Cisco CCNP Security: SCOR & SISE   

This course is intended for network security engineers and those looking to attain their CCNP Security certification.

Requirements:

Hardware Requirements:

• This course can be taken on either a PC, Mac, or Chromebook.

Software Requirements:

• PC: Windows 8 or later.
• Mac: macOS 10.6 or later.
• Browser: The latest version of Google Chrome or Mozilla Firefox is preferred. Microsoft Edge and Safari are also compatible.
• Microsoft Word Online
• Adobe Acrobat Reader
• Software must be installed and fully operational before the course begins.

Other:

• Email capabilities and access to a personal email account.

Instructional Material Requirements:

The instructional materials required for this course are included in enrollment and will be available online.

The CCNP Security: SCOR course provides you with the knowledge to implement and operate core Cisco security technologies. You will learn about common security vulnerabilities, Email Security Appliance (ESA), Web Security Appliance (WSA), Cloud Email Security (CES), mobile device management (MDM), VPN configuration, and more.

The Configuring Cisco Identity Services Engine (SISE) course provides you with the skills and knowledge to deploy and use the Cisco Identity Services Engine (ISE), policy enforcement, profiling services, web authentication and guest access services, BYOD, endpoint compliance services, and TACACS+ device administration. Crucial elements of this course include the ability to use Cisco ISE to gain visibility into what is happening in your network, streamline security policy management, and contribute to operational efficiency.

The course will prepare you to sit for the Cisco CCNP Security Core exam SCOR and the Cisco CCNP Security Concentration exam SISE. These exams in tandem will earn you the CCNP Security certification. This course offers enrollment with or without a voucher. The voucher is prepaid access to sit for the certifying exam upon eligibility.

1. Security Foundations
   1. Attacks against on-premises and cloud resources
   2. Common security vulnerabilities
   3. Cryptography concepts and applications
   4. Managing Cisco security devices via application programming interfaces (APIs)
2. Implementing Security
   1. Security in common cloud environments
   2. Division of responsibility (shared responsibility model)
   3. DevSecOps, continuous integration, and orchestration
3. Cloud Concepts and Security
   1. Configuring and Verifying VLANs
   2. Configuring and Verifying Trunks
   3. VLAN Trunking Protocol (VTP)
   4. STP Overview and Algorithm Deep Dive
   5. STP Convergence, Configuration and Manipulation
   6. STP PortFast, and BPDU Guard
   7. Multiple Spanning Tree Protocol (MSTP)
   8. EtherChannels
   9. Inter-VLAN Routing
   10. First-Hop Redundancy Protocol (FHRP)
4. Application-Specific Security Tools
   1. Email Security Appliance (ESA)
   2. Web Security Appliance (WSA)
   3. Cloud Email Security (CES)
   4. Securing DNS with Cisco Umbrella
5. Securing Endpoints
   1. Antimalware concepts
   2. Mobile device management (MDM)
   3. Multifactor authentication (MFA)
   4. Network access control
   5. Patch management
6. Network Access Control and Visibility
   1. 802.1x, WebAuth, and MAB
   2. Network visibility and evasion techniques
   3. Cisco network analytics technologies
7. Introducing Cisco ISE Architecture and Deployment
   1. Using Cisco ISE as a Network Access Policy Engine
   2. Cisco ISE Use Cases
   3. Describing Cisco ISE Functions
   4. Cisco ISE Deployment Models
   5. Context Visibility
8. Cisco ISE Policy Enforcement
   1. Using 802.1X for Wired and Wireless Access
   2. Using MAC Authentication Bypass for Wired and Wireless Access
   3. Introducing Identity Management
   4. Configuring Certificate Services
   5. Introducing Cisco ISE Policy
   6. Implementing Third-Party Network Access Device Support
   7. Introducing Cisco TrustSec
   8. Cisco TrustSec Configuration
   9. Easy Connect
9. Web Authentication and Guest Services
   1. Introducing Web Access with Cisco ISE
   2. Introducing Guest Access Components
   3. Configuring Guest Access Settings
   4. Configuring Sponsor and Guest Portals
10. Cisco ISE Profiler
    1. Introducing Cisco ISE Profiler
    2. Profiling Deployment and Best Practices
11. Cisco ISE BYOD
    1. Introducing the Cisco ISE BYOD Process
    2. Describing BYOD Flow
    3. Configuring the My Devices Portal
    4. Configuring Certificates in BYOD Scenarios
12. Cisco ISE Endpoint Compliance Services
    1. Introducing Endpoint Compliance Services
    2. Configuring Client Posture Services and Provisioning in Cisco ISE
13. Working with Network Access Devices
    1. Review TACACS+
    2. Cisco ISE TACACS+ Device Administration
    3. Configure TACACS+ Device Administration
    4. TACACS+ Device Administration Guidelines and Best Practices
    5. Migrating from Cisco ACS to Cisco ISE

