Latest News
  • Join CCNP Training Course & Get CCNA Absolutely FREE
  • Courses Available Both Online and Classroom
  • Best IT Networking Training Institute in Dubai

CCIE Security Certification and Training

CCIE Security Certification v6.0 is the highest and most prestigious certification from Cisco. It ranks No. 1 in the 10 Most Difficult IT Certifications list and is highly-valued worldwide. A CCIE certified individual is an elite title in the field of network engineering, proving their mastery in their domain of Cisco networking. The CCIE Security Certified experts have the knowledge and skills required to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies, using the latest methods to protect systems and environments against every kind of modern security risks, threats, and vulnerabilities.

The CCIE Security program is designed to include direct exposure on real Cisco Routers, Switches, Cisco ASA Firewalls, FirePower, WSA, ESA, FireAMP, Stealthwatch, Umbrella and NGIPS. The quality of the program, the testing methods, and the relevance of this certification enhances its value. At IP Rulers, the classes are facilitated by CCIE Security certified and experienced instructors, and students will be exposed to the latest equipment’s. With grouped as well as one-to-one classes and online tutorials that could be scheduled for weekdays or weekends in accordance to the students’ choice, IP Rulers is fast becoming a leading name in Dubai, UAE in achieving high-value Cisco Certification with a significant pass rate on the first attempt.

Course Details

CCIE Security v6.0 certification is the avatar of core knowledge and practical skills in the management of the most complex scenarios of the entire IT Security of a network lifecycle (Designing, Deploying, Operating & Optimizing).IP Rulers provide CCIE Security v6.0 training just as per the course described by the Cisco Security Certification blueprint.

The new method adapted for CCIE Exam is given below, which have vital parts known as Design, Deploy, Operate & Optimize.


The CCIE Enterprise certification is achieved with two exams:


SCOR: 350-701 Implementing and Operating Cisco Security Core Technologies

The qualifying exam, Implementing and Operating Cisco Security Core Technologies, focuses on your knowledge of Cisco Security technology. Clearing this exam gives a Specialist Certification, so as to recognize all accomplishments of the candidate.

CCIE Security v6.0 Lab Exam

The 8-hour Cisco CCIE Security  (v6.0) Practical Exam is a hands-on exam that requires a candidate to plan, design, deploy, operate, and optimize network security solutions according to the given scenarios.

CCIE Lab Exam summary

CCIE lab exam has two modules. Module 1 will be a 3-hour, scenario-based session, which will discuss the Design part. Module 2 will be a 5-hour session to discuss Deploy, Operate & Optimize parts of the exam.

CCIE Exam Score Evaluation :

Candidates who score higher than the aggregated pass score of both modules and also higher than the minimum score set on each individual module, clear the exam.

Target Audience:

  • Network engineers attempting the core exam -(SCOR 350- 701)
  • Network engineers who have five to seven years of professional experience in designing, deploying, operating and optimizing enterprise security technologies.
  • Network designers who design and support complex network technologies and topologies.
  • Network engineers who use an expert-level problem-solving process (including options analysis) to support complex network technologies and topologies.
  • IT students and professionals seeking strong expertise in the subject and an internationally recognized qualification in the same for prospective jobs.
  • Candidates with CCNP Security Certification, moving on to expert levels.
  • Aspirants in the following job profiles:
    • Network Designer
    • Network Administrator
    • Consulting Systems Engineer
    • Technical Solutions Architect
    • Network Manager
    • Cisco Integrators and partners


  • The CCIE Security does not require any particular qualification for attendance of the course. However, comprehensive knowledge of the subjects is necessary for attending the examinations.
  • Five to seven years’ experience in networking field, especially in designing, deploying, operating and optimizing security technologies will be an advantage to attempt the CCIE examination.

