Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

CCIE SECURITY TRACK

Lab Exam Blueprint v2.0

Please review the Lab Exam Overview for general information about the CCIE Security lab exam. This lab exam blueprint v2.0 is a detailed outline of the topics likely to appear on the lab exam effective January 2, 2007. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam. The topics listed are guidelines and other relevant or related topics may also appear. Candidates for lab exams scheduled on January 2, 2007 or later should prepare using the v2.0 blueprints below. In general, new product features become eligible for testing on CCIE lab exams six months after general release.


  1. Firewall
    1. PIX and ASA Firewall
      1. Basic Initialization
      2. Access Management
      3. Address Translation
      4. ACLs
      5. IP Routing
      6. Object Groups
      7. VLANs
      8. AAA
      9. VPNs
      10. Filtering
      11. Failover
      12. Layer 2 Transparent Firewall
      13. Security Contexts (Virtual Firewall)
      14. Modular Policy Framework
      15. Application-Aware Inspection
      16. High Availability Scenarios
      17. QoS Policies
      18. Other Advanced Features

    2. IOS Firewall
      1. CBAC
      2. Audit
      3. Auth Proxy
      4. PAM
      5. Access Control
      6. Performance Tuning
      7. Advanced Features

  2. VPN
    1. IPSec LAN-to-LAN
    2. SSL VPN
    3. DMVPN
    4. CA (PKI)
    5. Remote Access VPN
    6. VPN3000 Concentrator
    7. VPN3000 IP Routing
    8. Unity Client
    9. WebVPN
    10. EzVPN Hardware Client
    11. XAuth, Split-tunnel, RRI, NAT-T
    12. High Availability
    13. QoS for VPN
    14. GRE, mGRE
    15. L2TP
    16. PPTP
    17. Advanced VPN Features

  3. Intrusion Prevention System (IPS)
    1. IPS 4200 Series Sensor Appliance
    2. Basic Initialization
    3. Sensor Configuration
    4. Sensor Management
    5. Promiscuous and Inline Monitoring
    6. Signature Tuning
    7. Custom Signatures
    8. Blocking
    9. TCP Resets
    10. Rate Limiting
    11. Signature Engines
    12. IDM
    13. Event Action
    14. Event Monitoring
    15. IOS IPS
    16. PIX IDS
    17. SPAN, RSPAN
    18. Advanced Features

  4. Identity Management
    1. Security Protocols (RADIUS and TACACS+)
    2. Cisco Secure ACS Configuration
    3. Access Management (Telnet, SSH, Pwds, Priv Levels)
    4. Proxy Authentication
    5. Service Authentication (FTP, Telnet, HTTP, other)
    6. Network Admission Control (NAC Framework solution)
    7. 802.1x
    8. Advanced Features

  5. Advanced Security
    1. Mitigation Techniques
    2. Packet Marking Techniques
    3. Security RFCs (RFC1918, RFC2827, RFC2401)
    4. Service Provider Security
    5. Black Holes, Sink Holes
    6. RTBH Filtering (Remote Triggered Black Hole)
    7. Traffic Filtering using Access-lists
    8. NAT
    9. TCP Intercept
    10. uRPF
    11. CAR
    12. NBAR
    13. NetFlow
    14. Flooding
    15. Spoofing
    16. Policing
    17. Fragmentation
    18. Sniffer Traces
    19. Catalyst Management and Security
    20. Traffic Control and Congestion Management
    21. Catalyst Features and Advanced Configuration
    22. IOS Security Features

  6. Network Attacks
    1. Network Reconnaissance
    2. IP Spoofing Attacks
    3. MAC Spoofing Attacks
    4. ARP Spoofing Attacks
    5. Denial of Service (DoS)
    6. Distributed Denial of Service (DDoS)
    7. Man-in-the-Middle (MiM) Attacks
    8. Port Redirection Attacks
    9. DHCP Attacks
    10. DNS Attacks
    11. Fragment Attacks
    12. Smurf Attacks
    13. SYN Attacks
    14. MAC Attacks
    15. VLAN Hopping Attacks
    16. Other Layer2 and Layer3 Attacks

Preparation Materials

  • The materials listed below can be helpful in preparing for exams. The list is only suggested, however, and other books or resources may also cover the same topics.