CCIE Security V6

Learn to plan, design, implement, operate, and troubleshoot complex security scenarios.

Program Overview

All Training on CISCO Official curriculum
Biggest CISCO Training Lab in Asia
24×7 Lab Access to students
Lab administrator guidance
Modern Rack equipment
Certified Trainers with remarkable industry experience
Produced 4000+ CCIEs over the years
We offer Best value for Money, Our service too is exceptional
We offer different Tracks (Regular and fast) to suit the beginners as well as experienced professionals
You have a choice of four great locations – Gurgaon, Delhi, NCR and Bangalore
1-on-1 training with dedicated attention of trainer for the entire duration of course
Live Virtual Classes option also handy at the convenience of students

100% Placement Programs

CCIE Enterprise
Integrated

CCIE Security
Integrated

CCIE DATACENTER
Integrated

CLOUD
Masters

CyberX
Masters

Networking
Masters

Program Information

CCNP SEC + CCIE SEC End to End 2 Months – Fee USD $1500
Recorded Bootcamp available @ USD $500 for Self Learning
Fee (Indian students 1 Lakh + Taxes)
Online Bootcamp with Hexa CCIE Trainer
Weekend classes only
Online & Classroom mode available
Weekend Training Available (Sat, Sun)
100 Hours Rack access
All Workbooks + Study material + Dumps
Whatsapp/TEXT on +91-8447971084 — Whatsapp/TEXT on USA +1-408-753-0671

CCIE Security has been the main training program since we started this company .We ended up producing highest CCIE Seurity in the world due to background of our founders who are Ex-Cisco employees and from Security teams .Here is our result which explains our leadership position in CCIE Security so far .For first 8 years since company inception we were just teaching CCIE Security and nothing else .Today we are world leaders in CCIE R&S, SEC along with Data center .

Regular Batch Schedule (Sat/Sunday)

Details on other batches for CCIE Security batches can be obtained by contacting branch

>Online Batch Schedule (Sat/Sunday)

Details on other batches for CCIE Security batches can be obtained by contacting branch

Weekend Batch Schedule (Saturday / Sunday)

Details on other batches for CCIE Security batches can be obtained by contacting branch

Students will learn to plan, design, implement, operate, and troubleshoot complex security scenarios.

Perimeter Security and Intrusion Prevention: Deals with in-depth learning of ASA followed by various NGFW concepts like Firepower, FMC & FTD
Advanced Threat Protection and Content Security: CWS, WSA, ESA, AMP & Interoperability
Secure Connectivity and Segmentation: VPN Technology
Identity Management, Information Exchange, and Access Control: AAA, ISE, ACS, AD, Splunk, LogRhythm
Infrastructure Security, Virtualization, and Automation: SNRS, Wireless Security, APIC-EM, SAFE, DNA
Evolving Technologies: Cloud Computing, SDN, IOT

Who Is This Program For?

Students who want to learn to plan, design, implement, operate, and troubleshoot complex security scenarios.

Course Contents

Perimeter Security and Intrusion Prevention

1) Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)
2) Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD
3) Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD
4) Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD
5) Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD
6) Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE
7) Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD
8) Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting
9) Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC
10) Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes
11) Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)
12) Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

Advanced Threat Protection and Content Security

1) Compare and contrast different AMP solutions including public and private cloud deployment models
2) Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)
3) Detect, analyze, and mitigate malware incidents
4) Describe the benefit of threat intelligence provided by AMP Threat GRID
5) Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN
6) Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)
7) Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA
8) Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA
9) Describe, implement, and troubleshoot SMTP encryption on ESA
10) Compare and contrast different LDAP query types on ESA
11) Describe, implement, and troubleshoot WCCP redirection
12) Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent
13) Describe, implement, and troubleshoot HTTPS decryption and DLP
14) Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA
15) Describe the security benefits of leveraging the OpenDNS solution.
16) Describe, implement, and troubleshoot SMA for centralized content security management
17) Describe the security benefits of leveraging Lancope

Secure Connectivity and Segmentation

1) Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5
2) Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA
3) Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts
4) Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication
5) Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD
6) Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec
7) Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)
8) Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments
9) Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP
10) Describe the security benefits of network segmentation and isolation
11) Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN
12) Describe, implement, and troubleshoot micro segmentation with TrustSec using SGT and SXP
13) Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE
14) Describe the functionality of Cisco VSG used to secure virtual environments
15) Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

Identity Management, Information Exchange, and Access Control

1) Describe, implement, and troubleshoot various personas of ISE in a multinode deployment
2) Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA
3) Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS
4) Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.
5) Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server
6) Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure
7) Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA
8) Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS
9) Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML
10) Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA
11) Describe, implement, verify, and troubleshoot posture assessment with ISE
12) Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor
13) Describe, implement, verify, and troubleshoot integration of MDM with ISE
14) Describe, implement, verify, and troubleshoot certificate based authentication using ISE
15) Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)
16) Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2
17) Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER
18) Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

Infrastructure Security, Virtualization, and Automation

1) Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques
2) Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.
3) Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access
4) Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH
5) Describe, implement, and troubleshoot IPv4/v6 routing protocols security
6) Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL
7) Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES
8) Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)
9) Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER
10) Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP
11) Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP
12) Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv
13) Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts
14) Describe the northbound and southbound APIs of SDN controllers such as APIC-EM
15) Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS
16) Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE
17) Validate network security design for adherence to Cisco SAFE recommended practices
18) Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python
19) Describe Cisco Digital Network Architecture (DNA) principles and components.

