CCIE Security v6.1-Learning-Matrix

Goal
. The goal of this learning matrix is to help you attain your goal to become certified by providing study resources tail
. It is intended to be used as a reference, and not to provide a complete list of all resources available. The matrix foc
. These widely available preparation resources can be in the form of specific chapters of books, Cisco Validated Desi
webinars, VoDs, SRNDs, white papers, case studies, design guides, Design TechNotes, reference guides, etc.
Disclaimer
. There is no guarantee that you will be able to pass the exam by only referring to material provided within this matr
. There are a lot of other resources (both internal and external) that cover the same exam topics. You are encouraged to use a
. This matrix should be considered a living document and taking into account the sheer amount of possible relevant content, t
. We encourage you to participate and engage with us, so if you have any suggestions for further content or any comments re
How to make the best out of this learning matrix?

1.1. Evaluate yourself and determine which areas you need to improve in
1.2. Create a strategy

Determine which preparation resources YOU need based upon your self-evaluation. Several options might be provid
1.3. Get preparation resources tailored to your own needs

Buy or borrow books, schedule classes, find a study partner, etc. In short, arrange all YOU need to get ready for the
1.4. Are you ready?

Once you are comfortable you are mastering exam topics, register and take the exam.
1.5. Pass?
Did you pass? Great! Did you not? Do not despair, do a lessons learned review and update your self-evaluation.
viding study resources tailored to your own needs.
es available. The matrix focusses primarely on Cisco and Cisco Press content.
ooks, Cisco Validated Design documents (CVDs), Cisco Live 365 presentations, courses,
erence guides, etc.
l provided within this matrix. But it will certainly improve your skills, which will serve as the foundation you need to build upon
You are encouraged to use any other resources at your own discretion during your exam preparation.
f possible relevant content, the objective here is to refine and improve this compilation of resources over time, so please refer to it freque
content or any comments regards to the current content, please let us know.
ral options might be provided to prepare to each topic, you might not need all of them.
need to get ready for the exam.
e your self-evaluation.
on you need to build upon.
e, so please refer to it frequently.

Sub-Domain
Domain
Task
ID
1 Perimeter Security and Intrusion Prevention
Deployment modes on Cisco ASA

1.1
and Cisco FTD
1.1.a Routed
1.1.b Transparent
1.1.c Single
1.1.d Muti-Context
1.1.e Muti-instance
Firewall features on Cisco ASA and
1.2
FTD
1.2.a NAT
1.2.b Application inspection
1.2.c Traffic zones
1.2.d Policy-based routing
1.2.e Traffic redirection to service modules
1.2.f Identity Firewall
Security features on Cisco IOS/IOS -
1.3
XE
1.3.a Application awareness
1.3.b Zone-based firewall
1.3.c NAT
1.4 Cisco FMC features
1.4.a Alerting
1.4.b Logging
1.4.c Reporting
1.4.e Dynamic Objects
1.5 Cisco NGIPS deployment modes
1.5.a In-line
1.5.b Passive
1.5.c TAP
1.6 Cisco NGFW features
1.6.a SSL inspection
1.6.b User identity
1.6.c Geolocation
1.6.d AVC
Detect and mitigate common types
1.7
of attacks
1.7.a DoS/DDoS
1.7.b Evasion Techniques
1.7.c Spoofing
1.7.d Man-in-the-middle
1.7.e Botnet
1.8 Clustering and high availability
Policies and rules for traffic control

1.9
on Cisco ASA and Cisco FTD
Routing protocols security on Cisco

1.1
IOS, Cisco ASA, and Cisco FTD
Network connectivity through Cisco

1.11
ASA and Cisco FTD
Correlation and remediation rules

1.12
on Cisco FMC
2 Secure Connectivity and Segmentation
Cisco AnyConnect client-based,

remote-access VPN technologies on
2.1
Cisco ASA, Cisco FTD, and Cisco
routers
2.2 Cisco IOS CA for VPN authentication
FlexVPN, DMVPN, and IPsec L2L

2.3
tunnels
2.4 VPN high availability methods

2.4.a Cisco ASA VPN clustering
2.4.b Dual-hub DMVPN deployments
Infrastructure segmentation
2.5
methods
2.5.a VLAN
2.5.b PVLAN
2.5.c GRE
2.5.d VRF-Lite
Microsegmentation with Cisco
2.6
TrustSec using SFT and SXP
3 Security Infrastructure
Device hardening techniques and

3.1
control plane protection methods
3.1.a CoPP
3.1.b IP source routing
3.1.c iACLs
Management plane protection
3.2
techniques
3.2.a CPU
3.2.b Memory threshold
3.2.c Securing device access
3.3 Data plane protection techniques

3.3.a uRPF
3.3.b QoS
3.3.c RTBH
3.4 Layer 2 security techniques

3.4.a DAI
3.4.b IPDT
3.4.c STP security
3.4.d Port security
3.4.e DHCP snooping
3.4.f RA guard
3.4.g VACL
3.5 Wireless security technologies
3.5.a WPA
3.5.b WPA2
3.5.c WPA3
3.5.d TKIP
3.5.e AES
3.6 Monitoring protocols
3.6.a NetFlow/IPFIX/NSEL
3.6.b SNMP
3.6.c SYSLOG
3.6.d RMON
3.6.e eStreamer
Security features to comply with

