Ccie Security Study Guide Version 4
Re: CCIE security Version 4 official study guide Adam Loveless Jun 11, 2014 5:18 AM ( in response to Jinshu ) There is an Amazon page listing the book and.
NOTE: I plan on updating this blog as I find good blogposts and other good threads out there so plan on this blog post being a living document. It was about a year ago that I posted post where I went through the CCIE Security materials I intended to study with. In that time, the CCIE Security v5 blueprint was released and I thought I would update the list to reflect the current blueprint and the study materials that are out there. The unified written/lab blueprint can be found The lab equipment and version numbers can be found. Cisco was also nice enough to post study materials and. Based on the above, the following are the most relevant materials I've found out there: AMP AMP for Endpoints private cloud is most certainly on the lab per the above lab equipment list. The good news is that with Private Cloud, there are a few less features to have to lab but it's still a pretty important lab topic and there aren't a lot of training materials out there.
Getting your hands on the labbing equipment either means having AMP for Endpoints purchased at your company or doing an evaluation. Be aware: This evaluation is pretty strict. You won't be able to get it past the time you are given a temporary license for. If you have the option of doing regular AMP for Endpoints (not the Private Cloud version), I would recommend using that since it has even more features and if you master that, you'll be able to do the Private Cloud material easier. I would just recommend knowing how to do the setup of AMP Private Cloud if you can't get your hands on it and have a mastery of AMP for Endpoints. Study Materials:. This is an official class by Cisco that covers AMP for Endpoints and there was a strong focus on AMP for Endpoints Private Cloud.
The class also comes with a 300+ page lab workbook. I feel this class is probably enough to get you past most of the lab. Since it is a Cisco class, if your company has Cisco Learning Credits, you could always use them with any Cisco Learning Partner to purchase this class.
BRKSEC-2139- Advanced Malware Protection Note: There is also a book on the market called 'Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP.' While this is an excellent book for learning about the products, I think it's more geared towards the CCNA/CCNP Security level than the CCIE Security level which is why I'm not including it on the list.
If you know absolutely nothing about Firepower or AMP, it might be a good read and it's not a very large book. For AMP for Networks in regards to the ESA, Firepower, and WSA, you're probably best served just reading the small section in the configuration guides. This is not a complex configuration for the malware aspect on the Amp for Networks portion. Firepower This is a fun one to lab and work on. I would recommend reacting out to your Cisco sales team to talk about trying the software out. With the Firepower Management Center VM and a device running FTD, you can run it in evaluation mode for 90 days if you go to SystemLicensesSmart Licenses and click on the button Evaluation for 90 day.
After that, you'll either have to purchase licenses or create a new Firepower Management Center VM. Personally, I would recommend labbing Firepower 6.1. The lab equipment guide says that it could be 6.0.1 or 6.1 but I think there's a better chance of it being 6.1 personally since that code version had been out for a few months when the v5 lab took affect. The lab equipment list says that it will have NGIPSv and Firepower Threat Defense. These two things are not the same. Understand the differences and the limitations of both. One thing also to note: ASA 5512-Xs are also listed on the lab equipment list. It doesn't specify whether this is just regular ASA or ASA with Firepower.
I would recommend knowing how to configure the SFR module and potentially clustering the ASAs with those modules. Study Materials:. by Todd Lammle and Alex Tatistcheff - While this book was written for Firepower/Sourcefire 5.4, it still does an excellent job at explaining a lot of the concepts and probably about 70-80% of it is still relevant. by Todd Lammle and Alex Tatistcheff - This one just came out but it's actually larger than the SSFIPS book and probably a bit more relevant.
I haven't read it all the way through but the SSFIPS was an excellent book so I can vouch for the authors. There are over 50+ free videos available on the site for Firepower 5.4 and 6.0 as well as an option to buy Firepower 6.1 videos. The gentleman that runs this site is awesome and his videos are invaluable. I definitely recommend coughing up the dough for the 6.1 videos and watching the free ones. BRKSEC-2028-Deploying Next-Generation Firewall with ASA and Firepower Services. BRKSEC-3126-Firepower - Advanced Configuration and Tuning.
