CCNP Security Certification

Learning@Cisco Overview

Increasing Demand for Network Security Practical Skills
Cisco has noticed the evolution of the network security professional and its relevance to the industry. The speed at which network security is evolving demands more practical hands-on skills in network security engineering and has made network security performance more visible to the entire organization. The network security engineers in the marketplace today understand the products and the discipline of good network security as well as the practices and mandates of industry and government for compliance while protecting their organizations from increasingly savvy threats seeking to compromise their systems. Cisco network security engineers have real-world security implementation and troubleshooting skills.

infrastructures using the latest Cisco security devices, technologies, and appliances. The curriculum emphasizes the real-world best practices of network security engineering utilizing Cisco IOS® Software security features, Cisco ASA adaptive security appliance features, secure virtual private network (VPN) connectivity, Cisco Intrusion Prevention Systems (IPSs), Cisco security management tools, and techniques to optimize these technologies in a single, integrated network security solution.

Achieving CCNP Security Certification
CCNP Security certification offers employers job-ready training and skills as tangible proof of experienced, professional-level network security engineers for today’s demanding security environment. Industry forecasts show that in the next five years, the industry will need double the number of network security professionals, and most of them will need to be recognized by an industry certification.

Job-Ready Practical Skills
The Cisco CCNP® Security certification program is a practical, relevant, job-ready certification curriculum aligned closely with the specific tasks expected of these highly demanded professionals. Cisco realizes that the role of the network security engineer is tasked with increased focus on configuration responsibilities as the technical consultant and device specialist on a security team; therefore, the CCNP® Security curriculum is specific to the best practices of the network security engineers using the latest Cisco equipment, devices, and appliances.

Requirements
The CCNP Security program is a three-year certification program intended to recognize the Cisco network security engineers who have the necessary skills to test, deploy, configure, maintain, and troubleshoot Cisco network security appliances and Cisco IOS Software devices that establish the security posture of the network. Prior to attempting the CCNP Security certification or any of its associated security specialist certifications, individuals must meet the requirements for the Cisco CCNA® Security certification and have at least one to three years of experience in the field of network security.

Network Security Engineering Best Practices
The CCNP Security program validates advanced knowledge and skills required to engineer secure network

© 2011 Cisco and/or its affiliates. All rights reserved. 18July2011

high-availability VPNs. site-tosite VPNs. 642-617 642-647 CNSS 4013 Recognition The National Security Agency (NSA) and the Committee on National Security Systems (CNSS) recognize that Cisco security courseware meets the CNSS 4013 training standard.1x.CCNP Security Certification Prerequisite Skills and Knowledge Completion of the CCNA Security certification requires the prerequisite exams and recommended training shown in Table 1. Candidates who have met the standard will be issued a letter of recognition acknowledging their completion of the related requirements. consultants. including advanced protocol handling. 18July2011 . and architects who configure advanced Cisco ASA adaptive security appliance firewalls and VPN solutions. The Cisco ASA adaptive security appliance is a best-in-class product. All rights reserved. these specialist certifications offer a convenient validation of skills and competency for network security solutions in the areas of intrusion prevention. the Cisco CCNP Security certification program provides the required training for network security professionals who assist federal agencies and private sector entities to protect their information and aid in the defense of the nation's vital information resources. and in use at leading enterprises and service providers worldwide. and failover features (see Table 3). This advanced standard is intended for System Administrators responsible for the security oversight or management of critical networks. remote-access VPN. widely deployed. Table 2 CCNP Security Exams and Recommended Training Required Exams 642-637 Exam Name and Recommended Training Securing Networks with Cisco Routers and Switches (SECURE) Implementing Cisco Intrusion Prevention System (IPS) Deploying Cisco ASA Firewall Solutions (FIREWALL) Deploying Cisco ASA VPN Solutions (VPN) 642-627 Cisco ASA Security Specialist Certification The Cisco ASA Security Specialist certification recognizes security professionals who have attained specialized in-depth expertise and proven knowledge of the recommended best practices in designing. Intended for individuals who specialize in one or more technologies or products that make up the network security infrastructure. implementing. high availability. By being compliant. Network Admission Control (NAC). and troubleshooting network security solutions using the adaptive security appliance technologies. This letter of recognition can be used as confirmation of having met the CNSS 4013 requirements. perimeter firewalls. The Cisco ASA Security Specialist certification is recognized as the benchmark security product certification for engineers. maintaining. Table 1 Required Exams and Recommended Training Required Exams 640-802 or 640-822 & 640-816 640-553 Exam Name and Recommended Training Learning@Cisco Overview This formal NSA and CNSS certification gives Cisco the authority to recognize those candidates who have demonstrated that they have met the CNSS 4013 training standard. mobile access. © 2011 Cisco and/or its affiliates. IEEE 802. CCNA Composite or Interconnecting Cisco Network Devices 1 (ICND1) Interconnecting Cisco Network Devices 2 (ICND2) CCNP Security Product/Technology Security Specialist Certifications Within the CCNP Security curriculum are several network security engineering specialist certifications for cross training and staff development. The following security specialist certifications are included in the CCNP Security curriculum: Implementing Cisco IOS Network Security (IINS) The CCNP Security curriculum requires the exams and recommended training shown in Table 2. and Cisco IOS Software security features embedded in the latest Cisco routers and switches. VPNs. Cisco IOS SSL VPN.

