Please review the Lab Exam Overview for general information about the CCIE Security lab exam. This lab exam blueprint v2.0 is a detailed outline of the topics likely to appear on the lab exam effective January 2, 2007. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam. The topics listed are guidelines and other relevant or related topics may also appear. Candidates for lab exams scheduled on January 2, 2007 or later should prepare using the v2.0 blueprints below. In general, new product features become eligible for testing on CCIE lab exams six months after general release.
Firewall PIX and ASA Firewall Basic initialization Access Management Address translation ACLs IP Routing Object groups VLANs AAA VPNs Filtering Failover Layer 2 Transparent Firewall Security Contexts (Virtual Firewall) Modular Policy Framework Application-Aware Inspection High Availability Scenarios QoS Policies Other advanced features IOS Firewall CBAC Audit Auth Proxy PAM Access control Performance tuning Advanced features VPN IPSec LAN-to-LAN SSL VPN DMVPN CA (PKI) Remote access VPN VPN3000 Concentrator VPN3000 IP Routing Unity client WebVPN EzVPN Hardware Client XAuth, Split-tunnel, RRI, NAT-T High Availability QoS for VPN GRE, mGRE L2TP PPTP Advanced VPN features Intrusion Prevention System (IPS) IPS 4200 Series Sensor Appliance Basic initialization Sensor configuration Sensor Management Promiscuous and Inline Monitoring Signature Tuning Custom Signatures Blocking TCP Resets Rate Limiting Signature Engines IDM Event Action Event Monitoring IOS IPS PIX IDS SPAN, RSPAN Advanced Features Identity Management Security Protocols (Radius, Tacacs ) Cisco Secure ACS Configuration Access Management (Telnet, SSH, Pwds, Priv Levels) Proxy Authentication Service Authentication (FTP, Telnet, HTTP, other) Network Admission Control (NAC Framework solution) 802.1x Advanced features Advanced Security Mitigation techniques Packet marking techniques Security RFCs (RFC1918, RFC2827, RFC2401) Service Provider Security Black Holes, Sink Holes RTBH Filtering (Remote Triggered Black Hole) Traffic Filtering using Access-lists NAT TCP Intercept uRPF CAR NBAR NetFlow Flooding Spoofing Policing Fragmentation Sniffer Traces Catalyst Management and Security Traffic Control and Congestion Management Catalyst Features and Advanced configuration IOS Security Features Network Attacks Network Reconnaissance IP Spoofing Attacks MAC Spoofing Attacks ARP Spoofing Attacks Denial of Service (DoS) Distributed Denial of Service (DDoS) Man-in-the-Middle (MiM) Attacks Port Redirection Attacks DHCP Attacks DNS Attacks Fragment Attacks Smurf attacks SYN Attacks MAC Attacks VLAN Hoping Attacks Other Layer2 and Layer3 Attacks