CCNP Security
Cisco FirePOWER NGIPS and Cisco AMP Now Included
Prepare for the latest in network security with CCNP Security.
Overview
Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.
Prerequisites
Valid CCNA Security certification or any CCIE certification can act as a prerequisite.
Exams & Recommended Training
Sorry, no results matched your search criteria(s). Please try again.
For a complete list of available network security training, visit the Security Training page.
What's New?
Cisco Business Architecture Certifications
Begin your journey to building strong business skills needed to bridge technology and desired business results for your customers’ successful digital transformation.
Study & Learn
Self-Study Materials
- Implementing Cisco Secure Access Solutions (SISAS) v1.0
- Implementing Cisco Edge Network Security Solutions (SENSS) v1.0
- Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0
- Implementing Cisco Threat Control Solutions (SITCS) v1.5
- CCNP Security Tech Seminars
A comprehensive list of study materials is also available.
Cisco Learning Network Resources
Get all your CCNP Security questions answered.
Learning Partner Content
- Partners: Log In for Cisco SalesConnect curricula.
- Learning Partner Lounges - Find materials provided by Cisco Authorized Learning Partners.
Training
The best way to prepare for this certification is to take the Cisco-approved training:
Implementing Cisco Secure Access Solutions (SISAS)
This five-day course prepares network security engineers with the skills and knowledge needed to deploy the Cisco Identity Services Engine (ISE) and 802.1X secure network access and to implement and manage network access security by using the Cisco ISE appliance product solution.
Implementing Cisco Edge Network Security Solutions (SENSS)
This five-day course prepares network security engineers with the skills and knowledge needed to configure Cisco perimeter edge security solutions utilizing Cisco switches, Cisco routers, and Cisco Adaptive Security Appliance (ASA) firewalls and to implement and manage security on Cisco ASA firewalls, Cisco routers with the firewall feature set, and Cisco switches.
Implementing Cisco Secure Mobility Solutions (SIMOS)
This five-day course prepares network security engineers with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions and troubleshooting remote-access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.
Implementing Cisco Threat Control Solutions (SITCS)
This five-day course prepares network security engineers with the knowledge and skills to implement Ciscos FirePOWER Next-Generation IPS, AMP, as well as Web Security, Email Security and Cloud Web Security. You will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall.
Take Exam
To earn this Cisco certification, you must pass the following exam(s):
300-208 SISAS
The 300-208 Implementing Cisco Secure Access Solutions (SISAS) exam tests validates a network security engineer knowledge of the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec, including the Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solution. It also validates the knowledge of the fundamental concepts of BYOD using the posture and profiling services of the Cisco ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.
- 300-208 SISAS exam topics
- Register for the exam
- Read current exam policies and requirements
300-206 SENSS
The 300-206 Implementing Cisco Edge Network Security Solutions (SENSS) exam validates the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, or Cisco ASA firewall. The exam focuses on the technologies used to strengthen the security of a network perimeter such as Network Address Translation (NAT), Cisco ASA policy and application inspection, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Implementing Cisco Edge Network Security Solutions (SENSS) course.
- 300-206 SENSS exam topics
- Register for the exam
- Read current exam policies and requirements
300-209 SIMOS
The 300-209 Implementing Cisco Secure Mobility Solutions (SIMOS) exam tests a network security engineer on the variety of virtual private network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS Software platforms. In addition, the exam validates the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote-access SSLVPN and site-to-site VPN (DMVPN, FlexVPN). Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.
- 300-209 SIMOS exam topics
- Register for the exam
- Read current exam policies and requirements
300-210 SITCS
This exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. Some older technologies have been removed and includes coverage for both Cisco Firepower NGIPS and Cisco AMP (Advanced Malware Protection). This exam covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions. Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.
- 300-210 SITCS exam topics
- Register for the exam
- Read current exam policies and requirements
Recertification
Cisco Professional-level certifications (CCDP, CCNP Cloud, CCNP Collaboration, CCNP Data Center, CCNP Routing and Switching, CCNP Security, CCNP Service Provider, and CCNP Wireless) are valid for three years.
To recertify, pass ONE of the following before the certification expiration date:
- Pass any current 642-XXX Professional-level or any 300-XXX Professional-level exam, or
- Pass any current CCIE Written Exam, or
- Pass the current CCDE Written Exam OR current CCDE Practical Exam, or
- Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications.
Achieving or recertifying any of the certifications above automatically extends your active Associate and Professional level certification(s) up to the point of expiration of the last certification achieved.
For more information, access the How to Recertify page.
Recognition
CNSS 4013 Recognition
The National Security Agency (NSA) and the Committee on National Security Systems (CNSS) recognized that Cisco security courseware meets the CNSS 4013 training standard.
DoD 8570 Recognition
The United States Department of Defense has certified the Cisco CCNA Security, Cisco CCNP Security, and Cisco Cybersecurity Specialist (SCYBER) Certifications as DoD 8570.01-M compliant.
Resources
Datasheets
- Cisco Security Certifications Overview (PDF - 1.2 MB)
- CCNP Security Certification SITCS Exam Update (PDF - 405 KB)
- Cisco Security Certification Comparison Chart (PDF - 57 KB)
- Cisco CCSP and CCNP Security Curriculum Defends Vital Information Services of U.S. (PDF - 68 KB)
Case Studies
- CCIE Security Case Study - KSG at Cognizant (PDF - 212 KB)
- CCIE Security Certification Advances Engineer on Career Path (PDF - 109 KB)