CCIE Security Certification Training Course

 Home /  Course /CCIE Security

CCIE Security Version 4, The Integrated security

CCIE Routing & Switching Lab Exam Topics v4.0 (Blueprint)

CCIE security certification brings exciting blends of technologies and expand its vision from being primarily data security to Voice and Wireless security as well, in nutshell a comprehensive look at security as integrated solution.

once you look at the topics list of hardware and software it becomes clear that the changes are not just cosmetic but they go much deep and candidates will have to understand them well before charting their CCIE security course study plan.

IPv6 Security, Wireless security, Introduction of NAC, Web security using Iron Port, ASA 5500 and 5500-X(very costly) ISR G2 with IOS 15.1 and 15.2 well it all does makes the older version bit more charming then you initially thought.

CCIE Security Version 4 Roadmap

Core Routing & Switching: CCNA , CCNP
Wireless: CCNA Wireless
Voice: Basic understanding of IP Phones
Security: CCNA, CCNP security, Cisco Iron port and ISE basics
CCIE Final Bootcamp: (12 days Bootcamp)

Candidates appearing for the final Bootcamp must have 80% familiarity with the Blueprint. Bootcamp admission are based on pre-assessment lab.

For a freshers the complete End-to-End program will be of 8 months duration on regular basis

CCIE Security Lab Exam Topics v4.0


  • Cisco 3800 Series Integrated Services Routers (ISR)
  • Cisco 1800 Series Integrated Services Routers (ISR)
  • Cisco 2900 Series Integrated Services Routers (ISR G2)
  • Cisco Catalyst 3560-24TS Series Switches
  • Cisco Catalyst 3750-X Series Switches
  • Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances
  • Cisco IPS Series 4200 Intrusion Prevention System sensors
  • Cisco S-series Web Security Appliance
  • Cisco ISE 3300 Series Identity Services Engine
  • Cisco WLC 2500 Series Wireless LAN Controller
  • Cisco Aironet 1200 Series Wireless Access Point
  • Cisco IP Phone 7900 Series for Device Authentication
  • Cisco Secure Access Control System


  • Cisco ISR Series running IOS Software Version 15.1(x)T and 15.2(x)T
  • Cisco Catalyst 3560/3750 Series Switches running Cisco IOS Software Release 12.2SE/15.0(x)SE
  • Cisco ASA 5500 Series Adaptive Security Appliances OS Software Versions 8.2x, 8.4x, 8.6x
  • Cisco IPS Software Release 7.x
  • Cisco VPN Client Software for Windows, Release 5.x
  • Cisco Secure ACS System software version 5.x
  • Cisco WLC 2500 Series software 7.x
  • Cisco Aironet 1200 series AP Cisco IOS Software Release 12.4J(x)
  • Cisco WSA S-series software version 7.x
  • Cisco ISE 3300 series software version 1.x
Notes: The ASA appliances can be configured using CLI or ADSM/Cisco Prime Tools.

CCIE Security Lab Exam Topics v4.0

System Hardening and Availability

  • Routing plane security features (e.g. protocol authentication, route filtering)
  • Control Plane Policing
  • Control Plane Protection and Management Plane Protection
  • Broadcast control and switchport security
  • Additional CPU protection mechanisms (e.g. options drop, logging interval)
  • Disable unnecessary services
  • Control device access (e.g. Telnet, HTTP, SSH, Privilege levels)
  • Device services (e.g. SNMP, Syslog, NTP)
  • Transit Traffic Control and Congestion Management

Threat Identification and Mitigation

  • Identify and protect against fragmentation attacks
  • Identify and protect against malicious IP option usage
  • Identify and protect against network reconnaissance attacks
  • Identify and protect against IP spoofing attacks
  • Identify and protect against MAC spoofing attacks
  • Identify and protect against ARP spoofing attacks
  • Identify and protect against Denial of Service (DoS) attacks
  • Identify and protect against Distributed Denial of Service (DDoS) attacks
  • Identify and protect against Man-in-the-Middle (MiM) attacks
  • Identify and protect against port redirection attacks
  • Identify and protect against DHCP attacks
  • Identify and protect against DNS attacks
  • Identify and protect against MAC Flooding attacks
  • Identify and protect against VLAN hopping attacks
  • Identify and protect against various Layer2 and Layer3 attacks
  • NBAR
  • NetFlow
  • Capture and utilize packet captures

