Network technologies and trends

Jan 31 2017   5:23AM GMT

Time to welcome CCIE Security Version 5 Written and Lab exam

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Private Cloud
Windows 2008
Windows 7

Starting today i.e. 31st Jan 2017 , CCCIE Security Version 5 exams both lab and written are available for all CCIE aspirers all over the globe in authorised centres. The written exam known as CCIE Security Written Exam (400-251) version 5.0 is a two-hour test with 90-110 questions. However  the CCIE Security LAN Exam version 5.0 comes with major changes. It follows the same  pattern of CCIE R&S, CCIE Data Centre and CCIE Service Provider. Its an eight-hour lab divided into three modules

  • Troubleshooting module
  • Diagnostic module
  • Configuration Module

Cisco has released a unified Blue Print which covers the topics for both written and lab exam. The blue print is divided into six sections or domains. All these domains are part of both written and lab exam with an exception of Evolving technologies domain. This domain is only part of the CCIE Security Written exam.

Domain Written Exam (%) Lab Exam (%)
1.0 Perimeter Security and Intrusion Prevention 21% 23%
2.0 Advanced Threat Protection and Content Security 17% 19%
3.0 Secure Connectivity and Segmentation 17% 19%
4.0 Identity Management, Information Exchange, and Access Control 22% 24%
5.0 Infrastructure Security, Virtualization, and Automation 13% 15%
6.0 Evolving Technologies 10% N/A

Following topics have been removed from CCIE Security Version 5 exam

  • Legacy IPS
  • Easy VPN

These topics were part of CCIE Security Version 4 exams. However they are no more relevant to version 5 exam.

A huge list of topics are added to CCIE Security Version 5 exams , some of them are as follows

  • FirePOWER
  • Cisco FirePOWER Threat Defense (FTD)
  • ASA Clustering
  • NAT for IPv6
  • Firepower Management Center (FMC)
  • Cloud Web Security
  • Email Security Appliance (ESA)
  • Content Security Management Appliance
  • Advance Malware Protection (AMP)
  • OpenDNS
  • Lancope
  • Virtual Security Gateway
  • TrustSEC with SGT and SXP
  • ISE Personas with multimode deployment
  • MDM Integration with ISE
  • pxGRID
  • Wireless concepts such as FlexCONNECT and ANCHOR
  • NetFLOW/IPFIX and eStreamer
  • APIC-EM Controller
  • RESTful API in scripting languages such as Python
  • Evolving Technologies (Cloud, SDN and IoT) are part of written exam only

The CCIE Security Version 5 Lab will be delivered using following hardware and software appliances

Virtual Machines

  • Security Appliances
    • Cisco Identity Services Engine (ISE): 2.1.0
    • Cisco Secure Access Control System (ACS):
    • Cisco Web Security Appliance (WSA): 9.2.0
    • Cisco Email Security Appliance (ESA): 9.7.1
    • Cisco Wireless Controller (WLC): 8.0.133
    • Cisco Firepower Management Center Virtual Appliance: 6.0.1 and/or 6.1
    • Cisco Firepower NGIPSv: 6.0.1
    • Cisco Firepower Threat Defense: 6.0.1
  • Core Devices
    • IOSv L2: 15.2
    • IOSv L3: 15.5(2)T
    • Cisco CSR 1000V Series Cloud Services Router: 3.16.02.S
    • Cisco Adaptive Security Virtual Appliance (ASAv): 9.6.1
  • Others
    • Test PC: Microsoft Windows 7
    • Active Directory: Microsoft Windows Server 2008 (AD is not required to be configured by the candidate)
    • Cisco Application Policy Infrastructure Controller Enterprise Module : 1.2
    • Cisco Unified Communications Manager: (The CUCM is not required to be configured by the candidate)
    • FireAMP Private Cloud
    • AnyConnect 4.2

Physical Devices

  • Cisco Catalyst Switch: C3850-12S 16.2.1
  • Cisco Adaptive Security Appliance: 5512-X: 9.6.1
  • Cisco 2504 Wireless Controller: 2504:
  • Cisco Aironet: 1602E: 15.3.3-JC
  • Cisco Unified IP Phone: 7965: 9.2(3) (IP Phone is not required to be configured by the candidate)

CCIE Security exam is going to be quite challenging as there are quite new Security products introduced by Cisco in the year 2015 & 2016 and now they are part of the CCIE Security exam. The challenge one could face is related to Cisco FirePOWER Threat Defense as, its not used widely deployed by enterprise customers. It would be great if Cisco start providing some of the virtual appliances in Cisco VIRL. This makes one’s life easy to try out the new products. We wish all the best for those who are planning to take the CCIE Security Challenge.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: