You probably already know that Cisco is a big player when it comes to industry standards. It’s no wonder that most Networking professionals look towards their Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP) certifications, when it comes to demonstrating their knowledge to a potential employer.
We’ve compiled a study guide with some of the essential skills you will need to have in order to prepare for the Cisco Certified Network Professional (CCNP) Security certification.
The Exams
Originally, Cisco had the Cisco Certified Security Professional Certification (CCSP), which provided students with the required knowledge to install, troubleshoot and monitor Cisco security devices; validating the individual’s skill set for a specialized job.
They have now updated their certifications by removing CCSP and introducing the CCNP Security certification instead, which includes one Core exam — Implementing and Operating Cisco Security Core Technologies (SCOR) — and one of the following Concentration exams:
Securing Networks with Cisco Firepower (300-710 SNCF)
Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0
Securing Email with Cisco Email Security Appliance (SESA) v3.1
Securing the Web with Cisco Web Security Appliance (SWSA) v3.0
Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0
Implementing Automation for Cisco Security Solutions (SAUI) v1.0
Core Prerequisites
To prepare for the Core exam, you first need to brush up on your Ethernet and Wireless TCP/IP networking concepts, as you’ll be configuring filters for various TCP/IP protocols. In case you’ve been using Linux for so long that you sometimes get lost using Windows 10, now’s a good time to spin up a virtual machine, as Cisco certification exams can only be taken from a system running either Windows 10, Windows 8.1, or MacOS 10.13 and above, as described on page 4 of their Online Testing FAQs. Sadly, however, Linux hosts are not allowed for taking Cisco tests.
All previous network security knowledge is very helpful, as it will ease your learning experience. — Pro tip: read more of our blog! ;-) — All previously-developed skills with Cisco IOS devices — e.g. routers — is also needed, as Cisco ASA firewalls run the Cisco ASA Software operating system; with syntax similar to that of IOS, and customized for security appliances.
Core Contents Outline
To give you a better idea of the structure of the contents, here’s a brief layout of the chapters for modules I to IV from the previous CCNP course.
Module I
- Vulnerabilities, Threats and Attacks
- Security Planning and Policy
- Security Devices
- Trust and Identity Technology
- Cisco Secure Access Control Server
Module II
- Configuring Trust and Identity at Layer 3
- Configuring Trust and Identity at Layer 2
- Configuring Filtering on a Router
- Configuring Filtering on a PIX/ASA Security Appliance
- Configuring Filtering on a Switch
Module III
- Intrusion Detection and Prevention Technology
- Configuring Network Intrusion Detection and Prevention
- Encryption and VPN Technology
- Configuring Site-to-Site VPN Using Pre-Shared Keys
Module IV
- Configure Site-to-Site VPNs Using Digital Certificates
- Configure Remote Access VPN
- Secure Network Architecture and Management
- PIX Security Appliance and Contexts, Failover, and Management
While the theory is, of course, important; practical knowledge is a must, and you should look forward to doing lots of practice lab exercises. We recommend using either Cisco’s PacketTracer or GNS3 to run the simulations of your network topologies. Cisco’s PacketTracer comes with many devices ready for use, including ASA 5500 series firewalls. On the other hand, GNS3 requires that you have the appropriate images for each device, which may be provided to you when you enroll for the courses from Cisco.
Another big plus of working with GNS3 is that it allows you to simulate interactions with appliances from a different vendor, which will be helpful for your certification exam. You could, for example, practice setting up a VPN tunnel between a Cisco ASA and a Fortinet Fortigate firewall, for example; or, you could combine virtualized appliances from different vendors, such as creating a ring topology consisting of ASA, Fortigate, and pfSense devices. The possibilities are endless here.
Now, if you’re looking towards practicing with the actual hardware, you might be able to purchase some used firewalls, routers, switches, etc. from eBay. The main benefit here is that you’ll be working with the actual hardware you would encounter on the job, which is definitely worth the money. However, due to the current situation with the COVID-19 pandemic, we strongly encourage you to contact the seller to confirm the equipment has not been contaminated. Also, do remember to sanitize all packages you receive through the mail.
Go on, practice, practice, practice… and our best wishes for your certification exams and for your career!
Leave a Reply