1992-2013 Cisco Systems Inc. All Rights Reserved.

Generated on 2013-10-08-07:00
1
CCIE Security Written Exam Topics v4.0
Registered
CCIE Security Written Exam Topics v4.0
The Security written exam (350-018) has 90-110 multiple-choice questions and is two hours
in duration. The topic areas listed are general guidelines for the type of content that is likely
to appear on the exam. Please note, however, that other relevant or related topic areas may
also appear.

Topics include networking fundamentals and security related concepts and best practices,
as well as key sections on Cisco Network Security products and solutions in areas such
as VPNs, intrusion prevention, firewalls, identity services, policy management, and secure
network best practices. Content includes both IPv4 and IPv6 based concepts and solutions.

The CCIE Security written exam is a two-hour, multiple choice test with 100 questions
covering the areas of skills and competency needed by a Security Engineer to implement,
deploy, configure, maintain, and troubleshoot Cisco Network Security solutions and designs.
Topics include Cisco network security devices, appliances, protocols, firewalls, VPNs,
intrusion prevention devices, policy management, and best practices for implementing a
secure network.

All exam materials are provided and no outside reference materials are allowed.

CCIE Security Written Exam Topics v4.0
Infrastructure, Connectivity, Communications, Network Security
Network Addressing Basics
OSI Layers
TCP/UDP/IP Protocols
LAN Switching (e.g. VTP, VLANs, Spanning Tree, Trunking)
Routing Protocols (RIP, EIGRP, OSPF, and BGP)
CCIE Security Written Exam Topics v4.0 Registered
1992-2013 Cisco Systems Inc. All Rights Reserved. Generated on 2013-10-08-07:00
2
(a) Basic Functions/Characteristics
(b) Security Features
Tunneling Protocols
(a) GRE
(b) NHRP
(c)v6 Tunnel Types
IP Multicast
(a) PIM
(b) Multi Src Disc Protocol
(c)IGMP/CGMP
(d) Multi Listener Discovery
Wireless
(a) SSID
(b) Authentication/Authorization
(c)Rogue Aps
(d) Session Establishment
Authentication/Authorization Technologies
(a) Single Sign-on
(b) OTPs
(c)LDAP/AD
(d) Role Based Access Control
VPNs
(a) L2 vs L3
(b) MPLS/VRFs/Tag switching
MobileIP Networks
Security Protocols
Rivest, Shamir and Adleman (RSA)
Rivest Cipher 4 (RC4)
Message Digest 5 (MD5)
Secure Hash Algorithm (SHA)
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
IP Security (IPsec)
CCIE Security Written Exam Topics v4.0 Registered
1992-2013 Cisco Systems Inc. All Rights Reserved. Generated on 2013-10-08-07:00
3
Internet Security Association and Key Management Protocol (ISAKMP)
Internet Key Exchange IKE/IKEv2
Group Domain of Interpretation (GDOI)
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Certificate Enrollment Protocol (CEP)
Transport Layer Security TLS/DTLS
Secure Socket Layer (SSL)
Secure Shell (SSH)
Remote Authentication Dial In User Service (RADIUS)
Terminal Access Controller Access-Control System Plus (TACACS+)
Lightweight Directory Access Protocol (LDAP)
EAP Methods (e.g. EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, LEAP)
Public Key Infrastructure (PKI)/PKIX/PKCS
802.1X
WEP/WPA/WPA2
Web Cache Communication Protocol (WCCP)
Secure Group Tagging Exchange Protocol (SXP)
MacSec
DNSSec
Application and Infrastructure Security
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
Simple Mail Transfer Protocol (SMTP)
Dynamic Host Configuration Protocol (DHCP)
