The best Training/Online Training Programs for CCIE Enterprise, Security, Datacenter, Service Provider and Collaboration.
The CCIE R&S Program has now been replaced by the CCIE Enterprise Infrastructure Certification and Training. This is the latest certification track to join the brigade of Cisco’s routine up gradation. Cisco confirmed the revision of the current version (v5) to Enterprise and announced the new blueprint in the first week of December. In alignment with the current industry trends and job roles, the old version has been revamped with the addition of new study materials and changes have been incorporated in both training and the exams (written & Lab).
This is the highest level of Certification from Cisco. It authenticates one’s in depth understanding and expertise on Cisco products and solutions. Besides being one of the most prestigious and highly paid certification in IT Industry, it validates the skills required of expert-level network engineers to plan, operate and troubleshoot complex, converged network infrastructure. CCIE candidates are deployed for the most technically challenging network assignments.
CCIE Enterprise Infrastructure(v1.0)
Exam Topics –Practical Exam
Exam Description:The Cisco CCIE Enterprise Infrastructure (v1.0) Practica lExam is an 8-hour long, hands-on exam that requires an examinee to plan, design, deploy, operate, and optimize dual stack solutions (IPv4 and IPv6) for complex enterprise networks. Examinees are expected to program and automate the network within their exam, as per exam topics below. The topics given below are general guidelines for the content likely to be included on the exam. Your knowledge, skills and abilities on these topics will be tested throughout the entire network life-cycle, unless explicitly specified otherwise within this document.
The exam is closed book and no outside reference materials are allowed.
Network Infrastructure (30%).
1 Switched campus.
1.a Switch administration.
1.ai Managing MAC address table.
1.aii Errdisable recovery.
1.aiii L2 MTU.
1.b Layer 2 protocols.
1.bi CDP, LLDP.
1.c VLAN technologies.
1.ci Access ports.
1.cii Trunk ports (802.1Q).
1.ciii Native VLAN.
1.civ Manual VLAN pruning.
1.cv VLAN database.
1.cvi Normal range and extended range VLANs.
1.cvii Voice VLAN.
1.diL ACP, static.
1.dii Layer 2, Layer
1.diii Load balancing
1.div EtherChannel Misconfiguration Guard.
1.ei PVST+, Rapid PVST+, MST.
1.eii Switch priority, port priority, path cost, STP timers.
1.eiii PortFast, BPDU Guard, BPDU Filter.
1.eiv Loop Guard, Root Guard.
2 Routing Concepts
2.a Administrative distance.
2.c Static routing
2.d PolicyBased Routing.
2.e VRF-aware routing with any routing protocol.
2.f Route filteringwith any routing protocol.
2.g Manual summarization with any routing protocol.
2.h Redistribution between any pair of routing protocols.
2.i Routing protocol authentication.
2.j Bidirectional Forwarding Detection.
3.b Best path selection.
3.bi RD, FD, FC, successor, feasible successor.
3.bii Classic Metricsand Wide Metrics.
3.ci General operations.
3.cii Topology table.
3.ciii Packet types.
3.civ Stuck In Active.
3.cv Graceful shutdown.
3.d EIGRP loadbalancing.
3.e EIGRP Named Mode.
3.f Optimization, convergence and scalability.
3.fi Fast convergence requirements.
3.fii Query propagation boundaries.
3.fiii IP FRR (single hop).
3.fiv Leak-map with summary routes.
3.fv EIGRP stub with leak map
4 OSPF (v2 and v3)
4.b Network types, area types.
4.c Path preference.
4.di General operations.
4.dii Graceful shutdown.
4.diii GTSM (Generic TTL Security Mechanism).
4.e Optimization, convergence and scalability.
4.eii LSA throttling, SPF tuning, fast hello.
4.eiii LSA propagation control (area types).
4.eiv Stub router.
4.ev Loop-free alternate.
4.evi Prefix suppression.
5.a IBGP and EBGP peer relationships.
5.ai Peer-group/update-group, template.
5.aii Active, passive.
5.aiv Dynamic neighbors.
5.av 4-byteAS numbers.
5.avi Private AS.
5.b Path selection.
5.bii Best path selection algorithm.
5.c Routing policies.
