CCIE Security Certification

Course Duration : 10 Month


CCIE certification being the highest level of IT certification available in the world offers brilliant job and growth opportunities to its applicants, worldwide. Also known as the highest paid and most desired certification of all times, CCIE certification training was introduced by Cisco Systems with an intent of providing a common platform to all the Network Engineers making them master of their own skills and knowledge. CCIE Certification has a value like no other certification available that is after completing CCIE Track certification, individuals tend to uplift their demand and value in various MNCs worldwide.


IPST offers 100% job placement guarantee to students opting for CCIE Security Integrated program with world class trainings on Checkpoint (CCSA) and CEH (Ethical Hacking) without any extra cost that is you get to learn and trained on CCNA R&S, CCNA Security, CCNP R&S, CCNP Security, CCIE Security, Juniper-SRX firewall, Checkpoint Firewall, Palo Alto Next Generation Firewalls, Network Monitoring and ticketing tools, and CEH, all in one package and cost. Our CCIE Security Integrated training package is the most popular and successful training package offered witnessing record breaking placements every year.

We provide 100% written job placement guarantee to students enrolling for any CCIE Integrated course training package.

  1. Starting Package of 2.5 to 4 Lacs package is guaranteed without appearing for any exam, based on your skills.
  2. Upon clearing CCIE Security (Lab+written) exam starting package of 4.5 to 6 Lacs package is guaranteed.

Note: Placement guarantee is only applicable for graduates. Graduation may either be regular or distance and in any stream (Computers, Engineering, Commerce, Arts, Science, etc.).


Devices Used

  • Routers : 2611xm, 1841, 2801, 2811, 3640, 3825, 7204 series
  • Switches: 2950, 2960, 3550, 3560, 3750 series
  • ASA Firewalls: 5510, 5512x series
  • Iron Ports: S170
  • IPS: 4240
  • ISE: 3315
  • IP Phones
  • WLC/AP

About CCIE Security V4 Training:

CCIE Security Version 4.0 Training is available for all CCIE Security Integrated Candidates. We are no more taking admissions for CCIE Security V3.0. We had offered last batch of version 3.0 in September 2012 to those candidates who had booked their lab exams in old version. New students are getting enrolled in CCIE Security V4 course only. New updated CCIE Security Training is provided strictly as per Cisco CCIE security V4 blueprints. Version 4 Training is provided by Mr. Vikas Kumar, who is Triple CCIE with over 14 years of experience in Network Security. You can download latest syllabus or blueprint of CCIE Security Version 4 Written and Lab exam from official website of Cisco.

CCIE Security is expert level certification offered by Cisco in network security track. We offer CCSA and Ethical Hacking as free courses in our CCIE Security training program. We offer CCIE Security training in Gurgaon in Delhi NCR region in India. CCIE Security V4 training is also delivered online to international students who cannot visit India due to their any reason. CCIE Security course delivers in-depth knowledge of R&S and network security both, where we start from very basics and cover in-depth of Cisco Security domain. In order to get CCIE Security certification candidate need to clear CCIE Security Written and Lab exams. CCIE Security is most prestigious IT certification from last 20 years and IPST is the only place in North India where you can get Hands On training.

Note: IPST is the only training institute having CCIE Security Version 4 Racks in North India. No other training institute in North India can offer CCIE Security training on real devices. We are the only training company who has produced CCIE Security V4 engineers in North India.

We suggest you to make a list of the institutes offering CCIE Security V4 training in India and visit them one by one and ask them to show you the rack of Security V4 and number of CCIE's produced after the change in version. Not to forget to ask them about the placement records of the students which is even more important than producing CCIE's even.

Course Contents

Cisco Certified Network Associate : 200-120
1. Describe the purpose and basic operation of protocols in OSI and TCP/IP models and determining the data flow amonest two different hosts within a network.
2. Installing, configuring and troubleshooting basic networking hardware that is Routers (1841, 2611XM, 2801, 2811) and Switches (2950, 2960, 3550, 3750 series). Concepts like IOS installation, password recovery, and hardware up-gradations will be covered.
3. Understanding, configuring and troubleshooting basic concepts of layer 2 switching and predicting the data flow.
4. Understanding, configuring and troubleshooting STP, VLANs, CAM, and Ether channels.
5. Understanding, configuring and troubleshooting layer 3 addressing routing protocols for IPV4 and IPV6 (subnetting and summarization).
6. Understanding, configuring and troubleshooting routing protocols for IPV4 and IPV6. Topics like OSPF (single and multi-area) and EIGRP (load balancing, equal and unequal) are covered.
7. Introduction to WAN: Getting familiar with WAN protocol and devices. Understanding, configuring and troubleshooting layer 3 protocols like Frame relay, HDLC, PPP, NAT, etc. Introduction to MPLS.
8. Understanding IP services like DHCP, SNMP, Netflow, FHRP, and NTP.

