Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

CCNP Security e-Camp

Prepare for the CCNP Security certification exams.

GK# 1827

Course Overview

TOP

This course offers a complete solution to all the training you'll need to prepare for the Cisco Certified Network Professional Security (CCNP Security) certification exams. We provide in-depth coverage of Cisco topics covered in SENSS, SITCS, SISAS, and SIMOS.

The CCNP Security certification focuses on the daily job tasks of experienced network security professionals and engineers. Achieving CCNP Security certification confirms that you have the knowledge and skills needed to test, deploy, configure, maintain, and troubleshoot the Cisco network security appliances and the Cisco IOS Software devices that comprise your network's security.

You will receive in your e-Camp:

12 months of access to the following self-paced courses: 

  • SIMOS Self-Paced e-Learning
  • SITCS Self-Paced e-Learning
  • SENSS Self-Paced e-Learning
  • SISAS Self-Paced e-Learning

12 months of access to the following resources:

  • Mentoring by Cisco experts via chat or email.
  • Task-based practice labs.
  • Printable, authorized Cisco study guides
  • Pre- and post-course assessments.
  • Certification exam practice tests.

What You'll Learn

TOP

SENSS

  • Implement Cisco Modular Network Security Architectures Such as SecureX and TrustSec
  • Deploy Cisco Infrastructure Management and Control Plane Security Controls
  • Configure Cisco Layer 2 and Layer 3 Data Plane Security Controls
  • Implement and Maintain Cisco ASA Network Address Translations (NAT)
  • Implement and Maintain Cisco IOS Software Network Address Translations (NAT)
  • Design and deploy Cisco Threat Defense Solutions on a Cisco ASA Utilizing Access Policy and Application and Identity Based Inspection
  • Implement Botnet Traffic Filters
  • Deploy Cisco IOS Zone-Based Policy Firewalls (ZBFW)
  • Configure and Verify Cisco IOS ZBFW Application Inspection Policy

SITCS

  • Cisco ASA Next-Generation Firewall (NGFW)
  • Deploy Cisco Web Security Appliance to Mitigate Malware
  • Configure Web Security Appliance for Acceptable use Controls
  • Configure Cisco Cloud Web Security Connectors
  • Cisco Email Security Solution
  • Configure Cisco Email Appliance Incoming and Outgoing Policies
  • IPS Threat Controls
  • Configure and Implement Cisco IPS Sensor into a Network

SISAS

  • Cisco Identity Services Engine Architecture and Access Control Capabilities
  • 802.1X Architecture, Implementation and Operation
  • commonly Implemented Extensible Authentication Protocols (EAP)
  • Implement Public-Key Infrastructure with ISE
  • the implement Internal and External Authentication Databases
  • Implement MAC Authentication Bypass
  • Implement Identity Based Authorization Policies
  • Cisco TrustSec features
  • Implement Web Authentication and Guest Access
  • Implement ISE Posture Service
  • Implement ISE Profiling
  • Understand Bring Your Own Device (BYOD) with ISE
  • Troubleshoot ISE

SIMOS

  • Various VPN Technologies and Deployments as well as the Cryptographic Algorithms and Protocols that Provide VPN Security
  • Implement and Maintain Cisco Site-to-Site VPN Solutions
  • Implement and Maintain Cisco FlexVPN in Point-to-Point, Hub-and-Spoke, and Spoke-to-Spoke IPsec VPNs
  • Implement and Maintain Cisco clientless SSL VPNs
  • Implement and Maintain Cisco AnyConnect SSL and IPsec VPNs
  • Implement and Maintain Endpoint Security and Dynamic Access Policies (DAP)

Outline

TOP
Viewing outline for:

Self-Paced Outline

Implementing Cisco Edge Network Security Solutions (SENSS)

1. Secure Design Principals

  • Describe the concepts of Network Security Zones
  • Provide an overview of the Cisco modular network architecture blueprint
  • Describe the Cisco SecureX architecture as a context-aware security solution
  • Describe the Cisco TrustSec solution as a part of the Cisco SecureX architecture