5.ci Attribute manipulation.
5.cii Conditional advertisement.
5.ciii Outbound Route Filtering.
5.civ Standard and extended communities.
5.d AS path manipulations.
5.di local-AS, allowas-in, remove-private-as.
5.e Convergence and scalability.
5.ei Route reflector.
5.eii Aggregation, as-set.
5.f Other BGP features.
5.fi Multipath, add-path.
5.fii Soft reconfiguration, Route Refresh
6.a Layer 2 multicast1.
6.ai IGMPv2, IGMPv3.
6.aii IGMP Snooping, PIM Snooping.
6.aiii IGMP Querier
6.aiv IGMP Filter.
6.b Reverse path forwarding check.
6.ci Sparse Mode.
6.cii Static RP, BSR, AutoRP.
6.ciii Group to RP Mapping.
6.civ Bidirectional PIM.
6.cv Source-Specific Multicast.
6.cvi Multicast boundary, RP announcement filter.
6.cvii PIMv6 Anycast RP.
6.cviii IPv4 Anycast RP using MSDP.
6.cix Multicast multipath.
Software Defined Infrastructure (25%)
1 Cisco SD Access.
1.a Design a Cisco SD Access solution.
1.ai Underlay network (IS-IS, manual/PnP).
1.aii Overlay fabric design (LISP, VXLAN, Cisco TrustSec)
1.aiii Fabric domains (single-site and multi-siteusing SD-WAN transit).
1.b Cisco SD Access deployment.
1.bi Cisco DNA Center device discovery and device management
1.bii Add fabricnode devices to an existing fabric.
1.biii Host onboarding (wired endpoints only)
1.biv Fabric border handoff
1.c i Macro-level segmentation using VNs.
1.cii Micro-level segmentation using SGTs (using Cisco ISE)
1.d i Network and client health (360).
1.dii Monitoring and troubleshooting
2 Cisco SD-WAN
2.a Design a Cisco SD-WAN solution
2.aii Management plane (vManage)
2.aiii Control plane (vSmart, OMP)
2.aiv Data plane (vEdge/cEdge)
2.b WAN edge deployment
2.bi Onboarding new edge routers
2.bii Orchestration with zero-touch provisioning/Plug-And-Play
2.biii OMP2.2.b ivTLOC
2.c Configuration templates
2.d Localized policies (only QoS)
2.e Centralized policies
2.ei Application Aware Routing
Transport Technologies and Solutions (15%)
1.ai Label stack, LSR, LSP
1.aiii MPLS ping, MPLS traceroute
1.bi PE-CE routing
1.bii MP-BGP VPNv4/VPNv6.
1.biii Extranet (route leaking)3.2DMVPN.
2.a Troubleshoot DMVPN Phase3 with dual-hub
2.aii IPsec/IKEv2 using pre-sharedkey
2.aiii Per-Tunnel QoS
2.b Identify usecases for FlexVPN
2.bi Site-to-site, Server, Client, Spoke-to-Spoke
2.bii IPsec/IKEv2 using pre-sharedkey
2.biii MPLS over FlexVPN
Infrastructure Security and Services (15%)
1. Device Security on Cisco IOS XE
1.a Control plane policing and protection
2 Network Security.
2.a Switch security features 2.ai VACL, PACL
2.aii Storm control 2.aiii DHCP Snooping, DHCP option 82
2.aiv IP Source Guard.
2.av Dynamic ARP Inspection.
2.avii Private VLAN
2.b Router security features.
2.bi IPv6 Traffic Filters.
2.bii IPv4 Access Control Lists.
2.biii Unicast Reverse Path Forwarding.
2.c IPv6 infrastructure securityfeatures.
2.ci RA Guard4.
2.cii DHCP Guard.
2.ciii Binding table.
2.civ Device tracking.
2.cv ND Inspection/Snooping.
2.cvi Source Guard.
2.d IEEE 802.1X Port-Based Authentication.
2.di Device roles, port states.
2.dii Authentication process.
2.diii Host modes.
3. System Management.
3.a Device management.
3.ai Console and VTY.
3.aii SSH, SCP4.
3.aiii RESTCONF, NETCONF.
3.ci Local logging, syslog, debugs, conditional debugs.