3.7 organizational security policies,
procedures, and standards BCP 38
3.7.a ISO 27001

3.7.b RFC 2827
3.7.c PCI-DSS
Cisco SAFE model to validate
3.8 network security design and to
identify threats to different PINs
3.9 Interaction with network

3.9 devices through APIs using basic
Python scripts
3.9.a REST API requests and responses
3.9.b Data encoding formats
Cisco DNAC Northbound APIs use
3.10
cases
3.10.a Authentication and authorization
3.10.b Network discovery
3.10.c Network device
3.10.d Network host
4 Identity Management, Information Exchange, and Access Control
Cisco ISE scalability using multiple
4.1
nodes and personas
Cisco switches and Cisco Wireless

4.2 LAN Controllers for network access
AAA with Cisco ISE
Cisco devices for administrative

4.3
access with Cisco ISE
AAA for network access with 802.1X

4.4
and MAB using Cisco ISE
Guest lifecycle management using

4.5
Cisco ISE and Cisco WLC
BYOD on-boarding and network

4.6
access flows
Cisco ISE integration with external

4.7
identity sources
4.7.a LDAP
4.7.b AD
4.7.c External RADIUS
Provisioning Cisco AnyConnect with
4.8
Cisco ISE and Cisco ASA
4.9 Posture assessment with Cisco ISE
Endpoint profiling using Cisco ISE

4.1 and Cisco network infrastructure
including device sensor
4.11 Integration of MDM with Cisco ISE
Certification-based authentication
4.12
using Cisco ISE
4.13 Authentication methods

4.13.a EAP Chaining and TEAP
4.13.b MAR
Identity mapping on Cisco ASA,

4.14
Cisco ISE, Cisco WSA, and Cisco FTD
pxGrid integration between security

4.15 devices Cisco WSA, Cisco ISE, and
Cisco FMC
Integration of Cisco ISE with

4.16
multifactor authentication
Access control and single sign-on

4.17
using Cisco DUO security technology
Cisco IBNS 2.0 (C3PL) for

4.18 authentication, access control, and
user policy enforcement
5 Advanced Threat Protection and Content Security
Cisco AMP for networks, Cisco AMP

for endpoints, and Cisco AMP for
5.1
content security (Cisco ESA, and
Cisco WSA)
Detect, analyze, and mitigate

5.2
malware incidents
Perform packet capture and

5.3 analysis using Wireshark, tcpdump,
SPAN, ERSPAN, and RSPAN
5.4 Cloud security
5.4.a DNS proxy through Cisco Umbrella
virtual appliance
5.4.b DNS security policies in Cisco
Umbrella
5.4.c RBI policies in Cisco Umbrella
5.4.d CASB policies in Cisco Umbrella
5.4.e DLP policies in Cisco Umbrella
Web filtering, user identification,
and Application Visibility and
5.5
Control (AVC) on Cisco FTD and
Cisco WSA.
5.6 WCCP redirection on Cisco devices
5.7 Email security features

5.7.a Mail policies
5.7.b DLP
5.7.c Quarantine
5.7.d Authentication
5.7.e Encryption
HTTP decryption and inspection on

5.8 Cisco FTD, Cisco WSA, and Cisco
Umbrella
Cisco SMA for centralized content

5.9
security management
Cisco advanced threat solutions and
their integration: Cisco
Stealthwatch, Cisco FMC, Cisco
5.1
AMP, Cisco CTA, Threat Grid, ETA,
Cisco WSA, Cisco SMA, Cisco Threat
Response, and Cisco Umbrella
Books / White Paper
Training
Integrated Security Technologies and Solutions CCIE Security Practice Labs
Next Generation Technologies and Solutions CCIE Security Practice Labs
Network Security Technologies and Solutions CCIE Security Practice Labs
CCIE Security Practice Labs







Next Generation Technologies and Solutions
Network Security Technologies and Solutions














Cisco ISE for BYOD and Secure Unified Access CCIE Security Practice Labs





Online Ref.
Cisco Live
Cisco FTD FTD Modes

Cisco FTD
Cisco FTD
Cisco FTD
Cisco FTD
Cisco FTD ASA Configuration Guide

Cisco FTD ASA Configuration Examples
Cisco FTD FMC Configuration Guide
Cisco FTD
Cisco FTD
Cisco FTD
IOS XE IOS XE Configuration Guide

IOS XE
IOS XE
Cisco FMC FMC Configuration Guide

Cisco FMC
Cisco FMC
Cisco FMC
Cisco NGIPS IPS Deployment

Cisco NGIPS FTD Configuration
Cisco NGIPS
Cisco NGFW Cisco NGFW

Cisco NGFW
Cisco NGFW
Cisco NGFW
Attacks Mitigation DDoS Guide

Attacks Mitigation Types of Attacks
Attacks Mitigation
Attacks Mitigation
Attacks Mitigation
FTD Cluster FTD HA

