CCIE Security

Zia Hussain

CCIE Security Exam PM

CCIE No. 7745 (Security, R&S, ISP-Dial)

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

Session PurposeTo Tailor

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Being a CCIE is Journey

Who? Why? How? Be..

Path

BRKCCIE-3500 4

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

Who is an Expert?

Traffic Flow

Traffic Flow Dependencies

Device Architecture

Solution

Optimize

Denial of Service

Network Integrity

Misconfiguraton

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Why You Want to be CCIE?

Professional 5+ Years of Industry Experience5+ Years of Industry Experience

5+ Years of Industry

Experience

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Blueprint

Domain

Topic

Identify the strength

Plan to improve

Execute the plan

Assess the outcome

I.P.E.A

8

How to be a CCIE ?

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Identify

Blueprint Domain/Technology Topic

Strong

Understand Architecture ?

Understand All features?

Can Troubleshoot?

Can configure in time sensitive

situation?

Yes

Yes

Yes

No

Weak

Understand Architecture ?

Understand All features?

Can Troubleshoot ?

No

No

No

Plan for the Strong area

Plan for the Weak areaCan troubleshoot in time

sensitive situation?No

9BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Plan

Blueprint Domain/Technology Topic

Strong

Case Studies

Configure

Document Show/Debug commands

Weak

Cisco Documentation Cisco Press Books

CLN Study Group

Tweak Break

Observe the Effects

Time Constraint

Case Studies

Ask Peer to Provide

Design Questions Troubleshooting Incidents

Solve in an allocated time

10BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Execute

Blueprint Domain/Technology Topic

Strong

Build a small rack

Setup a timeline

Weak

Requires a lot of reading

Setup a timeline

Rent a rack

11BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Assess

Blueprint Domain/Technology Topic

Strong Weak

Comfortable with Architecture?

Understand all the features?

Can you configure timely?

Can you troubleshoot timely?

Can troubleshoot?

If Yes

If Yes

Strong is now Expert

Weak is now Strong

12BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Read Journals Read Papers RecertifyRemain Hands-On

To Keep Up To Prove

13

How to Remain a CCIE?

BRKCCIE-3500

CCIE and CCIE Security Program Overview

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

1 Perimeter Security and Intrusion Prevention 21%

2 Advanced Threat Protection and Content Security 17%

3 Secure Connectivity and Segmentation 17%

4Identity Management, Information Exchange, and Access

Control22%

5 Infrastructure Security, Virtualisation and Automation 13%

6 Evolving Technologies 10%

15

Best Practices for Creating Slides

Domains Topics Written

23%

19%

19%

24%

15%

N.A.

Lab

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Topics added in v5.0:

• Advanced Threat Protection

• Virtualisation

• Automation

• Information Exchange

• Evolving Technologies

Topics removed from v4.0:

• Legacy IPS Appliance

• Easy VPN

Difference Between v4.0 and v5.0: Exam Blueprint

Unified Blueprint Common For Written and Lab

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Difference Between v4.0 and v5.0: Exam Delivery

Security Appliances

ISE: 2.x

ACS: 5.x

WSA: 9.x

ESA: 9.x

WLC: 8.x

FireSIGHT Management Center (FMC):

6.x

NGIPSv: 6.x

Firepower Threat Defense (FTD): 6.x

Core Devices

IOSv L2: 15.x

IOSv L3: 15.x

CSR1000V: 16.x

ASAv: 9.x

Others

Test PC: Windows 7

AD: Windows Server 2008

APIC-EM: 1.x

CUCM: 8.x

FireAMP Private Cloud

Virtualisation

TS Completely Virtualised

Catalyst Switch: C3850-12S (16.x)

ASA: 5512-X ( 9.x)

WLC: 2504 (8.x)

AP: 1602E (15.x)

IP Phone: 7965 (9.x)

Physical Devices

CFG Hybrid That May Have Physical

Devices

Routers

ISR 3825: 15.1(3)T3

ISR 1841: 15-2.T1

ISR 2951-G2 :15.1(3)T3

Catalyst Switches

3560-E: 122-55.SE5

3750-X: 150-1.SE2

ASAs 5510: 8.4(3), 8.2(5)

IPS 4240: 7.0(7)E4

WSA S170: 7.1.3-021

AP 1242G: 124-25e

Physical Devices

Device Removed From V5.0

v5.0 v4.0

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Difference Between v4.0 and v5.0: Exam Format

v5.0

v4.0

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Difference Between v4.0 and v5.0: Exam Scoring

To PassSingle Module (CFG+TS) Secure Cut-Score

v5.0 v4.0

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Cisco Documentation

Familiarise With Documentation Page

DO NOT Heavily Rely On

Documentation

URL Filtering Deployed In The Lab

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

San Jose RTP

Brussels

Dubai

Bangalore

Beijing

Hong Kong

Tokyo

Sydney

21

Worldwide Labs

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

https://learningnetwork.cisco.com/docs/DOC-3224

22

Checked For Latency

Hosted Within Cisco Premises

Costs More

Mobile Labs

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

IP Addressing

Layer 2

Hostname Password

VTP VLAN Trunking

Layer 3 IGP EGP

WAN Frame Relay PPP

Other

Lab Exam Pre-Configuration

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Scripted With Manual Verification

No Partial Scoring

Points Only For Working Solution

Alternate Solution Is Acceptable (CFG)

Result In 48 Hours

Lab Exam Grading

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Sleep Well

Have a Breakfast

Arrive Early

Relax: It’s Just an Exam

Before Lab Prep

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Read the Guidelines

Absorb Topology

Read All Questions

Execute Questions In Sequence

Avoid Verification Over Kill

Avoid Enabling Debugs

Re-Check The Lab

Don’t Mess Up With Console Access

During Lab Tips

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

Document Shortcomings

Address Shortcomings

After Lab Assessment

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

Written: Wait Time 15 Days Between Attempts

Lab: Wait Time 30 Days Between Attempts

Exam Retake Policy

BRKCCIE-3500

Demo

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

Case 1 Dot1x-TrustSEC

Case 2MAB-CWA-

TrustSEC

Case 3AMP For

EndPoint

Case 4 Network

Orchestration

CTS

BRKCCIE-3500

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

zia@cisco.com

Don’t forget survey!

BRKCCIE-3500

Q & A

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

• Give us your feedback and receive a Cisco Live 2018 Cap by completing the overall event evaluation and 5 session evaluations.

• All evaluations can be completed via the Cisco Live Mobile App.

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Global.

Thank you