4. Quality of Service.
4.a End to end L3 QoS using MQC.
4.aii CoS and DSCP Mapping.
4.aiv Network Based Application Recognition (NBAR).
4.av Marking using IP Precedence, DSCP, CoS4.
4.avi Policing, shaping 4.avii Congestion management and avoidance.
4.aviiiHQoS, Sub-rate Ethernet Link.
5. Network Services.
5.a FirstHop Redundancy Protocols.
5.ai HSRP, GLBP, VRRP4.
5.aii Redundancy using IPv6 RS/RA.
5.b Network Time Protocol.
5.bi Master, client.
5.c DHCP on Cisco IOS.
5.ci Client, server, relay.
5.ciii SLAAC/DHCPv6 interaction.
5.civ Stateful, stateless DHCPv6.
5.cv DHCPv6 Prefix Delegation.
5.d IPv4 Network Address Translation.
5.di Static NAT, PAT.
5.dii Dynamic NAT, PAT.
5.diii Policy-based NAT, PAT.
5.div VRF-aware NAT, PAT.
5.dv IOS-XE VRF-Aware Software Infrastructure (VASI) NAT.
6. Network optimization.
6.a IP SLA.
6.ai ICMP probes.
6.aii UDP probes.
6.aiii TCP probes.
6.b Tracking object.
6.c Flexible NetFlow.
7. Network operations.
7.a Traffic capture.
7.aiv Embedded Packet Capture.
7.b Cisco IOS-XE troubleshootingtools.
7.bii Conditional debugger (debug platform condition)
Infrastructure Automation and Programmability 15% of the total portion
1. Data encoding formats
2. Automation and scripting.
2.a EEM applets.
2.b Guest shell.
2.bi Linux environment
2.bii CLI Python module
2.biii EEM Python module
3.a Interaction with vManage API.
3.ai Python requests library and Postman
3.aii Monitoring endpoints.
3.aiii Configuration endpoints.
3.b Interaction with Cisco DNA Center API
3.bi HTTP request (GET, PUT, POST) via Python requests library and Postman.
3.c Interaction with Cisco IOS XE API.
3.ci Via NETCONF/YANG using Python ncclient library.
3.cii Via RESTCONF/YANG using Python requests library and Postman.
3.d Deploy and verify model-driven telemetry.
3.di Configure on-change subscription using gRPC
As a prerequisite, the CCNA/CCNP Enterprise certifications will help greatly. Candidates with an in-depth understanding of the topics along with 3-5 years of job experience can opt for this certification program.
Mode of Training:
Live Online Training.
320 HRS (Lab&Theory)
The Cisco Certified Internetwork Expert Security (CCIE Security) program recognizes security experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements.
There are no formal prerequisites for CCIE certification. Prior professional certifications or training courses are not required. As a CCIE Security candidate, you must first pass the written qualification exam and then the corresponding hands-on lab exam. You are expected to have an in-depth understanding of the exam topics and strongly encouraged to have three to five years of job experience before attempting certification.
Mode of Training:
Step One: CCNPC- ENCOR
You must pass the two-hour, written qualification exam covering network security concepts and some equipment commands before you are eligible to schedule the lab exam.
- 400-251 Written Exam
Step Two: CCIE Security Lab Exam
The eight-hour lab exam tests your ability to get a secure network running in a timed test situation. You must make an initial attempt of the CCIE lab exam within 18-months of passing the CCIE written exam. Candidates who do not pass must reattempt the lab exam within 12 months of their last scored attempt in order for their written exam to remain valid. If you do not pass the lab exam within three years of passing the written exam, you must retake the written exam before being allowed to attempt the lab exam again.
- Lab Exam v6.0
Contents of the course are as below:
Perimeter Security and Intrusion Prevention (20%).
1 Deployment modes on Cisco ASA and Cisco FTD.
2 Firewall features on Cisco ASA and Cisco FTD.
2.b Application inspection.
2.c Traffic zones.
2.d Policy-based routing.
2.e Traffic redirection to service modules.
2.f Identity firewall
3 Security features on Cisco IOS/IOS-XE.
3.a Application awareness.
3.b Zone-Based Firewall (ZBFW).