Domain Name System (DNS)
File Transfer Protocol (FTP/SFTP)
Trivial File Transfer Protocol (TFTP)
Network Time Protocol (NTP)
Simple Network Management Protocol (SNMP)
Syslog
Netlogon,Netbios,SMB
RPCs
RDP/VNC
CCIE Security Written Exam Topics v4.0 Registered
1992-2013 Cisco Systems Inc. All Rights Reserved. Generated on 2013-10-08-07:00
4
PCoIP
OWASP
Basic unnecessary services
Threats, Vulnerability Analysis and Mitigation
Recognizing and mitigating common attacks
(a) ICMP attacks, PING floods
(b) MITM
(c)Replay
(d) Spoofing
(e) Backdoor
(f) Botnets
(g) Wireless attacks
(h) DoS/DDoS Attacks
(i) Virus and Worms Outbreaks
(j) Header Attacks
(k) Tunneling attacks
Software/OS Exploits
Security/Attack Tools
Generic Network Intrusion Prevention Concepts
Packet Filtering
Content Filtering/Packet Inspection
Endpoint/Posture Assessment
QoS marking attacks
Cisco Security Products, Features and Management
Cisco Adaptive Security Appliance (ASA)
(a) Firewall Functionality
(b) Routing/Multicast Cababilities
(c )Firewall modes
(d) NAT - Pre 8.4/Post 8.4
(e) Object Definition/ACLs
(f) MPF functionality (IPS/QoS/Application Awareness)
(g) Context Aware Firewall
(h) Identity Based Services
(g) Failover Options
CCIE Security Written Exam Topics v4.0 Registered
1992-2013 Cisco Systems Inc. All Rights Reserved. Generated on 2013-10-08-07:00
5
Cisco IOS Firewalls and NAT
(a) CBAC
(b) Zone-Based Firewall
(c ) Port-to-Application Mapping
(d) Identity Based Firewalling
Cisco Intrusion Prevention Systems (IPS)
Cisco IOS IPS
Cisco AAA Protocols and Application
(a) RADIUS
(b) TACACS+
(c)Device Admin
(d)Network Access
(e)802.1X
(f)VSAs
Cisco Identity Services Engine
Cisco Secure ACS Solution Engine
Cisco Network Admission Control (NAC) Appliance Server
Endpoint/Client
(a) Cisco AnyConnect VPN Client
(b) Cisco VPN Client
(c)Cisco Secure Desktop (CSD)
(d) NAC Agent
Secure Access Gateways (Cisco IOS Router/ASA)
(a) IPsec
(b) SSL VPN
(c)PKI
Virtual Security Gateway
Cisco Catalyst 6500 Series Security Services Modules
Scansafe Functionality&Components
IronPort Products
Security Management
(a) Cisco Security Manager (CSM)
(b) Cisco Adaptive Security Device Manager (ASDM)
(c)Cisco IPS Device Manager (IDM)
CCIE Security Written Exam Topics v4.0 Registered
1992-2013 Cisco Systems Inc. All Rights Reserved. Generated on 2013-10-08-07:00
6
(d) Cisco IPS Manager Express (IME)
(e) Cisco Configuration Professional (CCP)
(f) Cisco Prime
Cisco Security Technologies and Solutions
Router Hardening Features (e.g. CoPP, MPP. uRPF, PBR)
Switch Security Features (e.g. anti-spoofing, port, STP, MacSec,NDAC,NEAT)
NetFlow
Wireless Security
Network Segregation
(a) VRF-aware technologies
(b) VXLAN
VPN Solutions
(a) FlexVPN
(b) Dynamic Multipoint VPN (DMVPN)
(c)Group Encrypted Transport VPN (GETVPN)
(d) EasyVPN
Content and Packet Filtering
QoS application for security
Load Balancing & Failover
Security Policies and Procedures, Best Practices, Standards
Security Policy Elements
Information Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002)
Standards Bodies (e.g. ISO, IEC, ITU, ISOC, IETF, IAB, IANA, ICANN)
Industry Best Practices (e.g. SOX, PCI DSS)
Common RFC/BCP (e.g. RFC2827/BCP38, RFC3704/BCP84,RFC5735)
Security Audit & Validation
Risk Assessment
Change Management Process
Incident Response Framework
Computer Security Forensics
Desktop Security Risk Assessment/Desktop Security Risk Management