Lab Format

Given below is the Lab Format as prescribed by CISCO. The eight-hour lab format consists of three modules and need to be taken in the following sequence during the day of the exam:

Module 1: Troubleshooting module (two hours)
The Troubleshooting module delivers incidents that are independent of each other, which means that the resolution of one incident does not depend on the resolution of another. The topology that is used in the Troubleshooting module is different than the topology used in the Configuration module. The Troubleshooting module is two hours long; however, the candidate can borrow up to 30 minutes from the five hours allotted to the Configuration module. In other words, the candidate can choose to use an extra 30 minutes for either the Troubleshooting module or the Configuration module.

Module 2: Diagnostic module (one hour)
The new Diagnostic module focuses on the skills required to properly diagnose network issues, without having device access. Candidates will be provided with a set of documentation that represents a snapshot of a realistic situation: at a point in time in an investigation process that a network engineer might be facing. The main objective of the Diagnostic module is to assess the skills required to properly diagnose network issues. These skills include:

1. Analyze
2. Correlate: Discerning multiple sources of documentation (such as e-mail threads, network topology diagrams, console outputs, logs, and even traffic captures.)

These activities are naturally part of the overall troubleshooting skills. They are designed as a separated lab module because the format of the items is significantly different. In the Troubleshooting module, the candidate needs to be able to troubleshoot and resolve network security issues on actual devices. In the Diagnostic module, the candidate needs to make choices between pre-defined options to either indicate:

1. What the root cause of the issue is?
2. Where is the issue located in the diagram?
3. What critical piece of information allows you to identify the root cause? What missing piece of information allows you to identify the root cause?

Module 3: Configuration module (five hours)
The Configuration module provides a setup very close to an actual production network having various security components providing various layers of security at different points in the network. Though the major part of the module is based on virtual instances of the Cisco security appliances, the candidate may be asked to work with physical devices as well. At the beginning of the module, the candidate has full visibility of the entire module. A candidate can choose to work in the sequence in which the items are presented or can resolve items in whatever order seems preferable and logical.

NOTE: The candidate must complete the modules in sequence and is not allowed to go back and forth between modules.

Placement Training Process

Career Counseling

Personalized career pathing from experts which lead to futuristic career

Resume Writing

Craft your impressive resume under the guidance of experts

Interview Preparation

Receive technical booster session, interview preparation with one to one mock sessions.

Job Placement

200+ companies show trust in Networkers Home Quality of training and offers opportunity to thousands of our students.

Advantages of NH

Certified Mentors

Right guidance is what defines us,
A team of dedicated mentor drives
you for futuristic career.

Lab Instructors

At World class lab of Networkers Home,
student is trained by core professional lab trainers
who are available 24/7.

Free retake

Are you slow runner? Never Mind!
We have free retake sessions to
ignite your genius.

Boot Camps

Our live online boot camps for CCIE and various other course offerings, have taken off in popularity.We have pool of certified and experinced master trainers who delivers boot camps

100% Job Guarantee

We guarantee you 100% employment, post high end tech courses offered by us, we have designed industry integrated courses which enables not only IT graduates but also non-IT graduates to start a career as core network engineer

Student Success

We guarantee you 100% employment, post high end tech courses offered by us, we have designed industry integrated courses which enables not only IT graduates but also non-IT graduates to start a career as core network engineer.

Companies Our Students are Placed in

Students' Feedback

Aura BrooksCCNA

By far the best team I've ever worked with. They truly understood the look I was going for and completely nailed it! I would highly recommend them as a company, you simply just won't find any better team!

Eve Crawford

It was really fun getting to know the team during the project. They were all helpful in answering my questions and made me feel completely at ease. The design ended up being twice as good as I could have ever envisioned!

PremaCCIE

I'm wondering why I never contacted these guys sooner! Seriously, they all have commendable talent in their respective fields and knocked my concept out of the ballpark. Thanks for an amazing experience!

Zak ReidCCNP

Salient is by far the most astonishing WP theme out there! I literally could not be happier that I chose to buy your theme! Your regular updates and superb attention to detail blows me away every time I visit my new site!

Jake SmithCCIE Security

Salient is by far the most astonishing WP theme out there! I literally could not be happier that I chose to buy your theme! Your regular updates and superb attention to detail blows me away every time I visit my new site!