CCIE Courses

CCIE Security V5 Changes – What’s New

By September 27, 2017 February 13th, 2020 No Comments

Change is the only constant in world

Finally, we have a new version of CCIE security certification – its v5 now. The updated version went live in January, 2017. In contrast to the old blueprint, there are changes in both the technical content and exam delivery format.

The official curriculum of version 5 has been incorporated post analyses of the dynamic network security environment and the current need of job market. With all the changes, Version 5 of the CCIE Security Certification targets the exam to be more technology-driven than hardware-driven.

As expected, nothing has been missed out this time and the new format includes all topics that are in inline with Cisco’s current Security product line and this time they haven’t missed anything. And your guess is absolutely right! Cisco is offering the same exam delivery model for all CCIE tracks.

NETWORKERS HOME being the Best Institute for CCIE Security Certification in India, has also upgraded and updated the curriculum being followed. Our instructors have evolved their training pattern in accordance to the changes. Candidates hunting for CCIE Security course can go in for CCIE Security Integrated course to gain in-depth knowledge of CCNA Security and CCNP Security, can opt for CCIE Security Written + Lab exam training in one go.

Technical Topic Changes introduced in Version 5

Now we have a Unified Exam Syllabus, Version 5 is divided into 6 sections as against 7 in version 4,To move the focus more towards technology, domains have been renamed, integrated and reshuffled in v5, with the last one being relevant only for the written exam:

  1. Perimeter Security and Intrusion Prevention
  2. Advanced Threat Protection and Content Security
  3. Secure Connectivity and Segmentation
  4. Identity Management, Information Exchange and Access Control
  5. Infrastructure Security, Virtualization and Automation
  6. Evolving Technologies ( Written exam only)

Topics removed from both written and lab exams:

  1. EzVPN
  2. Legacy IPS,

Now we don’t have different blueprints for written and lab exams, it means whatever is there in the blueprint will be reflected in both the exam.

Lab Exam Equipment Changes

As stated, in Version 5 we have more equipment going virtual:

  1. FirePOWER Management Center version 6.0.1 and/or 6.1
  2. FirePOWER NGIPSv version 6.0.1
  3. Cisco FirePOWER Threat Defense version 6.0.1
  4. FireAMP Private Cloud
  5. Cisco ASAv version 9.1
  6. Cisco Application Policy Infrastructure Controller Enterprise Module version 1.2
  7. Email Security Appliance (ESA) version 9.7.1
  8. IOSv L2 version 15.2 (which is virtual IOS for layer 2)
  9. IOSv L3 version 15.5(2)T (which is virtual IOS for layer 3)
  10. Cisco CSR 1000v version 3.16.02S
  11. Cisco Unified Communications Manager version 8.6(1)

Virtual devices with a version change:

  1. Cisco Identity Services Engine (ISE) version 2.1.0
  2. Cisco Secure Access Control System (ACS) version
  3. Cisco Web Security Appliance (WSA) version 9.2.0
  4. Cisco Wireless Controller (WLC) version 8.0.133
  5. Test PC is Microsoft Windows 7
  6. Active Directory is running on Microsoft Windows Server 2008
  7. AnyConnect version 4.2

Physical devices in Version 5:

  1. Cisco Catalyst Switch C3850-12S 16.2.1 version 16.2.1
  2. Cisco Adaptive Security Appliance: 5512-X version 9.6.1
  3. Cisco 2504 Wireless Controller: 2504 version
  4. Cisco Aironet1602E version 15.3.3-JC
  5. Cisco Unified IP Phone 7965 version 9.2(3)

Major introduced changes:

  1. FirePOWER is the major change, we have both the FirePOWER NGIPS and the FirePOWER Threat Defense (unified code for ASA and FirePOWER Services) added now. FireAMP has also formed a part of it through the private cloud appliance, used for advanced malware protection.
  2. ASA Firewall has also found place and part of the physical model of ASA 5512-X, and the virtual model of ASAv. Addition of APIC-EM supports physical and virtual ASA models.

Lab Exam Format Changes

Lab exam format targets to properly test Network Security aspirants on different set of skills

Assertively, the 8 hour lab format has been modified and divided into three modules:

  1. Troubleshooting module
  2. Diagnostic module
  3. Configuration module

Troubleshooting Module

The duration is 2 hours. It is popularly known as t-shoot. As the name suggests, it’s a troubleshooting section, where you are given a certain number of tickets/incidents that you need to fix.You get access to devices consoles in order to reconfigure the network and fix the problems. It targets to test your troubleshooting skills and the ability to fix a problem within a stipulated timeframe.

Diagnostic Module

The duration is 1 hour. Here you get incidents which are required to be fixed. Here there is no interdependency or sequence that is expected to be followed. Hence they can be addressed in any order. But here, the only challenge is that you have NO access to devices console, instead you are given many inputs (e-mail threads, diagrams, logs, traffic captures), out of which you have to diagnose the problem and select the correct answer(s).

Configuration Module

It is 5 hours in length. Here, you get a configuration task, with access to devices. It is same like version 4. The module aims to test the understanding design and structure of and within the network. It tests the ability to understand network requirements and translate it into working configuration within fixed allocated time.

All these structural module changes have been introduced to prepare you well for the job market. It becomes a proof of your knowledge to fix various types of problems, being challenged in different ways.

Ever since, CCIE Security Version 5 Certification has been introduced, it is crystal clear that it has bright future for all Network Security Aspirants. IPSv, Intro to SDN and IoT, Firepower, Email Security Appliance – Iron Port C series, IOSv, has made it apt as per the industry requirement.

Rightly said, the new CISCO has made it really tough. Not only because they have added Troubleshooting section along with Diagnostic and Configuration sections, but also because they have lot of virtual devices in t all the new topology of Version 5 lab exam.

Be it real or Virtual. It’s going to be tough now.

Fasten your seat belts to take off!!

Other important blogs

  1. Average CCIE Salary
  2. CCIE Security V5-What’s new
  3. CCIE Jobs and Scope
  4. CCIE Security Scope
  5. CCIE Routing and Switching
  6. CCIE Security
  7. CCIE Data Center
  8. CCIE Collaboration
  10. Job guarantee-Terms and Conditions
  11. CCIE Security Faqs
  12. CCIE Data Center Scope

Leave a Reply