9. Understanding, configuring and troubleshooting layer 2 security, layer 3 security that is ACL (standard,extended,named) , SSH and Secret password. 

Cisco Certified Network Professional - R&S
Implementing Cisco IP Routing (ROUTE) : 300-101
1. Introduction to CEF, ICMP TCP and UDP operations (MSS, MTU, Windowing, Starvation and Latency).
2. Understanding, configuring and troubleshooting PPP, PPPOE, MPPP, Frame Relay and Layer2 Authentication.
3. Introduction TO VRF Lite, Route-Maps and Policy-Based Routing.
4. Explain EIGRP working, filtering ,summarization, default route origination and redistribution. EIGRP SIA, EIGRP Authentication, Equal and Unequal Load Balancing.
5. Understanding OSPF - OSPF packet types, area types and OSPF LSA like router network and summary LSA. OSPF filtering and summarization, concept of ABR and ASBR.
6. Introduction to Path Vector Protocol i.e. BGP. BGP neighbor relationship EBGP and IBGP, and BGP path attributes. BGP patch selection.
7. Explain the working of VPN technologies like GRE, DMVPN and EVN.
8. Understanding layer 3 security features like ACL (standard, named and timebased), ACS (Radius, Tacacs+) and IPV6 filtering.
9. Understanding, configuring and troubleshooting infrastructure services like NTP, DHCP, NAT (NAT PT, NAT64, NPTV6), IP SLA and Netflow v5, v9.

Implementing Cisco IP Switched Networks (SWITCH) : 300-115

1. Introduction to SDM (switch device manager), CAM and TCAM.
2. Understanding, configuring and troubleshooting VLANs, VTPV1, VTPV2 AND VTPV3. Configuring Swtichport Access, Trunk, and Dynamic.
3. Understanding, configuring and troubleshooting STP, PVST +, MST AND RVPST. Describing STP features like priority, guards like bpduguard, rootguard, and bpdufilter.
4. Introduction to stacking, layer two and three Etherchannels with configuration and troubleshooting examples.
5. Understanding, configuring, troubleshooting switching security with DHCP snooping (IP SOURCE GUARD, DYNAMIC ARP INSPECTION), Private VLAN, and Storm control.
6. Understanding, configuring, and troubleshooting HSRP, GLBP VRP.

Troubleshooting and maintaining Cisco IP Networks (TSHOOT) : 300-135

1. Case study on layer2 and layer 3 technologies for better understanding of some unique scenarios.
2. Troubleshooting IOS up-gradation password recovery.
3. Developing multiprotocol scenarios and understanding protocol specific issues like Floating Static Routes and Discard route availability.
4. Troubleshooting layer2 and layer 3 mixed scenarios in a strategic manner.
5. Understand rapid PST and MST convergence and troubleshooting it.
6. Troubleshooting routing protocol (EIGRP, OSPF, and RIP) redistribution, filtering, configuration and summarization with their respective features like EIGRP Stub, OSPF NSSA etc.
7. Troubleshooting routing protocol convergence with EGP i.e. BGP
8. Troubleshooting IP services like NTP, DHCNP, NAT, and ACL.
9. Troubleshooting router and switch security.
10. Troubleshooting VPN i.e. GRE.

Cisco Certified Network Associate-Security : 640-554

1. Understand common security threats like Email-based and web-based attacks including mitigation methods for Worm, Virus, and Trojan horse attacks.
2. Implement security on Cisco routers secure router access using strong encrypted passwords, IOS login, enhancements, IPV6 security.  Understand topics like multiple privilege levels, Role-based CLI and securing of control, data and management plane.
3. Implement (AAA) on router and switches and ASA. Further describe TACACS+ and RADIUS.
4. Describe standard, extended, and named IP IOS ACLs to filter packets and implement IP ACLS to mitigate the threats using Filter IP traffic, SNMP, DDoS attacks, IP ACLs to prevent IP spoofing, VACLs, etc.
5. Implement Secure Network Management using SSH, syslog, SNMP, NTP, SCP, CLI, CCP, and SSL.
6. Describe Layer 2 security using Cisco switches with the help of STP attacks, ARP spoofing, MAC spoofing, CAM overflows. Understand VLAN Security (Voice VLAN, PVLAN, VLAN hopping, and Native VLAN)
7. Understand Cisco Firewall Technologies like Proxy firewalls, Packet and stateful packet firewall. Describe types of NAT used in firewall technologies like Static, Dynamic, and PAT. Configure ASA using NAT, ACL, Default MPF, Cisco ASA sec Level.
8. Understand IPS technologies like Attack responses, Monitoring options, syslog, SDEE, Signature engines, Signatures, Network-based and Host-based.
9. Describe cryptography types (Symmetric, Asymetric, HMAC, Message digest, and PKI) and VPN Technologies (IPsec, SSL, IKE, ESP, AH, Tunnel mode, and Transport mode).
10. Implement an IOS IPSec site-to-site VPN with pre-shared key authentication implementation of SSL VPN using ASA device manager – Clientless and AnyConnect).