Intrusion Prevention and Content Security

IPS 4200 Series Sensor Appliance
  • Initialize the Sensor Appliance
  • Sensor Appliance management
  • Virtual Sensors on the Sensor Appliance
  • Implementing security policies
  • Promiscuous and inline monitoring on the Sensor Appliance
  • Tune signatures on the Sensor Appliance
  • Custom signatures on the Sensor Appliance
  • Actions on the Sensor Appliance
  • Signature engines on the Sensor Appliance
  • Use IDM/IME to the Sensor Appliance
  • Event action overrides/filters on the Sensor Appliance
  • Event monitoring on the Sensor Appliance
VACL/SPAN & RSPAN on Cisco switches
  • Implementing WCCP
  • Active Dir Integration
  • Custom Categories
  • HTTPS Config
  • Services Configuration (Web Reputation)
  • Configuring Proxy By-pass Lists
  • Web proxy modes
  • App visibility and control

Identity Management

Identity Based Authentication/Authorization/Accounting
  • Cisco Router/Appliance AAA
Device Admin (Cisco IOS Routers, ASA, ACS5.x)
Network Access (TrustSec Model)
  • Authorization Results for Network Access (ISE)
  • 802.1X (ISE)
  • VSAs (ASA / Cisco IOS / ISE)
  • Proxy-Authentication (ISE/ASA/Cisco IOS)
Cisco Identity Services Engine (ISE)
  • Profiling Configuration (Probes)
  • Guest Services
  • Posture Assessment
  • Client Provisioning (CPP)
  • Configuring AD Integration/Identity Sources

Perimeter Security and Services

Cisco ASA Firewall
  • Basic firewall Initialization
  • Device management
  • Address translation (nat, global, static)
  • Access Control Lists
  • IP routing/Route Tracking
  • Object groups
  • VLANs
  • Configuring Etherchannel
  • High Availability and Redundancy
  • Layer 2 Transparent Firewall
  • Security contexts (virtual firewall)
  • Modular Policy Framework
  • Identity Firewall Services
  • Configuring ASA with ASDM
  • Context-aware services
  • IPS capabilities
  • QoS capabilities
Cisco IOS Zone Based Firewall
  • Network, Secure Group and User Based Policy
  • Performance Tuning
  • Network, Protocol and Application Inspection
Perimeter Security Services
  • Cisco IOS QoS and Packet marking techniques
  • Traffic Filtering using Access-Lists
  • Cisco IOS NAT
  • uRPF
  • PAM - Port to Application Mapping
  • Policy Routing and Route Maps

Confidentiality and Secure Access

  • IKE (V1/V2)
  • IPsec LAN-to-LAN (Cisco IOS/ASA)
  • Dynamic Multipoint VPN (DMVPN)
  • FlexVPN
  • Group Encrypted Transport (GET) VPN
  • Remote Access VPN
    • Easy VPN Server (Cisco IOS/ASA)
    • VPN Client 5.X
    • Clientless WebVPN
    • AnyConnect VPN
    • EasyVPN Remote
    • SSL VPN Gateway
  • VPN High Availability
  • QoS for VPN
  • VRF-aware VPN
  • MacSec
  • Digital Certificates (Enrollment and Policy Matching)
  • Wireless Access
    • EAP methods
    • WPA/WPA-2
    • WIPS

Horizon Computers institute specializes in providing industry level CCIE Security Certification to help candidate gets networking jobs. The level of practical exposure provided to candidates is unmatched. The CCIE Security Training is conducted by Experts. We have branches in Pune, Mumbai and Navi Mumbai. Contact us for CCIE Security course today and get ready to work in top IT companies.