CCNP Security

The Cisco Certified Network Professional Security (CCNP Security) is a professional-level certification. Credential holders possess the skills necessary to manage and maintain security in network devices and appliances, such as routers and switches. CCNP Security professionals are qualified to recommend and choose networking solutions for firewalls, VPNs, and IDSs/IPSs, as well as deploy, support, and maintain such solutions.


Working IT professionals looking to expand their core skills or enhance their career.


Valid CCNA Security certification or any CCIE certification can act as a prerequisite.


Total duration : 120 hrs

Part time:60 days (2hrs/day)

Full time:15days (8hrs/day).

Key Benefits:

Holding CCNP Security certification under your belt validates your skills needed to test, deploy, configure, maintain, and troubleshoot the Cisco network security appliances and the Cisco IOS Software devices that comprise your network´┐Żs security. It qualifies you for the role of Cisco Network Security Engineer accountable for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Course Outline:

Implementing Cisco Edge Network Security Solutions (300-206)

  • Implement firewall (ASA or IOS depending on which supports the implementation)
  • Implement Layer 2 Security
  • Configure device hardening per best practices
  • Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
  • Implement RBAC on the ASA/IOS using CLI and ASDM
  • Describe Cisco Prime Infrastructure
  • Describe Cisco Security Manager (CSM)
  • Implement Device Managers
  • Configure NetFlow exporter on Cisco Routers, Switches, and ASA
  • Implement SNMPv3
  • Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices
  • Implement NTP with authentication on Cisco Routers, Switches, and ASA
  • Describe CDP, DNS, SCP, SFTP, and DHCP
  • Monitor firewall using analysis of packet tracer, packet capture, and syslog
  • Design a Firewall Solution
  • Layer 2 Security Solutions
  • Describe security operations management architectures
  • Describe Data Center security components and considerations
  • Describe Data Center security components and considerations
  • Describe common IPv6 security considerations

Implementing Cisco Secure Access Solutions (300-208)

  • Implement Device AdministrationDescribe
  • Identity Management
  • Implement Wired/Wireless 802.1x
  • Implement MAB
  • Implement Network Authorization Enforcement
  • Correcting common vlan configuration errors
  • Implement central web authorization
  • Implement profiling
  • Implement guest services
  • Implement posturing
  • Implement BYOD access
  • Implement firewall
  • Troubleshooting, Monitoring, and Reporting Tools
  • Design highly secure wireless solution
  • Design AAA security solution
  • Design profiling security solution
  • Design posturing security solution
  • Design BYOD security solution
  • Design device admin security solution
  • Design guest services security solution

Implementing Cisco Secure Mobility Solutions (300-209)

  • Site-to-site VPNs on routers and firewalls
  • Implement remote access VPNs & CLI
  • Design site-to-site VPN solutions
  • Design remote access VPN solutions
  • Describe encryption, hashing, and Next Generation Encryption (NGE)

Implementing Cisco Threat Control Solutions (300-210)

  • Cisco Cloud Web Security (CWS)
  • Cisco Web Security Appliance (WSA)
  • Cisco Email Security Appliance
  • Cisco Next-Generation Firewall (NGFW) Security Services
  • Cisco Advanced Malware Protection (AMP)
  • Cisco FirePOWER Next-Generation IPS (NGIPS)
  • Describe traffic redirection and capture methodsisco Web Security Appliance (WSA)
  • Deployments
  • Design a web security solution
  • Design an email security solution
  • Design Cisco FirePOWER solutions
  • Design a web security solution
  • Cisco Web Security Appliance (WSA)
  • Cisco Email Security Appliance (ESA)
  • Cisco FirePOWER


1. System Security Engineers

2. Network Security Administrators

3. Network Security Support Specialists

4. Network Security Engineers

5. Network Security Consultants