Cisco Certified Network Professional (CCNP Security) also known as professional level certification in Network Security discipline. This certification is basically meant for aspirants seeking career in the field of network security by using vendor specific devices like ASA firewalls, Switches and IPS Systems. This certification basically deals in making individuals well equipped with skillset required while handling complex security issues incurring in enterprise networks.
CCNP Security Training offered by ITGAT trains aspirants on knowledge and skills necessary while testifying, deploying, configuring, maintaining and troubleshooting Cisco devices used for providing network security.
ITGAT provides online CCNP course training on real Cisco devices (Routers, Switches, and Firewalls), with 24x7 virtual Lab Facility. CCNP curriculum is designed as per CCNP Certification exam blueprints provided by Cisco. In order to prepare for latest CCNP Security Certification online exam conducted by Cisco, candidates are provided with complete study material i.e. Cisco Exam Guide, Lab Manual, and Rack to practice labs.
CCNP Security Course Outlines
Prerequisites – CCNA Security
CCNP Security consists of four exams.
A comprehensive summary of course blueprint is here under.
- Implementing TACACS+ and RADIUS and wired/wireless 802.1X ISE authentication/authorization policies, ISE endpoint identity configuration and Verify MAB Operation).
- Implement Firewall (ASA or IOS) including ACLS, static/dynamic NAT/PAT, and object groups. Threat detection features and implement botnet traffic filtering. Describe and implement ASA security contexts, Layer 2 Security, dynamic ARP inspection, storm control, common layer 2 attacks and mitigation, and MACSec and configuring DHCP snooping, port security and IP source verification.
- Troubleshoot, monitor (firewalls using analysis of packet tracer, capture and syslog).
- Understand Threat Defense Architectures (Design a Firewall Solution, High-availability, Basic concepts of security zoning, Transparent & Routed Modes, Security Contexts, and Layer 2 Security Solutions). Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
- Understand and implement secure communications using VPN on routers and firewalls. Implement and troubleshoot AnyConnect IKEv2 VPN and AnyConnect SSLVPN on ASA and routers. Implement and troubleshoot FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA and on routers. Implement and troubleshoot IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6) and DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6). Implement and troubleshoot clientless SSLVPN on ASA and routers.
- Design VPN solutions and identify VPN technology considerations based on functional requirements and configuration output, and Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec.
- Understand Cisco WSA (features and functionality, implement data security, WSA identity and authentication with transparent User identification). Describe web usage control, decryption policies traffic redirection and capture methods.
- Understand Cisco ESA (features and functionality) and describe traffic redirection and capture. Implement email encryption, anti-spam policies, virus outbreak filter, DLP policies, anti-malware, inbound and outbound mail policies and authentication.
- Understand Network IPS and implement traffic redirection and capture methods, network IPS deployment modes, event actions & overrides/filters, anomaly detection, risk ratings, and device hardening per best practices. Describe signatures engines and configure device hardening best practices.
For Detailed blueprint, click on the respective exam below.
- Implementing Cisco Secure Access Solutions (300-208 SISAS)
- Implementing Cisco Edge Network Security Solutions (300-206 SENSS)
- Implementing Cisco Secure Mobility Solutions (300-209 SIMOS)
- Implementing Cisco Threat Control Solutions (300-210 SITCS)