implement. and maintain Cisco firewall solutions using the Cisco ASA adaptive security appliance and zone-based firewall solutions in Cisco routers and switches are in high demand. Information systems security (INFOSEC) and network professionals who have the skills to properly deploy and configure the Cisco IPS are in high demand. The Cisco firewall security specialist is a focused certification that validates skills and knowledge in implementing perimeter security solutions using Cisco security appliances. Group Encrypted Transport VPN (GET VPN). troubleshoot. Table 6 Cisco Intrusion Prevention Security Specialist Certification Required Exam 642-627 Exam Name and Recommended Training Cisco Firewall Security Specialist Cisco firewalls are ubiquitous in the world of network security today. and troubleshoot this appliance to work well in a complete security solution. 642-637 Cisco IOS Security Specialist The Cisco IOS Software security specialist demonstrates the hands-on knowledge and skills required to secure networks using Cisco IOS Software security features embedded in the latest Cisco routers and switches as well as the widely deployed Cisco security appliances. Cisco VPN solutions are widely deployed in many of today’s networks. as follows: zone-based policy firewall. Cisco IOS Software security specialists are able to secure the network environment and provide security services based on Cisco IOS Software. and support these various VPN solutions using Cisco IOS Software and the robust Cisco ASA adaptive security appliance (see Table 7). 802.CCNP Security Certification Table 3 Cisco ASA Security Specialist Certification Required Exams 642-617 Exam Name and Recommended Training Learning@Cisco Overview Table 5 Cisco IOS Security Specialist Certification Required Exam 642-637 Exam Name and Recommended Training Deploying Cisco ASA Firewall Solutions (FIREWALL) Deploying Cisco ASA VPN Solutions (VPN) Securing Networks with Cisco Routers and Switches (SECURE) 642-647 Cisco IPS Specialist The Cisco IPS is a primary appliance to maintain the security posture of networks. from simple point-topoint tunneling to multilayer.1X authentication. Many enterprises and service providers deploy these numerous VPN solutions at any given time for their various customers and organizations. configure. secure tunnels using IP Security (IPsec) VPN technology including public key infrastructure (PKI). 18July2011 . Cisco IPS specialists are professionals who can deploy. and respond to intrusion attempts (see Table 6). Cisco VPN security specialists can configure. Table 4 Cisco Firewall Security Specialist Certification Required Exams 642-617 Exam Name and Recommended Training Implementing Cisco Intrusion Prevention System (IPS) Deploying Cisco ASA Firewall Solutions (FIREWALL) Securing Networks with Cisco Routers and Switches (SECURE) Cisco VPN Security Specialist Cisco offers numerous VPN solutions and configurations. and Dynamic Multipoint VPN (DMVPN). and advanced switch security features (see Table 5). dynamic. 3 © 2011 Cisco and/or its affiliates. maintain. user-based firewall. Cisco IOS Software IPS. Cisco IPS specialists can operate and monitor Cisco IOS Software and IPS technologies to prevent. These certified specialists are actively involved in developing secure business solutions and designing and delivering multiple levels of secure access to the network (see Table 4). understand. Professionals with the skills to design. All rights reserved. high-availability VPNs. Virtual Tunnel Interface (VTI)/Dynamic VTI (DVTI).

and specialists are active for two years. Consistent expertise: Certified Cisco instructors assure students and businesses the same level of expertise. ● ● Learn More For more information or to register for this program. Cisco Authorized Learning Partners offers a comprehensive set of training resources. High student satisfaction: Cisco Authorized Learning Partners are required to maintain a high level of satisfaction ratings. CCNP Security exams can be utilized to recertify your professional and security specialist certifications. Accept Only the Best Only Cisco Authorized Learning Partners deliver the official CCNP Security curriculum.ciscolearningnetwork. and teaching methods. Cisco professional-level certifications are valid for three years. from instructor-led courses to remote-access labs and e-learning solutions to improve technology expertise.com. Achieving or recertifying any of the certifications in Tables 3-7 automatically extends active associate. To recertify.CCNP Security Certification Table 7 Cisco VPN Security Specialist Certification Required Exams 642-637 Exam Name and Recommended Training Learning@Cisco Overview Securing Networks with Cisco Routers and Switches (SECURE) Deploying Cisco ASA VPN Solutions (VPN) that they need to be successful in today’s competitive IT business environment. quality. visit http://www. Other benefits include the following: ● 642-647 Recertification ● Learning skills on the latest Cisco products and software: Authorized learning partners expose students to the latest revisions and newest products to help accelerate their skills for years to come. specialist. Authorized training ensures that certificate holders will gain the knowledge and expertise . and service from one class to the next. and professional-level certifications up to the point of expiration of the last certification achieved. Updated training: Cisco Authorized Learning Partners are aware of the latest product and technology updates. exam changes. certificate holders should pass any 642 exam that is part of the professional-level curriculum or any Cisco CCIE® written exam or Cisco CCDE™ written exam or current CCDE practical exam or Cisco Certified Architect (CCAr) interview and the CCAr board review before the certification expiration date.