Analysis of the key points of CCIE certification training: most people will choose to take part in the training for CCIE learning. After all, CCIE certification is difficult to pass. In each CCIE direction, the key points of training are different. In the past, because the EI direction was relatively new and typical, SPOTO usually took the EI direction as an example. But in this article, we will talk about the security direction to analyze the key points of CCIE certification training.
Introduction to CCIE security certification
With the development of the Internet, network security has attracted much attention, and the security direction has become a very popular direction. To obtain a CCIE security certificate, you need to pass two exams. One is the qualification exam covering core security technology, which is a written exam: SCOR 350-701. The main knowledge points involved include network security, cloud security, content security, endpoint protection and detection, secure network access, visibility, and execution. The other is the hands-on experimental exam of security technologies and solutions covering the whole network life cycle, from design and deployment to operation and optimization. At present, it is version 6.0, and the experimental exam is the real difficulty.
Key points of written exam of CCIE security certification training
In terms of CCIE security written exam the key training points include describing the concept of information security, describing common TCP / IP attacks, describing common network application attacks, describing common endpoint attacks, describing network security technology, deploying Cisco ASA firewall, deploying Cisco Firepower next generation firewall, deploying e-mail content security, deploying Web content security, deploying Cisco Umbrella, explaining VPN technology and cryptography, introducing Cisco secure site-to-site VPN solution, deploying peer-to-peer IPsec VPN based on Cisco IOS VTI, deploying peer-to-peer IPsec VPN on Cisco ASA and Cisco Firepower NGFW, introducing Cisco secure remote access VPN solution, deploying remote access SSL VPN on Cisco ASA and Cisco Firepower NGFW, explaining Cisco secure network access solution, describing 802.1X authentication, configuring 802.1X certification, describing endpoint security technology, deploying Cisco advanced malware protection (AMP) for terminals, introducing network infrastructure protection, deploying plane security control, deploying layer 2 data plane security control, deploying layer 3 data plane security control, deploying management plane security control, deploying traffic telemetry method, deploying Cisco Steelthwatch Enterprise, describing cloud and common cloud attacks, protecting cloud, deploying Cisco Steelthwatch cloud, describing software to define network SDN, etc.
Key points of the lab exam of CCIE security certification training
In terms of the lab exam, the training focuses on perimeter security and intrusion prevention, infrastructure security, identity management, information exchange, and access control, as well as advanced threat prevention and content security. Important experiments include configuring Cisco ASA access control policy, configuring Cisco Firepower NGFW NAT, configuring Cisco Firepower NGFW access control policy, configuring proxy service, authentication, and HTTPS decryption, configuring point-to-point VPN between Cisco ASA and Cisco Firepower NGFW, configuring remote access VPN on Cisco Firepower NGFW, etc.
The analysis of the key learning points of CCIE security certification training is so much. Although the content of the written exam is a little bit more, it is actually more basic, and the difficulty is still in the lab exam.
