Training

CCNP Security

Introduction

The CCNP Security certification accredits the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks. Signellent's CCNP Security certified professionals have the understanding and ability to make connections to remote sites via a WAN, and mitigate basic security threats. This training covers (but is not limited to) the use of these topics: Implement firewall (ASA or IOS depending on which supports the implementation), Implement Layer 2 Security, Cisco Security Devices GUIs and Secured CLI Management, Troubleshooting, Monitoring and Reporting Tools, Threat Defense Architectures, Security Components and Considerations, Implement firewall (ASA or IOS depending on which supports the implementation), Implement Layer 2 Security, Cisco Security Devices GUIs and Secured, CLI Management Troubleshooting, Monitoring and Reporting Tools, Threat Defense Architectures, Security Components and Considerations, Identity Management and Secure Access, Implement network authorization enforcement, Implement Central Web Authentication (CWA), Implement profiling, Implement posture services, Troubleshooting, Monitoring and Reporting Tools, Threat Defense Architectures, Secure Communications, Troubleshooting, Monitoring and Reporting Tools, Secure Communications Architectures, Design remote access VPN solutions , Describe encryption hashing and Next Generation Encryption (NGE).

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Signellent's training in Cisco Certified Network Professional Security (CCNP Security) is designed for individuals who are Cisco Network Security Engineers responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Course Highlights

Signellent's expert instructor led course is designed to either be for 10 days (Weekdays – 2.5 hrs.) OR 8-weeks (Sunday/Saturday) to cater to both working and upcoming professionals. We pride ourselves in providing our students with a high success rate by highlighting the goals from day one. Our major course highlights are as below,

  • The course is based on CISCO guidelines
  • Dedicated attention by instructors to Monitoring and evaluate candidates' progress on a daily basis
  • Daily lab exercises to give extensive familiarity with the equipment
  • Regular evaluation
  • Industry Experienced CISCO Certified instructors
  • The CCNP module is designed to meet the objective of the CCNP program.
  • he course is customized keeping in mind the ultimate aim of achieving technology proficiency and CCNP certification.
  • edicated Professional to manage, track and evaluate the candidate's performance from registration to completion.
  • his course is especially beneficial for candidates who aim at building academic knowledge that is supplemented by applied lab exercises.
  • 8 week or 10 days, of intensive training+ rigorous lab exercises.
  • Course kits contains reference material and add ons to enable students prepare better.
  • Apt balance of theoretical and practical application
  • Customized tests at the end of course to ensure best results.
  • Stern passing standards with progress report of each candidate.
  • Facility of Lab on cloud for students who want to practice remotely
  • Students can attend the same lecture numerous times till they feel comfortable with the topic.
Course Objectives

After you complete this CCNP Security 300-206 SENSS course you will be able to:

  • Implementing Cisco Edge Network Security (SENSS) (300-206) course is associated with the CCNP Security certifications.
  • This course prepares candidates with knowledge and skills needed to implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall .
  • Successful candidates will be able to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers.
  • Candidates can prepare for this exam by taking Cisco Edge Network Security (SENSS) course.

After you complete this CCNP Security 300-207 SITCS course you will be able to:

  • The Implementing Cisco Threat Control Solutions (SITCS) (300-207) exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next generation firewall, utilizing access and identity policies.
  • This course covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions.
  • Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.

After you complete this CCNP Security 300-208 SISAS course you will be able to:

  • The Implementing Cisco Secure Access Solutions (SISAS) (300-208) course covers the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec.
  • Understand 802.1X architecture, implementation and operation.
  • It makes the candidate aware of Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions.
  • It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE.
  • Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

After you complete this CCNP Security 300-209 SIMOS course you will be able to:

  • The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms.
  • This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN).
  • Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.
  • Understand Cisco Identity Services Engine architecture and access control capabilities.
  • Understand commonly implemented Extensible Authentication Protocols (EAP).
  • Implement Public-Key Infrastructure with ISE.
  • Understand the implement Internal and External authentication databases.
  • Implement MAC Authentication Bypass.
  • Implement identity based authorization policies.
  • Understand Cisco TrustSec features.
  • Implement Web Authentication and Guest Access.
  • Implement ISE Posture service.
  • Implement ISE Profiling.
Course Topics

Following Topics will be covered in  CCNP Security 300-206 Course.

