CISCO CCNP SECURITY

Description

Duration: 10 days

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices, and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNs, and IDS/IPS solutions for their networking environments.

The new CCNP Security certification program prepares you for today’s professional-level job roles in security technologies. CCNP Security now includes automation and programmability to help you scale your security infrastructure.

  • Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)
  • Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

Prerequisites

There are no formal prerequisites for CCNP Security, but you should have a good understanding of the exam topics before taking the exam.

CCNP candidates often also have three to five years of experience implementing security solutions.

What’s included?

  • Authorized Courseware
  • Intensive Hands on Skills Development with an Experienced Subject Matter Expert
  • Hands-on practice on real Servers and extended lab support 1.800.482.3172
  • Examination Vouchers & Onsite Certification Testing- (excluding Adobe and PMP Boot Camps)
  • Academy Code of Honor: Test Pass Guarantee
  • Optional: Package for Hotel Accommodations, Lunch and Transportation

With several convenient training delivery methods offered, The Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Academy for an engaging and effective learning experience.

Methods

  • Instructor-Led (the best training format we offer)
  • Live Online Classroom – Online Instructor-Led
  • Self-Paced Video

Speak to an Admissions Representative for complete details

StartFinishPublic PricePublic Enroll Private PricePrivate Enroll
9/23/20249/27/2024
10/14/202410/18/2024
11/4/202411/8/2024
11/25/202411/29/2024
12/16/202412/20/2024
1/6/20251/10/2025
1/27/20251/31/2025
2/17/20252/21/2025
3/10/20253/14/2025
3/31/20254/4/2025
4/21/20254/25/2025
5/12/20255/16/2025
6/2/20256/6/2025
6/23/20256/27/2025
7/14/20257/18/2025
8/4/20258/8/2025
8/25/20258/29/2025
9/15/20259/19/2025
10/6/202510/10/2025
10/27/202510/31/2025
11/17/202511/21/2025
12/8/202512/12/2025
12/29/20251/2/2026

Curriculum

    • Cisco CCNP® Security

      Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

      Implementing and Operating Cisco Security Core Technologies v1.0 (SCOR 350-701) tests a candidate’s knowledge of implementing and operating core security technologies including network security, cloud security, content security, endpoint protection, and detection, secure network access, visibility, and enforcement.

      1.0 Security Concepts

      • Explain common threats against on-premises and cloud environments
      • Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
      • Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate-based authorization
      • Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
      • Describe security intelligence authoring, sharing, and consumption
      • Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
      • Explain North Bound and South Bound APIs in the SDN architecture
      • Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
      • Interpret basic Python scripts used to call Cisco Security appliances APIs

      2.0 Network Security

      • Compare network security solutions that provide intrusion prevention and firewall capabilities
      • Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
      • Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
      • Configure and verify network infrastructure security methods (router, switch, wireless)
      • Implement segmentation, access control policies, AVC, URL filtering, and malware protection
      • Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multi-device manager, in-band vs. out-of-band, CDP, DNS, SCP, SFTP, and DHCP security and risks)
      • Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
      • Configure secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
      • Configure and verify site-to-site VPN and remote access VPN

      3.0 Securing the Cloud

      • Identify security solutions for cloud environments
      • Compare the customer vs. provider security responsibility for the different cloud service models
      • Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
      • Implement application and data security in cloud environments
      • Identify security capabilities, deployment models, and policy management to secure the cloud
      • Configure cloud logging and monitoring methodologies
      • Describe the application and workload security concepts

      4.0 Content Security

      • Implement traffic redirection and capture methods
      • Describe web proxy identity and authentication including transparent user identification
      • Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA)
      • Configure and verify web and email security deployment methods to protect on-premises and remote users (inbound and outbound controls and policy management)
      • Configure and verify email security features such as SPAM filtering, anti-malware filtering, DLP, blacklisting, and email encryption
      • Configure and verify secure internet gateway and web security features such as blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
      • Describe the components, capabilities, and benefits of Cisco Umbrella
      • Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)

      5.0 Endpoint Protection and Detection

      • Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
      • Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry
      • Configure and verify outbreak control and quarantines to limit infection
      • Describe justifications for endpoint-based security
      • Describe the value of endpoint device management and asset inventory such as MDM
      • Describe the uses and importance of multifactor authentication (MFA) strategy
      • Describe endpoint posture assessment solutions to ensure endpoint security
      • Explain the importance of an endpoint patching strategy

      6.0 Secure Network Access, Visibility, and Enforcement

      • Describe identity management and secure network access concepts such as guest services, profiling, posture assessment, and BYOD
      • Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
      • Describe network access with CoA
      • Describe the benefits of device compliance and application control
      • Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
      • Describe the benefits of network telemetry
      • Describe the components, capabilities, and benefits of these security products and solutions

      Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

      Implementing Secure Solutions with Virtual Private Networks v1.0 (SVPN 300-730) tests a candidate’s knowledge of implementing secure remote communications with Virtual Private Network (VPN) solutions including secure communications, architectures, and troubleshooting.

      1.0 Site-to-site Virtual Private Networks on Routers and Firewalls

      • Describe GETVPN
      • Implement DMVPN (hub-and-spoke and spoke-to-spoke on both IPv4 & IPv6)
      • Implement FlexVPN (hub-and-spoke on both IPv4 & IPv6) using local AAA

      2.0 Remote access VPNs

      • Implement AnyConnect IKEv2 VPNs on ASA and routers
      • Implement AnyConnect SSLVPN on ASA and routers
      • Implement Clientless SSLVPN on ASA and routers
      • Implement Flex VPN on routers

      3.0 Troubleshooting using ASDM and CLI

      • Troubleshoot IPsec
      • Troubleshoot DMVPN
      • Troubleshoot FlexVPN
      • Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
      • Troubleshoot Clientless SSLVPN on ASA and routers

      4.0 Secure Communications Architectures

      • Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec for site-to-site VPN solutions
      • Identify functional components of FlexVPN, IPsec, and Clientless SSL for remote access VPN solutions
      • Identify VPN technology based on configuration output for site-to-site VPN solutions
      • Identify VPN technology based on configuration output for remote access VPN solutions
      • Identify split tunneling requirements for remote access VPN solutions
      • Design site-to-site VPN solutions
      • Design remote access VPN solutions
      • Identify Elliptic Curve Cryptography (ECC) algorithms