CCNP Security

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Who Needs to Attend
Course Date

Who Needs to Attend

Network security engineers


Valid CCNA Security Certification or any CCIE Certification can act as a prerequisite

  • Cisco Certified Network Associate (CCNA®) certification
  • Cisco Certified Network Associate (CCNA®) Security certification
  • Knowledge of Microsoft Windows operating system

Course Date

Dates Content Pending

SENSS - Implementing Cisco Edge Network Security Solutions

What You'll Learn

What You'll Learn

  • Security threat landscape
  • Implement Cisco modular network security architectures such as SecureX and TrustSec
  • Deploy Cisco infrastructure management and control plane security controls
  • Configure Cisco Layer 2 and Layer 3 data plane security controls
  • Implement and maintain Cisco ASA Network Address Translations (NAT)
  • Implement and maintain Cisco IOS Software NAT


  • Designing and deploying Cisco Cyber Threat Defense solutions on a Cisco ASA utilizing access policy and application and identity based inspection
  • Implement Botnet Traffic Filters
  • Deploy Cisco IOS Zone-Based Policy Firewalls (ZBFW)
  • Configure and verify Cisco IOS ZBFW Application Inspection Policy

Threat Defense

1.1 Implement firewall (ASA or IOS depending on which supports the implementation)
1.2 Implement Layer 2 Security
1.3 Configure device hardening per best practices

Cisco Security Devices GUIs and Secured CLI Management

2.1 Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
2.2 Implement RBAC on the ASA/IOS using CLI and ASDM
2.3 Describe Cisco Prime Infrastructure
2.4 Describe Cisco Security Manager (CSM)
2.5 Implement Device Managers

Management Services on Cisco Devices

3.1 Configure NetFlow exporter on Cisco Routers, Switches, and ASA
3.2 Implement SNMPv3
3.3 Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices
3.4 Implement NTP with authentication on Cisco Routers, Switches, and ASA
3.5 Describe CDP, DNS, SCP, SFTP, and DHCP

Troubleshooting, Monitoring and Reporting Tools

4.1 Monitor firewall using analysis of packet tracer, packet capture, and syslog

Threat Defense Architectures

5.1 Design a Firewall Solution
5.2 Layer 2 Security Solutions

Security Components and Considerations

6.1 Describe security operations management architectures
6.2 Describe Data Center security components and considerations
6.3 Describe Collaboration security components and considerations
6.4 Describe common IPv6 security considerations

Content Security

1.1 Cisco ASA 5500-X NGFW Security Services
1.2 Cisco Cloud Web Security
1.3 Cisco WSA
1.4 Cisco ESA

Threat Defense

2.1 Network IPS
2.2 Configure device hardening per best practices

Devices GUIs and Secured CLI

3.1.a Implement HTTPS and SSH access
3.1.b Describe configuration elements
3.1.c Implement ESA GUI for message tracking

Troubleshooting, Monitoring and Reporting Tools

4.1 Configure IME and IP logging for IPS
4.2 Content Security
4.3 Monitor Cisco Security IntelliShield

Threat Defense Architectures

5.1 Design IPS solution

Content Security Architectures

6.1 Design Web Security solution
6.2 Design Email Security solution
6.3 Design Application Security solution

SITCS - Implementing Cisco Threat Control Solutions

What You'll Learn

What You'll Learn

  • Cisco ASA Next-Generation Firewall (NGFW)
  • Deploy Cisco Web Security appliance to mitigate malware
  • Configure Web Security appliance for acceptable use controls
  • Configure Cisco Cloud Web Security Connectors
  • Cisco Email Security Solution
  • Configure Cisco Email Appliance Incoming and Outgoing Policies
  • IPS Threat Controls
  • Configure and Implement Cisco IPS Sensor into a Network

SISAS - Implementing Cisco Secure Access Solutions

What You'll Learn

What You'll Learn

  • Cisco ISE architecture and access control capabilities
  • 1X architecture, implementation, and operation
  • Commonly implemented Extensible Authentication Protocols (EAPs)
  • Implement public key infrastructure (PKI) with ISE
  • Implement internal and external authentication databases
  • Implement MAC Authentication Bypass (MAB)


  • Implement identity based authorization policies
  • Cisco TrustSec features
  • Implement web authentication and guest access
  • Implement ISE Posture service
  • Implement ISE Profiling
  • Bring Your Own Device (BYOD) as it relates to ISE
  • Troubleshoot ISE

Identity Management/Secure Access

1.1 Implement device administration
1.2 Describe identity management
1.3 Implement wired/wireless 802.1X
1.4 Implement MAB
1.5 Implement network authorization enforcement
1.6 Implement Central Web Authentication (CWA)
1.7 Implement profiling
1.8 Implement guest services
1.9 Implement posture services
1.10 Implement BYOD access

Threat Defense

2.1 Describe TrustSec Architecture
2.1.a SGT Classification – dynamic/static
2.1.b SGT Transport – inline tagging and SXP
2.1.c SGT Enforcement – SGACL and SGFW
2.1.d MACsec

Troubleshooting, Monitoring and Reporting Tools

3.1 Troubleshoot identity management solutions

Threat Defense Architectures

4.1 Design highly secure wireless solution with ISE

Identity Management Architectures

5.1 Device administration
5.2 Identity Management
5.3 Profiling
5.4 Guest Services
5.5 Posturing Services
5.6 BYOD Access

Secure Communications

1.1 Site-to-site VPNs on routers and firewalls
1.2 Implement remote access VPNs

Troubleshooting, Monitoring and Reporting Tools

2.1 Troubleshoot VPN using ASDM & CLI

Secure Communications Architectures

3.1 Design site-to-site VPN solutions
3.2 Design remote access VPN solutions
3.3 Describe encryption, hashing, and Next Generation Encryption (NGE)

SIMOS - Implementing Cisco Secure Mobility Solutions

What You'll Learn

What You'll Learn

  • Various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security
  • Implement and maintain Cisco site-to-site VPN solutions
  • Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs
  • Implement and maintain Cisco clientless SSL VPNs
  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs
  • Implement and maintain endpoint security and dynamic access policies (DAP)