CCIE Security v5 Blueprint Update !

Home / Cisco CCIE / CCIE Security v5 Blueprint Update !

Recently, Cisco announced new CCIE Sec v5 blueprint & it was much awaited update . We now have  Unified Exam Topics covering topics for both the written & lab version.   Here’s what it looks like :

Unified Exam Topics

  1. Perimeter Security and Intrusion Prevention
  2. Advanced Threat Protection and Content Security
  3. Secure Connectivity and Segmentation
  4. Identity Management , Information Exchange and Access
  5. Infrastructure Security, Virtualization and Automation
  6. Evolving Technologies

First 5 sections are for Lab exam. Last one being only for the written exam & covers technologies like IoT,SDN, Cloud etc.

Lab Exam Equipment

Most of the equipment is going virtual so, let’s List what we have in new blueprint

Virtual Machines

  • Security Appliances
    • Cisco Identity Services Engine (ISE): 2.1.0
    • Cisco Secure Access Control System (ACS):
    • Cisco Web Security Appliance (WSA): 9.2.0
    • Cisco Email Security Appliance (ESA): 9.7.1
    • Cisco Wireless Controller (WLC): 8.0.133
    • Cisco Firepower Management Center Virtual Appliance: 6.0.1 and/or 6.1
    • Cisco Firepower NGIPSv: 6.0.1
    • Cisco Firepower Threat Defense: 6.0.1
  • Core Devices
    • IOSv L2: 15.2
    • IOSv L3: 15.5(2)T
    • Cisco CSR 1000V Series Cloud Services Router: 3.16.02.S
    • Cisco Adaptive Security Virtual Appliance (ASAv): 9.6.1
  • Others
    • Test PC: Microsoft Windows 7
    • Active Directory: Microsoft Windows Server 2008
    • Cisco Application Policy Infrastructure Controller Enterprise Module : 1.2
    • Cisco Unified Communications Manager: 8.6.(1)
    • FireAMP Private Cloud
    • AnyConnect 4.2

We have both ISE & ACS included as part of Access Control Solutions. Content Security now includes Email Security Appliance (ESA) too in addition to Web Security Appliance (WSA).Firepower is the major focus & includes  both the Firepower NGIPS and the Firepower Threat Defense FTD (unified code for ASA and FirePOWER Services) , alongside with Firepower Management Center FMC as the management platform. FireAMP will also be present through the private cloud appliance, used for advanced malware protection through big data analytics, policies, detections, and protections stored locally on premises.

Physical Devices

  • Cisco Catalyst Switch: C3850-12S 16.2.1
  • Cisco Adaptive Security Appliance: 5512-X: 9.6.1
  • Cisco 2504 Wireless Controller: 2504:
  • Cisco Aironet: 1602E: 15.3.3-JC
  • Cisco Unified IP Phone: 7965: 9.2(3)

ASA firewall has both virtual (ASAv) & physical (5512-X) appliances in the lab , APIC-EM supports both of them.C3850 Catalyst switch is there to support features such as MACsec, Security Group Tags(SGT), Security Exchange Protocol(SXP)

We will cover these technologies in depth in coming weeks.  Stay tuned.

Leave a Reply