4 Cisco Firepower Management Center(FMC)features
5 NGIPS deployment modes.
6 Next Generation Firewall (NGFW) features.
6.a SSL inspection.
6.b user identity.
7 Detect, and mitigate common types of attacks.
7.b Evasion Techniques.
8 Clustering/HA features on Cisco ASA and Cisco FTD.
9 Policies and rules for traffic control on Cisco ASA and Cisco FTD.
10 Routing protocols security on Cisco IOS, Cisco ASA and Cisco FTD.
11 Network connectivity through Cisco ASA and Cisco FTD.
12 Correlation and remediation rules on Cisco FMC
Secure Connectivity and Segmentation (20%).
1 AnyConnect client-based remote access VPN technologies on Cisco ASA, CiscoFTD, and Cisco Routers.
2 Cisco IOS CA for VPN authentication.
3 FlexVPN, DMVPN, and IPsec L2L Tunnels.
4 Uplink and downlink MACsec (802.1AE).
5 VPN high availability using.
5.a Cisco ASA VPN clustering.
5.b Dual-Hub DMVPN deployments.
6 Infrastructure segmentation methods.
7 Micro-segmentation with Cisco TrustSec using SGT and SXP3.
Infrastructure Security (15%).
1 Device hardening techniques and control plane protection methods.
1.b IP Source routing.
2 Management plane protection techniques
2.b Memory thresholding.
2.c Securing device access.
3 Data plane protection techniques.
4 Layer 2 security techniques.
4.c STP security.
4.d Port security.
4.e DHCP snooping.
4.f RA Guard.
5 Wireless security technologies.
6 Monitoring protocols.
7 Security features to comply with organizational security policies, procedures, and standards BCP 38.
7.a ISO 27001.
7.b RFC 2827.
8 Cisco SAFE model to validate network security design and to identify threats to different Places in the Network (PINs).
9 Interaction with network devices through APIs using basic Python scripts.
9.a REST API requests and responses.
9.a i HTTP action verbs, error codes, cookies, headers.
9.a ii JSON or XML payload.
9.a iii Authentication .
9.b Data encoding formats.
9.b I JSON.
9.b ii XML.
9.b iii YAML.
10 Cisco DNAC Northbound APIs use cases
Identity Management, Information Exchange, and Access Control (25%).
1 ISE scalability using multiple nodes and personas.
2 Cisco switches and Cisco Wireless LAN Controllers for network access AAA with ISE.
3 Cisco devices for administrative access with ISE.
4 AAA for network access with 802.1X and MAB using ISE.
5 Guest lifecycle management using ISE and Cisco Wireless LAN controllers.
6 BYOD on-boarding and network access flows.
7 ISE integration with external identity sources.
7.c External RADIUS.
8 Provisioning of AnyConnect with ISE and ASA.
9 Posture assessment with ISE.
10 Endpoint profiling using ISE and Cisco network infrastructure including device sensor.
11 Integration of MDM with ISE.
12 Certificate-based authentication using ISE.
13 Authentication methods.
13.a EAP Chaining.
13.b Machine Access Restriction (MAR).
14 Identity mapping on ASA, ISE, WSA, and FTD.
15 pxGrid integration between security devices WSA, ISE, and Cisco FMC.
16 Integration of ISE with multi-factor authentication
17 Access control and single sign-on using Cisco DUO security technology.
Advanced Threat Protection and Content Security (20%).
1 AMP for networks, AMP for endpoints, and AMP for content security (ESA, and WSA).
2 Detect, analyze, and mitigate malware incidents.
3 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, ERSPAN, and RSPAN.
4 DNS layer security, intelligent proxy, and user identification using Cisco Umbrella.
5 Web filtering, user identification, and Application Visibility and Control (AVC) on Cisco FTD and WSA.
6 WCCP redirection on Cisco devices.
7 Email security features.
7.a Mail policies.
8 HTTPS decryption and inspection on Cisco FTD, WSA and Umbrella.
9 SMA for centralized content security management.
10 Cisco advanced threat solutions and their integration:Stealthwatch, FMC, AMP, Cognitive Threat Analytics (CTA), Threat Grid, Encrypted TrafficAnalytics (ETA), WSA, SMA, CTR, and Umbrella