CCNP Security

CCNP-Security

Successsful Careeer

RSTForum has trained more than 100,000 students to date. Many students have gone on to successful careers in a variety of industries, while others have harnessed the entrepreneurial spirit and knowledge they acquired in RST Forum to start their own businesses and create new jobs.

Labs on cloud

RSTForum uses Cloud computing to efficiently provide “Platform As A Service” (PAAS) to its students enabling them to quickly access Technology Racks over the internet and practice lab exercise from home These Racks are populated with latest equipment's required for practical exercises'.

Web Forums

RST Forum’s web based forum allows its users to ask, hundreds of technical experts about their technology and certification problem. RST forum is a tight knit community of working professionals that provide timely help on technical, certification and design related queries.

CCNP Security

Introduction

For network engineers who need to increase their value to employers and stay current with advances in networking knowledge and skills, the cisco CCNP Security certification program provides the education and training required for installing, monitoring, and troubleshooting network infrastructure products designed by the industry leader in IP networking.

The CCNP Security certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks. CCNP Security certified professionals have the knowledge and skills to make connections to remote sites via a WAN, and mitigate basic security threats. CCNP Security training covers (but is not limited to) the use of these topics: Implement firewall (ASA or IOS depending on which supports the implementation), Implement Layer 2 Security, Cisco Security Devices GUIs and Secured CLI Management, Troubleshooting, Monitoring and Reporting Tools. Threat Defense Architectures, Security Components and Considerations. The topics include all the areas covered under the 300-206 CCNA exam.

Implement firewall (ASA or IOS depending on which supports the implementation), Implement Layer 2 Security, Cisco Security Devices GUIs and Secured, CLI Management Troubleshooting, Monitoring and Reporting Tools, Threat Defense Architectures, Security Components and Considerations . The topics include all the areas covered under the 300-207 CCNP exam.
Identity Management and Secure Access, Implement network authorization enforcement, Implement Central Web Authentication (CWA), Implement profiling, Implement posture services, Troubleshooting, Monitoring and Reporting Tools, Threat Defense Architectures. The topics include all the areas covered under the 300-208 CCNP exam.

Secure Communications, Troubleshooting, Monitoring and Reporting Tools, Secure Communications Architectures, Design remote access VPN solutions , Describe encryption hashing and Next Generation Encryption (NGE). . The topics include all the areas covered under the 300-209 CCNP exam.
Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Course Highlights

This 10 day per module (Weekdays – 2.5hrs.) OR 8-week per module  (Sunday/Saturday) instructor led CCNP Security Security course is designed to provide professionals with extensive networking knowledge to accomplish their day to day job and CCNP Security certifications. The key to a high success rate is based on the program’s objectives as follows:

  • Course contents are based on CISCO guide lines
  • Dedicated Monitoring to evaluate candidates’ progress
  • Extensive hands-on lab exercises
  • Regular evaluation
  • Industry Experienced Certified instructors
  • Assigned project manager will manage this program.  This person will drive the program from its registration stage to monitoring and tracking of the candidates’ performance.
  • Curriculum is based on Cisco course outlines
  • The Instructor-led certified courses is designed for the Security candidates with an aim to build theoretical knowledge supplemented by ample hands-on lab exercises
  • 8 week / module or 10 days / module, of intensive training + labs design.
  • Courseware includes course kits and other reference material to enable students to prepare for CCNP Security certification exams
  • Optimal balance of theory classes and practical labs every week to ensure maximum absorption of technology by participants
  • Customized tests at the end of course to be attempted by every participant
  • Stringent passing standards with progress report of each participant
  • Optimal balance of theory classes and practical labs every week to ensure maximum absorption of technology by participants.
  • Repeating of lectures allowed.
Course Objectives

After you complete this CCNP Security 300-206 SENSS course you will be able to:

  • Implementing Cisco Edge Network Security (SENSS) (300-206) course is associated with the CCNP Security certifications.
  • This course prepares candidates with knowledge and skills needed to implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall .
  • Successful candidates will be able to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers.
  • Candidates can prepare for this exam by taking Cisco Edge Network Security (SENSS) course.

 

After you complete this CCNP Security 300-207 SITCS course you will be able to:

  • The Implementing Cisco Threat Control Solutions (SITCS) (300-207) exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next generation firewall, utilizing access and identity policies.
  • This course covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions.
  • Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.

 

After you complete this CCNP Security 300-208 SISAS course you will be able to:

  • The Implementing Cisco Secure Access Solutions (SISAS) (300-208) course covers the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec.
  • Understand 802.1X architecture, implementation and operation.
  • It makes the candidate aware of Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions.
  • It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE.
  • Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

 

After you complete this CCNP Security 300-209 SIMOS course you will be able to:

  • The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms.
  • This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN).
  • Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.
  • Understand Cisco Identity Services Engine architecture and access control capabilities.
  • Understand commonly implemented Extensible Authentication Protocols (EAP).
  • Implement Public-Key Infrastructure with ISE.
  • Understand the implement Internal and External authentication databases.
  • Implement MAC Authentication Bypass.
  • Implement identity based authorization policies.
  • Understand Cisco TrustSec features.
  • Implement Web Authentication and Guest Access.
  • Implement ISE Posture service.
  • Implement ISE Profiling.
Course Topics

Following Topics will be covered in  CCNP Security 300-206 Course.

IMPLEMENT FIREWALL (ASA OR IOS DEPENDING ON WHICH SUPPORTS THE IMPLEMENTATION):

  • Implement ACLs
  • Implement static/dynamic NAT/PAT
  • Implement object groups
  • Describe threat detection features
  • Implement botnet traffic filtering
  • Configure application filtering and protocol inspection
  • Describe ASA security context

IMPLEMENT LAYER 2 SECURITY:

  • Configure DHCP snooping
  • Describe dynamic ARP inspection
  • Describe storm control
  • Configure port security
  • Describe common Layer 2 threats and attacks and mitigation
  • Describe MACSec
  • Configure IP source verification

CISCO SECURITY DEVICES GUIS AND SECURED CLI MANAGEMENT :

  • Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
  • Implement RBAC on the ASA/IOS using CLI and ASDM
  • Device Management Implement Device Managers
  • Implement ASA firewall features using ASDM

TROUBLESHOOTING, MONITORING AND REPORTING TOOLS:

  • Monitor firewall using analysis of packet tracer, packet capture, and syslog
  • Analyze packet tracer on the firewall using CLI/ASDM
  • Configure and analyze packet capture using CLI/ASDM
  • Analyze syslog events generated from ASA

THREAT DEFENSE ARCHITECTURES:

  • High-availability
  • Basic concepts of security zoning
  • Transparent & Routed Modes
  • Security Contexts
  • Layer 2 Security Solutions
  • Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
  • Describe how PVLANs can be used to segregate network traffic at Layer 2

THREAT DEFENSE ARCHITECTURES:

  • Describe security operations management architectures
  • Single device manager vs. multi-device manager
  • Describe Data Center security components and considerations
  • Describe Collaboration security components and considerations
  • Describe common IPv6 security considerations
  • Unified IPv6/IPv4 ACL on the ASA

 

Following Topics will be covered in  CCNP Security 300-207 Course.

CISCO ASA 5500-X NGFW SECURITY SERVICES :

  • Describe features and functionality
  • Implement web usage control (URL-filtering, reputation based, file filtering)
  • Implement AVC
  • Implement decryption policies
  • Describe traffic redirection and capture methods

CISCO CLOUD WEB SECURITY :

  • Describe features and functionality
  • Implement IOS and ASA connectors
  • Implement AnyConnect web security module
  • Describe web usage control
  • Implement anti-malware
  • Describe decryption policies

CISCO CLOUD WEB SECURITY :

  • Implement network IPS deployment modes
  • Describe signatures engines
  • Implement event actions & overrides/filters
  • Implement anomaly detection
  • Implement risk ratings
  • Describe IOS IPS
  • Configure device hardening per best practices

TROUBLESHOOTING, MONITORING, AND REPORTING TOOLS :

  • Configure IME and IP logging for IPS
  • Describe reporting functionality
  • Implement the WSA Policy Trace tool
  • Implement the ESA Message Tracking tool
  • Implement the ESA Trace tool
  • Use web interface to verify traffic is being redirected to CWS
  • Use CLI on IOS to verify CWS operations
  • Use CLI on ASA to verify CWS operations
  • Use the PRSM Event Viewer to verify ASA NGFW operations
  • Describe the PRSM Dashboards and Reports

THREAT DEFENSE ARCHITECTURES :

  • Design IPS solution
  • Deploy Inline or Promiscuous
  • Deploy as IPS appliance, IPS software or hardware module or IOS IPS
  • Describe methods of IPS appliance load-balancing
  • Describe the need for Traffic Symmetry
  • Inline modes comparison – inline interface pair, inline VLAN pair, and inline VLAN group

CONTENT SECURITY ARCHITECTURES :

  • Design Web Security solution
  • Compare ASA NGFW vs. WSA vs. CWS
  • Compare Physical WSA vs. Virtual WSA
  • Design Email Security solution
  • Compare Physical ESA vs. Virtual ESA
  • Describe Hybrid mode
  • Design Application Security solution

 
Following Topics will be covered in  CCNP Security 300-208 Course.