2. Network Infrastructure Protection Deployment

  • Provide an overview of network infrastructure protection controls
  • Examine various defenses in Cisco IOS Software that protect the control plane
  • Describe some strategies to protect the Cisco IOS management plane
  • Describe some strategies to protect the Cisco ASA management plane
  • Describe the baseline forms of telemetry recommended for network infrastructure devices
  • Configure and verify Cisco IOS Software Layer 2 Data Plane Controls
  • Configure and verify Cisco IOS Software and Cisco ASA Layer 3 Data Plane Controls

3. NAT Deployment on Cisco IOS Software and Cisco ASA

  • Describe network address translation
  • Configure, verify, and troubleshoot network address translation on Cisco ASA
  • Configure, verify, and troubleshoot network address translation on Cisco IOS Software routers

4. Threat Controls Deployment on Cisco ASA

  • Overview of Cisco firewall threat controls
  • Describe and configure basic Cisco ASA access polices
  • Describe and configure advanced Cisco ASA access policies
  • Describe and configure reputation-based Cisco ASA access policies

5. Threat Controls Deployment on Cisco IOS Software

  • Describe and configure Cisco IOS Zone-Based Policy Firewall
  • Describe and configure application inspection policies on Cisco IOS Zone-Based Policy Firewall

Implementing Cisco Threat Control Solutions (SITCS)

1. Cisco ASA (CX) NGFW Services

  • Describe the Cisco ASA (CX) NGFW solution
  • Describe the Cisco ASA (CX) NGFW management architecture and protocols
  • Describe how to configure Cisco ASA (CX) NGFW policy objects
  • Explain how to monitor Cisco ASA (CX) NGFW operations by using Cisco PRSM
  • Describe how to configure Cisco ASA (CX) NGFW access policies to match security requirements
  • Describe how to configure Cisco ASA (CX) NGFW identity policies to match security requirements
  • Describe how to configure Cisco ASA (CX) NGFW decryption policies to match security requirements

2. Cisco Web Security Appliance

  • Describe the Cisco Web Security Appliance main features
  • Describe the two Cisco Web Security Appliance integration methods (Explicit Proxy and Transparent Proxy)
  • Configure identities and user authentication
  • Configure URL filtering and application visibility and control
  • Configure inbound and outbound anti-malware controls Configure decryption policies
  • Configure data security controls to implement data loss prevention

3. Cisco Cloud Web Security

  • Describe the main features of the Cisco Cloud Web Security
  • Describe traffic redirection to Cloud Web Security through connectors, how to configure them on Cisco
  • ASA, Cisco WSA and Cisco IOS, and how to configure AnyConnect web security
  • Module
  • Describe how to configure web filtering policy and how to verify web filtering

4. Cisco Email Security Appliance

  • Illustrate the SMTP flows and conversations and provides a high level overview of the Cisco Email Security Appliance services
  • Describe the basic configuration components to setup the Cisco ESA, which includes the listener, LDAP queries, HAT, RAT, Mail Flow Policies and SMTP Routes table
  • Explain how to configure the different features within the incoming and outgoing mail policies (anti- spam, anti-virus, content filters, outbreak filters, data loss prevention)

5. Cisco Intrusion Prevention System

  • Describe the basic definitions and approaches to traditional intrusion prevention/detection systems and next generation IPS
  • Configure different Cisco IPS sensor interface modes
  • Configure the Cisco IPS sensor built-in signatures
  • Describe some methodologies for tuning a Cisco IPS sensor to properly manage false positive and negative events
  • Describes the methods and configuration procedures to create custom signatures on a Cisco IPS sensor
  • Enable the anomaly detection functionality on the Cisco IPS sensor
  • Enable the reputation-based features on the Cisco IPS sensor

Implementing Cisco Secure Access Solutions (SISAS) 

1. Threat Mitigation Through Identity Services

  • Describe the role of identity services in the secure access solution 
  • Implement 802.1X and EAP 
  • Jump start the secure access solution

2. Cisco ISE Fundamentals

  • Describe the key characteristics of Cisco ISE Enroll the Cisco ISE in the PKI
  • Implement Cisco ISE internal authentication 
  • Implement Cisco ISE external authentication

3. Advanced Access Control

  • Describe certificate-based client authentication in EAP-TLS.
  • Describe the authorization in Cisco ISE.
  • Describe the Cisco Security Group Access (SGA) solution and MACsec.

