INE

CCNP Security Bootcamp

  • Regular price $2,999.00
  • Save


INE’s CCNP Security Bootcamp should be considered an essential learning tool for any aspiring CCNP SC candidate. Our seven-day live, onsite bootcamp will provide you with an unparalleled training opportunity to fine tune your knowledge and gain valuable exam preparation skills.

Our Bootcamp provides a combination of lectures, whiteboards, instructor demonstrations, hands-on labs, and frequent quizzes to test your understanding of materials learned. You will not only learn about essential CCNP Security technologies but will also be exposed to the various ways these technologies are implemented in real-world networks.

During the course of the bootcamp, you will learn about Threat Defense, Security Devices, Security Device Management, Secure Communications, Troubleshooting, and more. The primary emphasis of this Bootcamp is coverage of the most important topics you’re likely to be tested upon in your CCNP Security Exams; Implementing Cisco Edge Network Security Solutions (300-206), Implementing Cisco Secure Mobility Solutions (300-209), Implementing Cisco Secure Access Solutions (300-208), Implementing Cisco Threat Control Solutions (300-210). Reference the outline below for a more in-depth explanation of the topics covered. 

In order to obtain the full benefit of this Bootcamp, it is imperative that you have passed your CCNA Security Exam. Also, to be best prepared for the bootcamp, we suggest that you view the CCNP Security Exam video course. The more prepared you are for the class the more you will take from it. This bootcamp is not designed to be your only form of exam preparation--you will need to have a familiarity with the exam topics in order to build on your existing knowledge throughout the bootcamp. If you have any questions about the suggested preparation necessary prior to the bootcamp, please reach out to one of our Training Specialists.

These Bootcamps are structured to run 10 hours per day, typically starting at 9am, with a one-hour lunch break. Each day will be a combination of lectures, Q&A sessions, and hands-on exercises. Students will also have full access to their lab equipment throughout the evening to continue practicing on their own or together with other students.

Our lectures are dynamic and engaging, with a digital whiteboard system, and a significant amount of class time spent live on Cisco’s IOS command line interface working with a full network topology.



7 Days
Reserve your seat today for as low as $625!

Contact a Training Specialist today to discuss setting up a payment plan for your bootcamp.

1-877-224-8987

1-775-826-4344 (Outside US)

As of June 1st 2017 - INE offers Bootcamp course reseats at a fee of $1,000 (provided that the original Bootcamp was purchased at list price). This $1,000 fee applies to reseat purchases made within two years from the date of the original Bootcamp attended. Reseats after this two-year timeframe are available for purchase at discounted rate from the list price. Students may schedule a reseat during any upcoming Bootcamp dates excluding those marked “Sold Out.” Reseat terms apply.

  • Day 1 & 2: Implementing Cisco Edge Network Security Solutions (300-206)

    The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall. This 90-minute exam consists of 65-75 questions and focuses on the technologies used to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Cisco Edge Network Security (SENSS) course.

    • 1.0 Threat Defense
      • 1.1 Implement firewall (ASA or IOS depending on which supports the implementation)
      • 1.1.a Implement ACLs
      • 1.1.b Implement static/dynamic NAT/PAT
      • 1.1.c Implement object groups
      • 1.1.d Describe threat detection features
      • 1.1.e Configure application filtering and protocol inspection
      • 1.1.f Describe ASA security contexts
      • 1.2 Implement Layer 2 Security
      • 1.2.a Configure DHCP snooping
      • 1.2.b Describe dynamic ARP inspection
      • 1.2.c Describe storm control
      • 1.2.d Configure port security
      • 1.2.e Describe common Layer 2 threats and attacks and mitigation
      • 1.2.f Describe MACSec
      • 1.2.g Configure IP source verification
      • 1.3 Configure device hardening per best practices
      • 1.3.a Routers
      • 1.3.b Switches
      • 1.3.c Firewalls
    • 2.0 Cisco Security Devices GUIs and Secured CLI Management
      • 2.1 Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
      • 2.2 Implement RBAC on the ASA/IOS using CLI and ASDM
      • 2.3 Describe Cisco Prime Infrastructure
      • 2.3.a Functions and use cases of Cisco Prime
      • 2.3.b Device Management
      • 2.4 Describe Cisco Security Manager (CSM)
      • 2.4.a Functions and use cases of CSM
      • 2.4.b Device Management
      • 2.5 Implement Device Managers
      • 2.5.a Implement ASA firewall features using ASDM
    • 3.0 Management Services on Cisco Devices
      • 3.1 Configure NetFlow exporter on Cisco Routers, Switches, and ASA
      • 3.2 Implement SNMPv3
      • 3.2.a Create views, groups, users, authentication, and encryption
      • 3.3 Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices
      • 3.4 Implement NTP with authentication on Cisco Routers, Switches, and ASA
      • 3.5 Describe CDP, DNS, SCP, SFTP, and DHCP
      • 3.5.a Describe security implications of using CDP on routers and switches
      • 3.5.b Need for dnssec
    • 4.0 Threat Defense Architectures
      • 4.1 Design a Firewall Solution
      • 4.1.a High-availability
      • 4.1.b Basic concepts of security zoning
      • 4.1.c Transparent & Routed Modes
      • 4.1.d Security Contexts
      • 4.2 Layer 2 Security Solutions
      • 4.2.a Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
      • 4.2.b Describe best practices for implementation
      • 4.2.c Describe how PVLANs can be used to segregate network traffic at Layer 2
  • Day 3 & 4: Implementing Cisco Secure Mobility Solutions (300-209)

