IT Certifications and Career Paths

CCNP Security

Security Certification Overview

New exams, training courses and Cybersecurity certification.

Certification Listing

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Prerequisites

Valid CCNA Security Certification or any CCIE Certification can act as a prerequisite

Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.

Exams & Recommended Training

Required Exam(s) Recommended Training
642-637 SECURE
Last day to test:
Apr 21, 2014

 
OR
 
300-208 SISAS
Securing Networks with Cisco Routers and Switches (SECURE)
 
 
OR
 
Implementing Cisco Secure Access Solutions (SISAS)
642-618 FIREWALL
Last day to test:
Apr 21, 2014

 
OR
 
300-206 SENSS
Deploying Cisco ASA Firewall Solutions (FIREWALL)
 
 
OR
 
Implementing Cisco Edge Network Security Solutions (SENSS)
642-648 VPN
Last day to test:
Apr 21, 2014

 
OR
 
300-209 SIMOS
Deploying Cisco ASA VPN Solutions (VPN)
 
 
OR
 
 
Implementing Cisco Secure Mobility Solutions (SIMOS)
642-627 IPS
Last day to test:
Apr 21, 2014

 
OR
 
300-207 SITCS
Implementing Cisco Intrusion Prevention System (IPS )
 
 
OR
 
 
Implementing Cisco Threat Control Solutions (SITCS)

The best way to prepare for this certification is to take the Cisco-approved training:

Securing Networks with Cisco Routers and Switches (SECURE)

Last day to test: April 21, 2014
This five-day course is aimed at providing network security engineers with the knowledge and skills needed to secure Cisco IOS Software router- and switch-based networks, and provide security services based on Cisco IOS Software.
» Learn More

OR

Implementing Cisco Secure Access Solutions (SISAS)

This five-day course prepares network security engineers with the skills and knowledge needed to deploy the Cisco Identity Services Engine (ISE) and 802.1X secure network access and to implement and manage network access security by using the Cisco ISE appliance product solution.
» Learn More

AND

Deploying Cisco ASA Firewall Solutions (FIREWALL)

Last day to test: April 21, 2014
This five-day instructor-led course is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco ASA security appliances.
» Learn More

OR

Implementing Cisco Edge Network Security Solutions (SENSS)

This five-day course prepares network security engineers with the skills and knowledge needed to configure Cisco perimeter edge security solutions utilizing Cisco switches, Cisco routers, and Cisco Adaptive Security Appliance (ASA) firewalls and to implement and manage security on Cisco ASA firewalls, Cisco routers with the firewall feature set, and Cisco switches.
» Learn More

AND

Deploying Cisco ASA VPN Solutions (VPN)

Last day to test: April 21, 2014
This five-day course is amied at choosing, configuring, and troubleshooting the majority of Cisco ASA adaptive security appliance remote access and site-to-site VPN features to reduce risk to IT infrastructure and its applications.
» Learn More

OR

Implementing Cisco Secure Mobility Solutions (SIMOS)

This five-day course prepares network security engineers with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions and troubleshooting remote-access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.
» Learn More

AND

Implementing Cisco Intrusion Prevention System (IPS)

Last day to test: April 21, 2014
This five-day instructor-led course is aimed at providing network security engineers with the knowledge and skills needed to deploy Cisco IPS-based security solutions.
» Learn More

OR

Implementing Cisco Threat Control Solutions (SITCS)

This five-day course prepares network security engineers with the knowledge and skills needed to deploy the Cisco ASA Next-Generation Firewall (NGFW), as well as web security, email security, and cloud web security, and with the capability to implement and manage security on Cisco ASA firewalls utilizing the Cisco Next-Generation product solution.
» Learn More

Self-Study Materials

The following resources are suggested study materials:

A comprehensive list of study materials is also available.

Cisco Learning Network Resources

Get all your CCNP Security questions answered.

Learning Partner Content

  • Partners: Log in for Partner Education Connection (PEC) curricula.
  • Learning Partner Lounges - Find materials provided by Cisco Authorized Learning Partners.

To earn this Cisco certification, you must pass the following exam(s):

Exams

642-637 SECURE
Last day to test: April 21, 2014
The Securing Networks with Cisco Routers and Switches (SECURE v1.0) exam is associated with the CCSP and CCNP Security certifications. This exam tests a candidate's knowledge and skills needed to secure Cisco IOS Software router and switch-based networks, and provide security services based on Cisco IOS Software. Candidates can prepare for this exam by taking the Securing Networks with Cisco Routers and Switches course.

OR

300-208 SISAS
The 300-208 Implementing Cisco Secure Access Solutions (SISAS) exam tests validates a network security engineer knowledge of the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec, including the Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solution. It also validates the knowledge of the fundamental concepts of BYOD using the posture and profiling services of the Cisco ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

AND

642-618 FIREWALL
Last day to test: April 21, 2014
Deploying Cisco ASA Firewall Solutions (FIREWALL) exam is associated with the CCSP, CCNP Security and Cisco ASA Specialist certifications. This exam tests a candidate's knowledge and skills needed to implement and maintain Cisco ASA-based perimeter solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA FIREWALL course.

OR

300-206 SENSS
The 300-206 Implementing Cisco Edge Network Security Solutions (SENSS) exam validates the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, or Cisco ASA firewall. The exam focuses on the technologies used to strengthen the security of a network perimeter such as Network Address Translation (NAT), Cisco ASA policy and application inspection, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Implementing Cisco Edge Network Security Solutions (SENSS) course.

AND

642-648 VPN
Last day to test: April 21, 2014
Deploying Cisco ASA VPN Solutions (VPN) exam is associated with the CCSP, CCNP Security, Cisco ASA Specialist and Cisco IPS Specialist certifications. This exam tests a candidate's knowledge and skills needed to deploy Cisco ASA-based VPN solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA VPN features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA VPN Solutions (VPN) course.

OR

300-209 SIMOS
The 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS) exam tests a network security engineer on the variety of virtual private network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS Software platforms. In addition, the exam validates the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote-access SSLVPN and site-to-site VPN (DMVPN, FlexVPN). Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.

AND

642-627 IPS
Last day to test: April 21, 2014
Implementing Cisco Intrusion Prevention System v7.0 (IPS v7.0) exam is associated with the CCSP, CCNP Security and Cisco IPS Specialist certifications. This exam tests a candidate's knowledge and skills needed to deploy Cisco IPS-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS. Candidates can prepare for this exam by taking the Implementing Cisco Intrusion Prevention System course.

OR

300-207 SITCS
The 300-207 Implementing Cisco Threat Control Solutions (SITCS) exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. In addition, the exam covers integration of Cisco Intrusion Prevention System (IPS) and context-aware firewall components, as well as web (cloud) and email security solutions. Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.

Cisco Learning Locator

Locate training at a center near you.

Find Training

Track your Progress

View your certification progress and exam history, request logos for your earned certifications, and more.

Certification Tracking System