Course outline

1.1 Deployment modes on Cisco ASA and Cisco FTD
  • Routed
  • Transparent
  • Single
  • Multi-Context
  • Multi-Instance
1.2 Firewall features on Cisco ASA and Cisco FTD
  • NAT
  •  Application inspection
  •  Traffic zones
  •  Policy-based routing
  •  Traffic redirection to service modules
  •  Identity firewall
1.3 Security features on Cisco IOS/IOS-XE
  • Application awareness
  •  Zone-Based Firewall (ZBFW)
  • NAT
1.4 Cisco Firepower Management Center (FMC) features
  • Alerting
  •  Logging
  •  Reporting
1.5 NGIPS deployment modes
  • In-Line
  • Passive
  • TAP
1.6 Next Generation Firewall (NGFW) features
  •  SSL inspection
  • user identity
  •  geolocation
  • AVC
1.7 Detect, and mitigate common types of attacks
  •  DoS/DDoS
  • Evasion Techniques
  • Spoofing
  • Man-In-The-Middle
  •  Botnet
1.8 Clustering/HA features on Cisco ASA and Cisco FTD
1.9 Policies and rules for traffic control on Cisco ASA and Cisco FTD
1.10 Routing protocols security on Cisco IOS, Cisco ASA and Cisco FTD
1.11 Network connectivity through Cisco ASA and Cisco FTD
1.12 Correlation and remediation rules on Cisco FMC

2.1 AnyConnect client-based remote access VPN technologies on Cisco ASA, Cisco FTD, and Cisco Routers.
2.2 Cisco IOS CA for VPN authentication
2.3 FlexVPN, DMVPN, and IPsec L2L Tunnels
2.4 Uplink and downlink MACsec (802.1AE)
2.5 VPN high availability using
  •  Cisco ASA VPN clustering
  •  Dual-Hub DMVPN deployments
2.6 Infrastructure segmentation methods
  •  VLAN
  •  PVLAN
  • GRE
  • VRF-Lite
2.7 Micro-segmentation with Cisco TrustSec using SGT and SXP

3.1 Device hardening techniques and control plane protection methods
  •  CoPP
  •  IP Source routing
  • iACLs
3.2 Management plane protection techniques
  •  CPU
  •  Memory thresholding
  •  Securing device access
3.3 Data plane protection techniques
  • uRPF
  •  QoS
  •  RTBH
3.4 Layer 2 security techniques
  • DAI
  • IPDT
  • STP security
  • Port security
  • DHCP snooping
  • RA Guard
  • VACL
3.5 Wireless security technologies
  • WPA
  •  WPA2
  •  WPA3
  •  TKIP
  • AES
3.6 Monitoring protocols
  • NetFlow/IPFIX/NSEL
  •  SNMP
  •  RMON
  • eStreamer
3.7 Security features to comply with organizational security policies, procedures, and standards BCP 38
  •  ISO 27001
  •  RFC 2827
  •  PCI-DSS
3.8 Cisco SAFE model to validate network security design and to identify threats to different Places in the Network (PINs)
3.9 Interaction with network devices through APIs using basic Python scripts
  •  REST API requests and responses
  •  HTTP action verbs, error codes, cookies, headers
  • JSON or XML payload
  • Authentication
  • Data encoding formats
  • JSON
  • XML
  • YAML
3.10 Cisco DNAC Northbound APIs use cases
  •  Authentication/Authorization
  •  Network Discovery
  •  Network Device
  •  Network Host

4.1 ISE scalability using multiple nodes and personas.
4.2 Cisco switches and Cisco Wireless LAN Controllers for network access AAA with ISE.
4.3 Cisco devices for administrative access with ISE
4.4 AAA for network access with 802.1X and MAB using ISE.
4.5 Guest lifecycle management using ISE and Cisco Wireless LAN controllers
4.6 BYOD on-boarding and network access flows
4.7 ISE integration with external identity sources
  •  LDAP
  • AD
  • External RADIUS
4.8 Provisioning of AnyConnect with ISE and ASA
4.9 Posture assessment with ISE
4.10 Endpoint profiling using ISE and Cisco network infrastructure including device sensor
4.11 Integration of MDM with ISE
4.12 Certificate-based authentication using ISE
4.13 Authentication methods
  • EAP Chaining
  •  Machine Access Restriction (MAR)
4.14 Identity mapping on ASA, ISE, WSA, and FTD
4.15 pxGrid integration between security devices WSA, ISE, and Cisco FMC
4.16 Integration of ISE with multi-factor authentication
4.17 Access control and single sign-on using Cisco DUO security technology