IDENTITY MANAGEMENT AND SECURE ACCESS :

  • dACL,Dynamic VLAN assignment
  • Describe SGA,Named ACL

IMPLEMENT CENTRAL WEB AUTHENTICATION (CWA) :

  • Describe the function of CoA to support web authentication
  • Configure authentication policy to facilitate CWA
  • URL redirect policy
  • Redirect ACL
  • Customize web portal
  • Verify central web authentication operation

IMPLEMENT PROFILING :

  • Enable the profiling services
  • Network probes
  • IOS Device Sensor
  • Feed service
  • Profiling policy rules
  • Utilize profile assignment in authorization policies

IMPLEMENT POSTURE SERVICES :

  • Describe the function of CoA to support posture services
  • Agent options, Client provisioning policy and redirect ACL
  • Posture policy
  • Quarantine/remediation
  • Verify posture service operation

TROUBLESHOOTING, MONITORING, AND REPORTING TOOLS  :

  • Troubleshoot identity management solutions
  • Identify issues using authentication event details in Cisco ISE
  • Troubleshoot using Cisco ISE diagnostic tools
  • Troubleshoot endpoint issues
  • Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
  • Troubleshoot backup operations

THREAT DEFENSE ARCHITECTURES :

  • Design highly secure wireless solution with ISE
  • Identity Management
  • 802.1X
  • MAB
  • Network authorization enforcement
  • CWA
  • Profiling
  • Guest Services
  • Posture Services
  • BYOD Access

 
Following Topics will be covered in  CCNP Security 300-209 Course.

SECURE COMMUNICATIONS :

  • Site-to-site VPNs on routers and firewalls
  • Describe GETVPN
  • Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
  • Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
  • Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA
  • Implement remote access VPNs
  • Implement AnyConnect IKEv2 VPNs on ASA and routers
  • Implement AnyConnect SSLVPN on ASA and routers
  • Implement clientless SSLVPN on ASA and routers
  • Implement FLEX VPN on routers

TROUBLESHOOTING, MONITORING, AND REPORTING TOOLS :

  • Troubleshoot VPN using ASDM & CLI
  • Troubleshoot IPsec
  • Troubleshoot DMVPN
  • Troubleshoot FlexVPN
  • Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
  • Troubleshoot clientless SSLVPN on ASA and routers

SECURE COMMUNICATIONS ARCHITECTURES :

  • Design site-to-site VPN solutions
  • Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
  • VPN technology considerations based on functional requirements
  • High availability considerations
  • Identify VPN technology based on configuration output

DESIGN REMOTE ACCESS VPN SOLUTIONS  :

  • Identify functional components of FlexVPN, IPsec, and Clientless SSL
  • VPN technology considerations based on functional requirements
  • High availability considerations
  • Identify VPN technology based on configuration output
  • Identify AnyConnect client requirements
  • Clientless SSL browser and client consierations/requirements
  • Identify split tunneling requirements

DESCRIBE ENCRYPTION, HASHING, AND NEXT GENERATION ENCRYPTION (NGE) :

  • Compare and contrast Symmetric and asymmetric key algorithms
  • Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2, hashing algorithms MD5 and SHA, and authentication methods
  • Describe PKI components and protection methods
  • Describe Elliptic Curve Cryptography (ECC)
  • Compare and contrast SSL, DTLS, and TLS
Lab Topics

Enroll for this course now and get ahead in your career.

Course Fees:

₹10000

Enroll Now

Virtual Classroom

  • Instructor led online training is an ideal vehicle for delivering training to individuals anywhere in the world at any time.
  • This innovative approach presents live content with instructor delivering the training online.
  • Candidates will be performing labs remotely on our labs on cloud in presence of an online instructor.
  • Rstforum uses microsoft lync engine to deliver instructor led online training.
  • Advances in computer network technology, improvements in bandwidth, interactions, chat and conferencing, and realtime audio and video offers unparalleled training opportunities.
  • Instructor led online training can helps today’s busy professionals to perform their jobs and upgrade knowledge by integrating self-paced instructor led online training in their daily routines.

Miscellaneous

  • Minimum batch size required for batch is 10 participants in the this course.
  • The RST Forum reserves the right to cancel/postpone the class.
  • Course schedule will be provided before commencement of the course.
  • Certificate of participation will be awarded to participants with a minimum 90% attendance.
  • All attendees are to observe the Copyright Law on intellectual properties such as software.
  • and courseware from respective vendors.
  • The RST Forum reserves the right to include external participants in the program either for the entire course or individual courses.
  • The RST Forum reserves the right to change/alter the sequence of courses. RST FORUM published Book would be given at 50% discounted rate to the forum students.