examination. 
• Candidates who have CCNP Security level knowledge and want to gain expert-level skills.
• Network Security Experts with 4-5 years of Industry Experience.

• Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER, and Threat Defense (FTD)
• Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD
• Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD
• Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multi-context on Cisco ASA and Cisco FTD
• Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD
• Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE
• Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD
• Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting
• Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC
• Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes
• Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)
• Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

• Compare and contrast different AMP solutions including public and private cloud deployment models
• Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)
• Detect, analyze, and mitigate malware incidents
• Describe the benefit of threat intelligence provided by AMP Threat GRID
• Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN
• Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)
• Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA
• Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA
• Describe, implement, and troubleshoot SMTP encryption on ESA
• Compare and contrast different LDAP query types on ESA
• Describe, implement, and troubleshoot WCCP redirection
• Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent
• Describe, implement, and troubleshoot HTTPS decryption and DLP
• Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA
• Describe the security benefits of leveraging the OpenDNS solution.
• Describe, implement, and troubleshoot SMA for centralized content security management
• Describe the security benefits of leveraging Lancope

• Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5
• Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA
• Describe, implement and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts
• Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication
• Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD
• Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec
• Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)
• Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments
• Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP
• Describe the security benefits of network segmentation and isolation
• Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN
• Describe, implement, and troubleshoot micro-segmentation with TrustSec using SGT and SXP
• Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE
• Describe the functionality of Cisco VSG used to secure virtual environments
• Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

• Describe, implement, and troubleshoot various personas of ISE in a multinode deployment
• Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA
• Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS
• Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.
• Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server
• Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure
• Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA
• Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS
• Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML
• Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA
• Describe, implement, verify, and troubleshoot posture assessment with ISE
• Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor
• Describe, implement, verify, and troubleshoot integration of MDM with ISE
• Describe, implement, verify, and troubleshoot certificate based authentication using ISE
• Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)
• Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP-MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2
• Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER
• Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

• Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques
• Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing
• Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access
• Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH
• Describe, implement, and troubleshoot IPv4/v6 routing protocols security
• Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL
• Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES
• Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)
• Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and Estreamer
• Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP
• Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP
• Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv
• Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts
• Describe the northbound and southbound APIs of SDN controllers such as APIC-EM
• Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS
• Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE
• Validate network security design for adherence to Cisco SAFE recommended practices
• Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python
• Describe Cisco Digital Network Architecture (DNA) principles and components.

For more in-depth course curriculum information – please check CCIE Security Certification Curriculum Details.