Cisco has given us a big makeover for one of their premier Professional Level Certifications - the Cisco Certified Network Professional Security (CCNP Security) Certification. The 2014 updates retire some devices and technologies from coverage, and replace these with some of the latest and greatest in Cisco's security portfolio. It does seem that in the area of security, Cisco makes the most sweeping changes, retiring products with no warning. The ever-changing network security landscape certainly helps to make this a reality.
As we examine this updated certification, the first thing to consider is the prerequisite requirements.
The most common method of meeting the prerequisites is to simply possess the CCNA Security certification. The simplest path to CCNA Security is to possess the CCENT Certification and then pass 640-554 IINS.
A less common method of meeting the prerequisites is to possess any valid CCIE Certification from Cisco Systems. This is actually how I can move right to this new CCNP Security as I possess the CCIE R&S cert.
What about if you passed the older CCNA Security exams? As usual, Cisco is very fair about this. Candidates who have a valid CCNA Routing and Switching certification and have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid through December 31, 2014.
CCNP Security Requirements
Four new exams are required for this premier Certification:
300-206 SENSS - the Implementing Cisco Edge Network Security (SENSS) (300-206) focuses on Cisco network perimeter edge devices such as Cisco switches, Cisco routers, and Cisco ASA firewalls. The exam is 90 total minutes and consists of 65-75 questions.
The main sections and content you need to be ready for are:
- Threat Defense - 25% of your exam is this area. It covers ASA firewalls, Layer 2 security, and the hardening of Cisco devices like routers and switches.
- Cisco Security Devices GUIs and Secured CLI Management - 25% of your exam is in this area. Topics in this area are SSHv2, HTTPS, SNMPv3, RBAC in ASA and IOS, Cisco Prime, Cisco Security Manager, and the ASA's ASDM GUI.
- Management Services on Cisco Devices - 12% of your exam is in this area. Topics are the NetFlow exporter, logging best practices, NTP, CDP, DNS, SCP, SFTP, and DHCP.
- Troubleshooting, Monitoring and Reporting Tools - 10% of your exam is in this area. Topics are monitoring firewalls using analysis of packet tracer, packet capture, and syslog data.
- Threat Defense Architectures - 16% of your exam is in this area. Topics are the design of firewall solutions as well as additional Layer 2 security mechanisms.
- Security Components and Considerations - 12% of your exam is in this area. Topics are security operations management architectures, Data Center security components and considerations, collaboration security components and considerations, and common IPv6 security considerations.
Sign up for CIO Asia eNewsletters.