BRKSEC-2762-Firepower Network Security Platform. BRKSEC-2020-Firewall Deployment ASA The lab equipment list says that there are two ASA 5512-Xs. You can bet that inline Trustsec tagging, clustering, and multicontext are going to be on the lab if these are here. If they weren't going to include it, it would have probably just been easier for the lab creators to stick with virtual ASAs and FTD devices but they also added the physical ASAs.
If you want to lab this out, you definitely can't get a 5506 because there's no clustering or multicontext on that platform but you don't have to get the exact model on the lab either. I would also NOT recommend getting a non-X model of the ASA since it won't support the same code train that's on the lab. Check out the prices for a pair of 5508s if you can. I believe those support all the features that the 5512-X do. Study Materials:.
Still a good book. Don't be intimidated by the size. Most of the book is screenshots of ASDM and that can be skipped for the CLI portions. Great for post-8.3 NAT. BRKCCIE-3203-Firewall core for CCIE Candidates.
Ccie Security Study Guide Version 4.0 Written
BRKSEC-2134-Building a Highly Secure Internet Edge In the future, INE is also going to offer some CCIE Security v5 updated videos as well. APIC-EM It's on the lab equipment blueprint so it's definitely a testable subject on the lab. I doubt there will be much in terms of configuration for this but it's going to be there for sure. The good news is that APIC-EM should be easy to download but it's going to require some serious server metal. If you try to thin provision or put less than the recommended amount of RAM, disk space, etc, it will certainly fail the hardware checks and not install. Study Materials: There are a lot of free videos and configuration guides.
I don't think there is going to be that much complex stuff on the lab regarding APIC-EM and it's probably a placeholder for SD-Access for future versions of the test but I'll link the following:. This is where you can download it for free. 1.2 is the version that should be on the lab. IOS/CSR Security including NAT, IPv6 & VPN There aren't going to be any physical routers on the lab according to the lab equipment guide so you should be able to get away with CSR1000v for the router. However, you most certainly need to have a 3650/3850 that's able to support the code train that's on the lab. I know the desire will be to get a cheap IOS switch and just do that.
I would NOT recommend doing so. There are syntax and feature differences between using old 3750s and newer 3650/3850 switches. Study Materials:.
Ccie Security Pdf
BRKSEC-3007-Advanced IOS Security Features ISE Obviously, this site is good for ISE but it's probably not enough to get you past the lab. The good thing is that there are a lot of great videos out there for ISE. With ISE, also comes Trustsec. I strongly suspect Trustsec will be a big part of the lab.
The reason I assume this is because some of the equipment being used in the lab could have been easily virtualized but because the lab creators decided to go physical, they must need a feature that only the physical version has. For example, they could have used a virtual WLC in the lab if they wanted to cut down on equipment but instead they decided to go with a 2504 wireless controller. The only extra feature I can think they could gain from that is the ability to do SXP which isn't available in the vWLC Study Materials:.
Some of it is a little out of date but great at understanding Trustsec. Very easy reads and really walk you through the configuration. These videos were gold for me when I was originally learning ISE. Still wonderful videos. Metha has it updated to version 2.0 and I suspect he'll be doing a 2.1 series soon enough. Good for labbing but doesn't go as deep as the LiveLessons videos because it's not focused on theory. These are more complimentary to the LiveLesson TrustSec videos.
Ccie Security Jobs
Newly updated and just released.
Attention, Internet Explorer User Announcement: Jive has discontinued support for Internet Explorer 7 and below. In order to provide the best platform for continued innovation, Jive no longer supports Internet Explorer 7. Jive will not function with this version of Internet Explorer. Please consider upgrading to Internet Explorer 8, 9, or 10, or trying another browser such as Firefox, Safari, or Google Chrome.
(Please remember to honor your company's IT policies before installing new software!).