    The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN). Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.

    • 1.0 Secure Communications
      • 1.1 Site-to-site VPNs on routers and firewalls
      • 1.1.a Describe GETVPN
      • 1.1.b Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
      • 1.1.c Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
      • 1.1.d Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA
      • 1.2 Implement remote access VPNs
      • 1.2.a Implement AnyConnect IKEv2 VPNs on ASA and routers
      • 1.2.b Implement AnyConnect SSLVPN on ASA and routers
      • 1.2.c Implement clientless SSLVPN on ASA and routers
      • 1.2.d Implement FLEX VPN on routers
    • 2.0 Troubleshooting, Monitoring, and Reporting Tools
      • 2.1 Troubleshoot VPN using ASDM & CLI
      • 2.1.a Troubleshoot IPsec
      • 2.1.b Troubleshoot DMVPN
      • 2.1.c Troubleshoot FlexVPN
      • 2.1.d Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
      • 2.1.e Troubleshoot clientless SSLVPN on ASA and routers
    • 3.0 Secure Communications Architectures
      • 3.1 Design site-to-site VPN solutions
      • 3.1.a Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
      • 3.1.b VPN technology considerations based on functional requirements
      • 3.1.c High availability considerations
      • 3.1.d Identify VPN technology based on configuration output
      • 3.2 Design remote access VPN solutions
      • 3.2.a Identify functional components of FlexVPN, IPsec, and Clientless SSL
      • 3.2.b VPN technology considerations based on functional requirements
      • 3.2.c High availability considerations
      • 3.2.d Identify VPN technology based on configuration output
      • 3.2.e Identify AnyConnect client requirements
      • 3.2.f Clientless SSL browser and client considerations/requirements
      • 3.2.g Identify split tunneling requirements
      • 3.3 Describe encryption, hashing, and Next Generation Encryption (NGE)
      • 3.3.a Compare and contrast Symmetric and asymmetric key algorithms
      • 3.3.b Describe PKI components and protection methods
      • 3.3.c Describe Elliptic Curve Cryptography (ECC)
      • 3.3.d Compare and contrast SSL, DTLS, and TLS
  • Day 5 & 6: Implementing Cisco Secure Access Solutions (300-208)

    The 300-208 Implementing Cisco Secure Access Solutions (SISAS) exam tests whether a network security engineer knows the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec. This 90-minute exam consists of 55 – 65 questions. It tests on Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of BYOD using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

    • 1.0 Identity Management/Secure Access
      • 1.1 Implement Device Administration
      • 1.1.a Compare and select AAA options
      • 1.1.b TACACS+
      • 1.1.c RADIUS
      • 1.1.d Describe Native AD and LDAP
      • 1.2 Describe Identity Management
      • 1.2.a Describe features and functionality of authentication and authorization
      • 1.2.b Implement accounting
      • 1.3 Implement Wired/Wireless 802.1x
      • 1.3.a Describe RADIUS flows
      • 1.3.b AV pairs
      • 1.3.c EAP types
      • 1.3.d Describe supplicant, authenticator, server
      • 1.3.e Supplicant options
      • 1.3.f 802.1X phasing (monitor mode, low impact, closed mode)
      • 1.3.g AAA server
      • 1.3.h Network access devices
      • 1.4 Implement MAB
      • 1.5 Implement Network Authorization Enforcement
      • 1.5.a dACL
      • 1.5.b Dynamic VLAN assignment
      • 1.5.c Describe SGA
      • 1.5.d Named ACL
      • 1.5.e CoA
      • 1.6 Implement central web authorization
      • 1.7 Implement profiling
      • 1.8 Implement guest services
      • 1.9 Implement posturing
      • 1.10 Implement BYOD access
      • 1.10.a Describe elements of a BYOD policy
      • 1.10.b Device registration
      • 1.10.c My devices portal
      • 1.10.d Describe supplicant provisioning
    • 2.0 Threat Defense
      • 2.1 Implement firewall
      • 2.1.a Describe SGA ACLs
    • 3.0 Troubleshooting, Monitoring, and Reporting Tools
      • 3.1 Troubleshoot identity management solutions
    • 4.0 Identity Management Architectures
      • 4.1 Design AAA security solution
      • 4.2 Design profiling security solution
      • 4.3 Design posturing security solution
      • 4.4 Design BYOD security solution
      • 4.5 Design device admin security solution
      • 4.6 Design guest services security solution
  • Day 7: Implementing Cisco Threat Control Solutions (300-210)