IMPLEMENT FIREWALL (ASA OR IOS DEPENDING ON WHICH SUPPORTS THE IMPLEMENTATION):

  • Implement ACLs
  • Implement static/dynamic NAT/PAT
  • Implement object groups
  • Describe threat detection features
  • Implement botnet traffic filtering
  • Configure application filtering and protocol inspection
  • Describe ASA security context

IMPLEMENT LAYER 2 SECURITY:

  • Configure DHCP snooping
  • Describe dynamic ARP inspection
  • Describe storm control
  • Configure port security
  • Describe common Layer 2 threats and attacks and mitigation
  • Describe MACSec
  • Configure IP source verification

CISCO SECURITY DEVICES GUIS AND SECURED CLI MANAGEMENT:

  • Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
  • Implement RBAC on the ASA/IOS using CLI and ASDM
  • Device Management Implement Device Managers
  • Implement ASA firewall features using ASDM

TROUBLESHOOTING, MONITORING AND REPORTING TOOLS:

  • Monitor firewall using analysis of packet tracer, packet capture, and syslog
  • Analyze packet tracer on the firewall using CLI/ASDM
  • Configure and analyze packet capture using CLI/ASDM
  • Analyze syslog events generated from ASA

THREAT DEFENSE ARCHITECTURES:

  • High-availability
  • Basic concepts of security zoning
  • Transparent & Routed Modes
  • Security Contexts
  • Layer 2 Security Solutions
  • Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
  • Describe how PVLANs can be used to segregate network traffic at Layer 2

THREAT DEFENSE ARCHITECTURES:

  • Describe security operations management architectures
  • Single device manager vs. multi-device manager
  • Describe Data Center security components and considerations
  • Describe Collaboration security components and considerations
  • Describe common IPv6 security considerations
  • Unified IPv6/IPv4 ACL on the ASA

Following Topics will be covered in CCNP Security 300-207 Course.

CISCO ASA 5500-X NGFW SECURITY SERVICES:

  • Describe features and functionality
  • Implement web usage control (URL-filtering, reputation based, file filtering)
  • Implement AVC
  • Implement decryption policies
  • Describe traffic redirection and capture methods

CISCO CLOUD WEB SECURITY :

  • Describe features and functionality
  • Implement IOS and ASA connectors
  • Implement AnyConnect web security module
  • Describe web usage control
  • Implement anti-malware
  • Describe decryption policies

CISCO CLOUD WEB SECURITY :

  • Implement network IPS deployment modes
  • Describe signatures engines
  • Implement event actions & overrides/filters
  • Implement anomaly detection
  • Implement risk ratings
  • Describe IOS IPS
  • Configure device hardening per best practices

TROUBLESHOOTING, MONITORING, AND REPORTING TOOLS :

  • Configure IME and IP logging for IPS
  • Describe reporting functionality
  • Implement the WSA Policy Trace tool
  • Implement the ESA Message Tracking tool
  • Implement the ESA Trace tool
  • Use web interface to verify traffic is being redirected to CWS
  • Use CLI on IOS to verify CWS operations
  • Use CLI on ASA to verify CWS operations
  • Use the PRSM Event Viewer to verify ASA NGFW operations
  • Describe the PRSM Dashboards and Reports

THREAT DEFENSE ARCHITECTURES :

  • Design IPS solution
  • Deploy Inline or Promiscuous
  • Deploy as IPS appliance, IPS software or hardware module or IOS IPS
  • Describe methods of IPS appliance load-balancing
  • Describe the need for Traffic Symmetry
  • Inline modes comparison – inline interface pair, inline VLAN pair, and inline VLAN group

CONTENT SECURITY ARCHITECTURES :

  • Design Web Security solution
  • Compare ASA NGFW vs. WSA vs. CWS
  • Compare Physical WSA vs. Virtual WSA
  • Design Email Security solution
  • Compare Physical ESA vs. Virtual ESA
  • Describe Hybrid mode
  • Design Application Security solution

Following Topics will be covered in  CCNP Security 300-208 Course.