5.1 AMP for networks, AMP for endpoints, and AMP for content security (ESA, and WSA)
5.2 Detect, analyze, and mitigate malware incidents
5.3 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, ERSPAN, and RSPAN
5.4 DNS layer security, intelligent proxy, and user identification using Cisco Umbrella
5.5 Web filtering, user identification, and Application Visibility and Control (AVC) on Cisco FTD and WSA.
5.6 WCCP redirection on Cisco devices
5.7 Email security features
  •  Mail policies
  •  DLP
  •  Quarantine
  •  Authentication
  •  Encryption
5.8 HTTPS decryption and inspection on Cisco FTD, WSA and Umbrella
5.9 SMA for centralized content security management
5.10 Cisco advanced threat solutions and their integration: Stealthwatch, FMC, AMP, Cognitive Threat Analytics (CTA), Threat Grid, Encrypted Traffic Analytics (ETA), WSA, SMA, CTR, and Umbrella

Lab Infrastructure

IP Rulers has a fully equipped lab, specially designed for the CCIE Security training, with an enhanced lab topology that represents  real-world network. Students will have the following equipment and software configured for their training; they may also get the chance to see newer hardware and software during this period.

Equipment and Software list

Virtual machines

  • Cisco Identity Services Engine (ISE): 2.4
  • Cisco Web Security Appliance (WSA): 9.2
  • Cisco Email Security Appliance (ESA): 11.1
  • Cisco Firepower Management Center Virtual Appliance: 6.2
  • Cisco Firepower NGIPSv: 6.2
  • Cisco Firepower Threat Defense: 6.2
  • Cisco Adaptive Security Virtual Appliance (ASAv): 9.4(3)
  • Cisco CSR 1000V Series Cloud Services Router: 15.5.(3), 16.6.3
  • Cisco StealthWatch SMC-FC: 6.10
  • Cisco FireAMP Cloud: 5.3
  • Cisco Wireless Controller (WLC): 8.3
  • Cisco DNA Center Release 1.3.1
  • L2IOSv: 15.2

Physical Equipment

  • Cisco Adaptive Security Appliance: ASA5512: 9.2
  • Cisco Adaptive Security Appliance: ASA5516: 9.8
  • Cisco Catalyst Switch: C3650: 16.6
  • Cisco Catalyst Switch: C3850: 3.7
  • Cisco Wireless Access Point: AP1852: 8.3


  • Test PC: Windows 10 Enterprise
  • AD/DNS: Window Server 2016
  • Linux Kali: 4.17
  • Cisco Anyconnect: 4.2

Trainer's Profile

IP Rulers is managed by an expert team of trainers with over ten years’ experience in the industry and in hands-on training.
All the trainers have multiple CCIEs in their respective areas of interest.
Individual trainers’ profiles can be provided upon request by email, along with demos and LinkedIn profiles.
Online and classroom demos are also available upon request.

Training Schedule

IP Rulers has a training schedule that can suit anyone, whether it be in groups or one-on-one, classroom-based or online or onsite corporate training, on weekdays or weekends. Each course has a duration of 120 hours. For more information, please consult training coordinators.

CCIE -Training Schedule


Weekdays (Mon - Fri)

Weekend (Sat - Sun)


Classroom / Online

Classroom / Online


120 Hours

120 Hours


2 Month

3 Month



Training Type



20 March 2023


Classroom / Online

Weekdays (Mon-Fri)

25 March 2023


Classroom / Online

Weekend (Sat-Sun)


Job roles of elite executives in the fast-paced world of network security.
Industry-level knowledge and direct experience in implementation of core Cisco security solutions.
Enhanced job opportunities with sky-high career growth, coupled with respect.
Expertise in all stages of implementing complex security solutions – from deploying, to operation and optimization.
Specialist Certification for clearing the qualifying exam
Authority to link the CCIE Certification Badge to all social media profiles.


Call now