    The Implementing Cisco Threat Control Solutions (SITCS) exam (300-210) is part of the CCNP Security certification. It tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. This new revision of the SITCS exam replaces 300-207, removes some older technologies, and adds coverage for both Cisco Firepower NGIPS and Cisco AMP (Advanced Malware Protection). This 90-minute exam consists of 65–75 questions and covers integration of Intrusion Prevention System (IPS) and contextaware firewall components, as well as Web (Cloud) and Email Security solutions. Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.

    • 1.0 Content Security
      • 1.1 Cisco Cloud Web Security (CWS)
      • 1.1.a Describe the features and functionality
      • 1.1.b Implement the IOS and ASA connectors
      • 1.1.c Implement the Cisco AnyConnect web security module
      • 1.1.d Implement web usage control
      • 1.1.e Implement AVC
      • 1.1.f Implement antimalware
      • 1.1.g Implement decryption policies
      • 1.2 Cisco Web Security Appliance (WSA)
      • 1.2.a Describe the features and functionality
      • 1.2.b Implement data security
      • 1.2.c Implement WSA identity and authentication, including transparent user identification
      • 1.2.d Implement web usage control
      • 1.2.e Implement AVC
      • 1.2.f Implement antimalware and AMP
      • 1.2.g Implement decryption policies
      • 1.2.h Implement traffic redirection and capture methods (explicit proxy vs. transparent proxy)
      • 1.3 Cisco Email Security Appliance
      • 1.3.a Describe the features and functionality
      • 1.3.b Implement email encryption
      • 1.3.c Implement antispam policies
      • 1.3.d Implement virus outbreak filter
      • 1.3.e Implement DLP policies
      • 1.3.f Implement antimalware and AMP
      • 1.3.g Implement inbound and outbound mail policies and authentication
      • 1.3.h Implement traffic redirection and capture methods
      • 1.3.i Implement ESA GUI for message tracking
    • 2.0 Network Threat Defense
      • 2.1 Cisco Next-Generation Firewall (NGFW) Security Services
      • 2.1.a Implement application awareness
      • 2.1.b Implement access control policies (URL-filtering, reputation based, file filtering)
      • 2.1.c Configure and verify traffic redirection
      • 2.1.d Implement Cisco AMP for Networks
      • 2.2 Cisco Advanced Malware Protection (AMP)
      • 2.2.a Describe cloud detection technologies
      • 2.2.b Compare and contrast AMP architectures (public cloud, private cloud)
      • 2.2.c Configure AMP endpoint deployments
      • 2.2.d Describe analysis tools
    • 3.0 Cisco FirePOWER Next-Generation IPS (NGIPS)
      • 3.1 Configurations
      • 3.2 Describe traffic redirection and capture methods
      • 3.2.a Describe preprocessors and detection engines
      • 3.2.b Implement event actions and suppression thresholds
      • 3.2.c Implement correlation policies
      • 3.2.d Describe SNORT rules
      • 3.2.e Implement SSL decryption policies
      • 3.3 Deployments
      • 3.3.a Deploy inline or passive modes
      • 3.3.b Deploy NGIPS as appliance, virtual appliance, or module within an ASA
      • 3.3.c Describe the need for traffic symmetry
      • 3.3.d Compare inline modes: inline interface pair and inline tap mode
    • 4.0 Security Architectures
      • 4.1 Design a web security solution
      • 4.1.a Compare and contrast Cisco FirePOWER NGFW, WSA, and CWS
      • 4.1.b Compare and contrast physical WSA and virtual WSA
      • 4.2 Design Cisco FirePOWER solutions
      • 4.2.a Configure the virtual routed, switched, and hybrid interfaces
      • 4.2.b Configure the physical routed interfaces