4. Web Authentication and Guest Access

  • Describe Cisco ISE WebAuth
  • Describe the guest service features of the Cisco ISE

5. Endpoint Access Control Enhancements

  • Describe the posture assessment and the use of NAC agents
  • Describe the Cisco ISE profiler and the endpoint identity groups
  • Describe the BYOD solution elements and device onboarding

6. Access Control Troubleshooting

  • Troubleshoot Cisco network access controls

Implementing Cisco Secure Mobility Solutions (SIMOS) 

1. Fundamentals of VPN Technologies and Cryptography

  • Describe the role of VPNs in network security
  • Describe cryptography solutions, algorithms, and protocols

2. Deploying Secure Site-to-Site Connectivity Solutions

  • Describe Cisco secure site-to-site connectivity solutions
  • Deploy point-to-point IPsec VPNs on the Cisco ASA
  • Deploy Cisco IOS VTI-based point-to-point IPsec VPNs
  • Deploy Cisco IOS DMVPNs

3. Deploying Cisco IOS Site-to-Site FlexVPN Solutions

  • Evaluate site-to-site VPN technologies
  • Describe the use of FlexVPN in point-to-point IPsec VPNs 
  • Describe the hub-and-spoke connectivity scenario that can be implemented using the FlexVPN framework 
  • Describe the spoke-to-spoke connectivity scenario that can be implemented using the FlexVPN framework

4. Deploying Clientless SSL VPN

  • Describe clientless SSL VPN and provide a general description of the SSL/TLS protocol 
  • Configure and verify baseline clientless SSL VPN remote access features of the Cisco ASA security appliance 
  • Deploy and manage advanced application-access features of a clientless Cisco SSL VPN 
  • Deploy and manage advanced authentication and authorization features of a clientless Cisco SSL VPN

5. Deploying Cisco AnyConnect VPNs

  • Configure, verify, and troubleshoot a basic Cisco AnyConnect SSL VPN on a Cisco ASA security appliance 
  • Configure, verify, and troubleshoot advanced features of Cisco AnyConnect SSL VPNs 
  • Configure, verify, and troubleshoot advanced authentication and authorization in Cisco AnyConnect
  • VPNs 
  • Configure, verify, and troubleshoot a Cisco AnyConnect IPsec/IKEv2 VPN on Cisco ASA security appliances

6. Endpoint Security and Dynamic Access Policies

  • Implement Cisco HostScan for both clientless and full-tunnel SSL VPNs
  • Integrate DAP with Host Scan on the Cisco ASA security appliance

Supplemental Assets

Mentoring: Mentors are available to help you with your studies for the certification exams. You can reach them by entering a Mentored Chat Room or by using the Email My Mentor service.

Class Notes / Study Guides: Printable study guide and class notes are intended to support your transfer of knowledge and skills from courses to the workplace. Use these to follow along with instruction, review prior to certification exams, or to reference on the job.

Test Prep Exams: Practice tests will help you prepare for a certification exam. You can take a test prep exam in Study Mode (where you receive feedback after each question) or in Certification Mode (designed to mimic a certification exam) as many times as you want.

Lab Simulations: Task-based multipath scenarios provide realistic practice of technology subjects or applications.

Prerequisites

TOP

Who Should Attend

TOP

Network security engineers

Course Delivery

This course is available in the following formats:

Self-Paced

On-demand content enables you to train on your own schedule.



Request this course in a different delivery format.
Enroll