IDENTITY MANAGEMENT AND SECURE ACCESS :

  • dACL,Dynamic VLAN assignment
  • Describe SGA,Named ACL

IMPLEMENT CENTRAL WEB AUTHENTICATION (CWA) :

  • Describe the function of CoA to support web authentication
  • Configure authentication policy to facilitate CWA
  • URL redirect policy
  • Redirect ACL
  • Customize web portal
  • Verify central web authentication operation

IMPLEMENT PROFILING :

  • Enable the profiling services
  • Network probes
  • IOS Device Sensor
  • Feed service
  • Profiling policy rules
  • Utilize profile assignment in authorization policies

IMPLEMENT POSTURE SERVICES :

  • Describe the function of CoA to support posture services
  • Agent options, Client provisioning policy and redirect ACL
  • Posture policy
  • Quarantine/remediation
  • Verify posture service operation

TROUBLESHOOTING, MONITORING, AND REPORTING TOOLS:

  • Troubleshoot identity management solutions
  • Identify issues using authentication event details in Cisco ISE
  • Troubleshoot using Cisco ISE diagnostic tools
  • Troubleshoot endpoint issues
  • Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
  • Troubleshoot backup operations

THREAT DEFENSE ARCHITECTURES :

  • Design highly secure wireless solution with ISE
  • Identity Management
  • 802.1X
  • MAB
  • Network authorization enforcement
  • CWA
  • Profiling
  • Guest Services
  • Posture Services
  • BYOD Access

Following Topics will be covered in  CCNP Security 300-209 Course.

SECURE COMMUNICATIONS :

  • Site-to-site VPNs on routers and firewalls
  • Describe GETVPN
  • Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
  • Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
  • Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA
  • Implement remote access VPNs
  • Implement AnyConnect IKEv2 VPNs on ASA and routers
  • Implement AnyConnect SSLVPN on ASA and routers
  • Implement clientless SSLVPN on ASA and routers
  • Implement FLEX VPN on routers

TROUBLESHOOTING, MONITORING, AND REPORTING TOOLS :

  • Troubleshoot VPN using ASDM & CLI
  • Troubleshoot IPsec
  • Troubleshoot DMVPN
  • Troubleshoot FlexVPN
  • Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
  • Troubleshoot clientless SSLVPN on ASA and routers

SECURE COMMUNICATIONS ARCHITECTURES :

  • Design site-to-site VPN solutions
  • Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
  • VPN technology considerations based on functional requirements
  • High availability considerations
  • Identify VPN technology based on configuration output

DESIGN REMOTE ACCESS VPN SOLUTIONS  :

  • Identify functional components of FlexVPN, IPsec, and Clientless SSL
  • VPN technology considerations based on functional requirements
  • High availability considerations
  • Identify VPN technology based on configuration output
  • Identify AnyConnect client requirements
  • Clientless SSL browser and client consierations/requirements
  • Identify split tunneling requirements

DESCRIBE ENCRYPTION, HASHING, AND NEXT GENERATION ENCRYPTION (NGE) :

  • Compare and contrast Symmetric and asymmetric key algorithms
  • Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2, hashing
  • algorithms MD5 and SHA, and authentication methods
  • Describe PKI components and protection methods
  • Describe Elliptic Curve Cryptography (ECC)
  • Compare and contrast SSL, DTLS, and TLS

Enroll for this course now and get ahead in your career.



Enroll Now

CCNP Security