FTD Cluster FTD Clustering
FTD Cluster HA Guide
FTD Cluster Cluster Deployment
FTD Cluster ASA Configuration Guide
FTD Policies CLI Book

FTD Policies FTD ACP Rules
FTD Policies
Protocols Security OSPF Configuration

Protocols Security EIGRP Configuration
Protocols Security FTD Routing
Troubleshooting Guide
Troubleshooting Guide
Corelation Policies Configuration
Cisco AnyConnect Cisco AnyConnect Guide

PKI Guide
IPsec DMVPN Configuration

FLEXVPN Configuration
LAN-To-LAN IPsec Configuration
VPN HA Guide
VPN Load Balancing
VLAN Guide
PVLAN Guide
GRE Tunnel Guide
VEF-lite Guide
Trustsec SXP Guide
CoPP Configuration
Configuring IP Services
Configuring iACLs
Configuring Mangement Plane Protection
Configuring Control Plane Protection
Management Access Methods
Unicast Reverse Path Forwarding

QoS Configuration Guide
Remotely Triggered Black Hole Filtering

Configuring DAI
IPDT Overview
Configuring STP
Configuring Port Security
Configuring DHCP Snooping
IPv6 RA Guard
VACLs
Wireless Security Configuring WLC

Wireless Security
Wireless Security
Wireless Security
Wireless Security
Configuring NETFLOW
Configuring SNMP
Logging
Events and Alarms
Configuring eStreamer
RFC 2827
Cisco SAFE Model SAFE Guide
DEVNET REST APIs
APIs DNAC Intent APIs

APIs
APIs
APIs
ISE
WLC-ISE Configuration
TACACS Device Administration
MAB Guide
802.1X Guide
802.1X Guide
Guest Management
ISE Administration Guide
AD-ISE Integration
LDAP-ISE Integration
External RADIUS-ISE Integration
AnyConnect Guide
Posture Deployment Guide
ISE Support Page
Manage Network Devices
EAP-TLS Configuration
EAP-FAST and Chaining
MAR
ISE Configuration
ISE Support Page
Two Factor Authentication
DUO DUO Support Page
IBNS 2.0 Configuration
AMP-WSA-ESA AMP
FMC Configuration Guide
AMP For Endpoints
WSA User Guide
ESA User Guide
Malware Incidents Mitigation Incident Investigation and Mitigation
Cisco Secure Support Page

Cisco ICS
Packet Capturing Configuring SPAN and RSPAN

Configuring ERSPAN
Switch SPAN Configuration
Cloud Security Umbrella Umbrella Support Page
URL Filtering Configuration

FTD Configuration Guide
Security Products Support Page
WSA User Guide
Enabling AVC
Email Security WCCP Configuration Guide
Configuring Mail Policies

Configuring DLP
Configuring Policy, Virus and Outbreak Quarantine
Configuring SPAM Quarantine

Configuring SMTP Authentication
Configuring Email Authentication
Configuring Email Encryption
SSL Decryption
Decryption Policies
SSL Decryption in Intelligent Proxy
SMA User Guide

Threat Analytics ISE-FMC Integration
Threat Mitigation ISE and ISE-PIC Configuration
Stealthwatch CTA
ETA
ETA Configuration Guide
ISE-WSA Integration

CCIE Security v6.1-Learning-Matrix

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCIE Security v6.1-Learning-Matrix

Uploaded by

Copyright:

Available Formats

Goal

How to make the best out of this learning matrix?

1.2. Create a strategy

1.3. Get preparation resources tailored to your own needs

1.4. Are you ready?

need to get ready for the exam.

e, so please refer to it frequently.

1 Perimeter Security and Intrusion Prevention

Deployment modes on Cisco ASA

Policies and rules for traffic control

Routing protocols security on Cisco

Network connectivity through Cisco

Correlation and remediation rules

2 Secure Connectivity and Segmentation

Cisco AnyConnect client-based,

FlexVPN, DMVPN, and IPsec L2L

2.4 VPN high availability methods

Device hardening techniques and

3.2.b Memory threshold

3.2.c Securing device access

3.3 Data plane protection techniques

3.4 Layer 2 security techniques

Security features to comply with

3.7.a ISO 27001

3.9 Interaction with network

Cisco switches and Cisco Wireless

Cisco devices for administrative

AAA for network access with 802.1X

Guest lifecycle management using

BYOD on-boarding and network

Cisco ISE integration with external

4.9 Posture assessment with Cisco ISE

Endpoint profiling using Cisco ISE

4.11 Integration of MDM with Cisco ISE

4.13 Authentication methods

Identity mapping on Cisco ASA,

pxGrid integration between security

Integration of Cisco ISE with

Access control and single sign-on

Cisco IBNS 2.0 (C3PL) for

5 Advanced Threat Protection and Content Security

Cisco AMP for networks, Cisco AMP

Detect, analyze, and mitigate

Perform packet capture and

5.6 WCCP redirection on Cisco devices

5.7 Email security features

HTTP decryption and inspection on

Cisco SMA for centralized content

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs

CCIE Security Practice Labs

CCIE Security Practice Labs

Integrated Security Technologies and Solutions CCIE Security Practice Labs