What you will learn

SCOR

• Cisco security devices via an API
• Layer 2 and Layer 3+ security
• VPNs
• Cloud security concepts
• Email Security Appliance (ESA)
• Web Security Appliance (WSA)
• Cloud Email Security (CES)
• DNS with Cisco Umbrella
• Mobile device management (MDM)
• Multifactor authentication (MFA)

SISE

• Describe Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture
• Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages
• Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB) authentication, identity management, and certificate services
• Describe how Cisco ISE policy sets are used to implement authentication and authorization and how to leverage this capability to meet the needs of your organization
• Describe third-party Network Access Devices (NADs), Cisco TrustSec®, and Easy Connect
• Describe and configure web authentication, processes, operation, and guest services, including guest access components and various guest access scenarios
• Describe and configure Cisco ISE profiling services and understand how to monitor these services to enhance your situational awareness about network-connected endpoints
• Describe best practices for deploying this profiler service in your specific environment
• Describe BYOD challenges, solutions, processes, and portalsConfigure a BYOD solution and describe the relationship between BYOD processes and their related configuration components
• Describe and configure various certificates related to a BYOD solution
• Describe the value of the My Devices portal and how to configure this portal
• Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE
• Describe and configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets
• Understand the role of TACACS+ within the Authentication, Authentication, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols
• Migrate TACACS+ functionality from Cisco Secure Access Control System (ACS) to Cisco ISE, using a migration tool

How you will benefit

• You will be prepared to sit for the Cisco CCNP Security core exam: 350-701 SCOR: Implementing and Operating Cisco Security Core Technologies
• You will be prepared to sit for the Cisco CCNP Security concentration exam: 300-715 SISE: Implementing and Configuring Cisco Identity Services Engine

Shane Sexton

Shane Sexton is a cybersecurity-focused instructor with a hunger for using technology to combat real-world challenges. He holds many professional IT certifications such as Citrix CCA, CompTIA A+, CompTIA Security+, CompTIA Linux+, CompTIA CySA+, ITIL Foundations, Cisco CCNA, AWS SysOps, and Cisco CCNP Security. Shane's extensive professional expertise includes Citrix Virtualization, Citrix Virtualization, Computer Hardware support, Cisco networking, Cybersecurity Blue Team, Cybersecurity Red Team, Cisco security, Amazon AWS, and ITIL. Inside the classroom, Shane makes the complicated seem approachable. Outside the classroom, Shane is a mad scientist with automation, coding, and scripting, tying them back to technologies he teaches in class. If he isn't watching the latest SpaceX launch, he can usually be found tinkering with something.

Doug Bassett

Doug Bassett is an IT instructor specializing in Microsoft Azure, Server 2016/19, and Exchange messaging. He holds many highly sought-after IT certifications, including Microsoft MCSE, Microsoft MCSA, CompTIA Network+, Cisco CCNA, and Microsoft MCT. In addition to his certifications, Doug has expert knowledge of Microsoft Server 2000, 2003, 2008/2012/2016/2019, Exchange Server and Exchange Online, and Networking structure and applications. As an instructor, Doug is deeply involved in helping his students understand complex concepts and loves to approach teaching a subject from multiple angles.