Cisco Certified Network Professional : Security

1. Implementing TACACS+ and RADIUS and wired/wireless 802.1X ISE authentication/authorization policies, ISE endpoint identity configuration and Verify MAB Operation).
2. Implement Firewall (ASA or IOS) including ACLS, static/dynamic NAT/PAT, and object groups. Threat detection features and implement botnet traffic filtering. Describe and implement ASA security contexts, Layer 2 Security, dynamic ARP inspection, storm control, common layer 2 attacks and mitigation, and MACSec and configuring DHCP snooping, port security and IP source verification.
3. Troubleshoot, monitor (firewalls using analysis of packet tracer, capture and syslog).
4. Understand Threat Defense Architectures (Design a Firewall Solution, High-availability, Basic concepts of security zoning, Transparent & Routed Modes, Security Contexts, and Layer 2 Security Solutions). Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
5. Understand and implement secure communications using VPN on routers and firewalls. Implement and troubleshoot AnyConnect IKEv2 VPN and AnyConnect SSLVPN on ASA and routers. Implement and troubleshoot FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA and on routers. Implement and troubleshoot IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6) and DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6). Implement and troubleshoot clientless SSLVPN on ASA and routers.
6. Design VPN solutions and identify VPN technology considerations based on functional requirements and configuration output, and Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec.
7. Understand Cisco WSA (features and functionality, implement data security, WSA identity and authentication with transparent User identification). Describe web usage control, decryption policies traffic redirection and capture methods.
8. Understand Cisco ESA (features and functionality) and describe traffic redirection and capture. Implement email encryption, anti-spam policies, virus outbreak filter, DLP policies, anti-malware, inbound and outbound mail policies and authentication.
9. Understand Network IPS and implement traffic redirection and capture methods, network IPS deployment modes, event actions & overrides/filters, anomaly detection, risk ratings, and device hardening per best practices. Describe signatures engines and configure device hardening best practices.

Cisco Certified Internetwork Expert (Security) : 351-018

1. Tunneling protocols like GRE, NHRP, IPV6 tunnel types, IP multicast, PIM, MSDP, IGMP and CGMP, Multicast Listener Directory and wireless (SSID, Authentication and authorization and its technologies, Rogue Aps, session establishment, Single sign-on, OTPs, LDAP and AD, RBAC, VPNs, L2 vs. L3, MPLS, VRFs, and tag switching, and Mobile IP networks.
2. Understand Security Protocols like RSA, MD5, SHA, 3DES, AES, IPSec, ISAKMP, IKE and IKEv2, GDOI, AH, ESP, CEP, TLS and DTLS, SSL, SSH, RADIUS, TACACS+, LDAP, EAP methods, PKI, PKIX, PKCS, IEEE 802.1X, WEP, WPA, WPA2, WCCP, SXP, MACsec, and DNSSE.
3. Understand various concepts of Application and Infrastructure Security like HTTP, HTTPS, SMTP, DHCP, DNS, FTP, STFP, NTP, TFTP, SNMP, syslog, and PCoIP.
4. Be able to recognize and mitigate common attacks like ICMP attacks and PING floods, MITM, Spoofing, Backdoor, Botnets, DoS and DDoS attacks.
5. Understand Cisco ASA and its features (Functionality, routing and multicast capabilities, object definition and ACLs, Context-aware firewall, Identity-based services, and Failover options). Understand Cisco IOS Firewalls and NAT, identify zone based firewall and identity based firewalling. Get familiar with Cisco Intrusion Prevention Systems (IPS) and Cisco IOS IPS, Cisco AAA protocols and application (RADIUS and TACACS+), network access, IEEE 802.1X, ISE, and Cisco Secure ACS Solution engine.
6. Understand Cisco NAC Appliance server, endpoint and client including Cisco AnyConnect VPN Client and Cisco VPN Client. Secure access gateway (Cisco IOS router or ASA) including IPSec, SSL VPN, VPN solutions, FlexVPN, DMVPN, GET VPN, Cisco EasyVPN , load balancing and failover.