CCIE Security
　　Overview
　　Required Evaluations
　　Security Qualification Exam
　　Format
　　Blueprint
　　Recommended Reading
　　Security Lab Exam
　　Format
　　IOS Versions
　　Equipment List
　　Suggested Training Courses
　　Recertification
　　For More Information
　　
　　Overview
　　The CCIE Security exam covers IP and IP routing as well as specific security components. It is recommended that you read the section on Preparing for your CCIE Exam before reading this page. You can also find information on test policies in the Policies Section.
　　
　　Required Evaluations
　　The two requirements to become a CCIE are a passing grade on the Security qualification exam and a passing grade on the Security lab exam . The qualification exam is a prerequisite for attempting and scheduling the lab exam.
　　Security Qualification Exam
　　Format
　　
　　The two-hour, multiple choice exam is computerized and administered at Cisco authorized testing centers. The exam is closed book and contains 100 questions. No reference materials are allowed in the exam room. Find out more about scheduling your Security Qualification exam (#350-018) and an authorized testing center near you.
　　
　　Blueprint
　　
　　Please see the Security Blueprint for details.
　　Recommended Reading
　　
　　Cisco Network Security (Cisco Press)
　　Cisco IOS Dial Solutions (Cisco Press)
　　Enhanced IP Services for Cisco Networks (Cisco Press)
　　Cisco Internetwork Troubleshooting (Cisco Press)
　　Designing Network Security (Cisco Press)
　　Internetworking Troubleshooting Handbook (Cisco Press)
　　Top Down Network Design (Cisco Press)
　　Building Cisco Remote Access Networks (Cisco Press)
　　MPLS and VPN Architectures (Cisco Press)
　　IPSec : The New Security Standard for the Internet, Intranets, and Virtual Private Networks (Doraswamy/Harkins, Prentice Hall)
　　Digital Certificates : Applied Internet Security (Feghhi/Williams, Addison Wesley)
　　Big Book of IPsec RFCs : Internet Security Architecture (Loshin, Morgan Kaufmann Publishers Inc.)
　　Internet Security Protocols : Protecting IP Traffic (Black, Prentice Hall)
　　Firewalls and Internet Security : Repelling the Wily Hacker (Cheswick/Bellovin, Addison-Wesley Professional Computing)
　　Maximum Security : A Hacker's Guide to Protecting Your Internet Site and Network with CD ROM (Anonymous, Sams)
　　Inside Internet Security : What Hackers Don't Want You to Know (Crume, Addison-Wesley)
　　Internet and TCP / IP Network Security : Securing Protocols and Applications (Pabrai/Gurbani, McGraw Hill)
　　Internet Cryptography (Smith, Addison Wesley)
　　Network Security: Private Communication in a Public World (Kaufman/Perlman/Spenciner, Prentice Hall)
　　Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition (Schneier, John Wiley & Sons)
　　Strategies to Protect Against Distributed Denial of Service
　　Characterizing and Tracing Packet Floods Using Cisco Routers
　　Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks
　　Strategies to Protect Against TCP SYN Denial of Service Attacks
　　
　　
　　Security Lab Exam
　　Format
　　
　　The Security Lab exam physical rack layout is similar to the Routing & Switching exam with the exception of a few equipment additions: the pix and security server. Server applications are listed below. Because this is a CCIE lab, candidates should expect to be tested on core ip routing and switching as well as specific security components. There are no desktop protocols, ie. IPX, DLSW etc. Security topics that may be tested are listed in the Security exam blueprint. Candidates may refer to the Routing & Switching exam blueprint for information for more specifics on IP routing and switching test content.
　　
　　The CCIE candidate will be presented with a complex design to implement from the physical layer up. Candidates are not required to configure any end-user systems, but are responsible for any device residing in the internetwork, including hubs, etc. Network specifics, point values and testing criteria used to assess correctness of the individual configurations are provided.
　　
　　Each configuration scenario and problem has pre-assigned point values. The candidate must obtain a minimum mark of 80% to pass. Find out more about scheduling your CCIE lab exam and testing sites near you.
　　
　　IOS Versions
　　
　　IOS Features up to and including version 12.0 will be tested on the exam until November 14, 2001. IOS "T" trains will be used to provide security specific IPSEC/IOS Firewall features.
　　
　　To keep pace with the evolution of new technologies in the industry, all CCIE labs worldwide will change to IOS version 12.1, effective November 15, 2001 . Specific features new to IOS version 12.1 can appear on CCIE lab exams starting on this date.
　　
　　Equipment List
　　
　　Candidates make inquiries wanting to know the specific Security Applications or specific Servers. It is important to bear in mind that the Security Lab utilizes various servers based upon the version of exam the candidate encounters. Any device used in the lab, outside of the Cisco Router and Switch types listed below are pre-configured. Although a Security Lab exam may interact with one or more of these applications, every effort is made to keep candidate's focus on the routers and switches not on servers. Candidates should dedicate their study to a knowledge of how Cisco Routers and Switches interact with various servers, and the configuration of those routers and switches. Therefore, please consider the equipment list provided as sufficient for the purposes of lab preparation.
　　
　　
　　2500 series routers
　　2600 series routers
　　3600 series routers
　　4000 and 4500 series routers
　　3900 series token ring switches
　　Catalyst 5000 series switches
　　PIX - running Pix software version 5.2
　　Services / Applications
　　
　　Certificate Authority Support
　　Cisco Secure Access Control System
　　Cisco Secure Intrusion Detection System
　　
　　Suggested Training Courses
　　
　　Cisco Training Classes are RECOMMENDED, and are NOT REQUIRED for completion of the CCIE Program. For more information on these Cisco training classes and our training partners, go to the Cisco Training page. Here is the list of classes we recommend for the CCIE Security certification:
　　
　　TRN-MCNS-Managing Cisco Network Security
　　
　　TRN-CSIDS-Cisco Secure Intrusion Detection System
　　
　　TRN-CSPFF -Cisco Secure PIX Firewall Fundamentals
　　
　　TRN-CSVPN-Cisco Secure Virtual Private Network
　　
　　TRN-CSPFA -Cisco Secure PIX Firewall Advanced
　　
　　TRN-BCRAN-Building Cisco Remote Access Networks
　　
　　Recertification
　　All CCIE professionals are required to recertify. For further information please read the recertification section.
　　
　　For More Information
　　If you need more information on the Security exam, or the CCIE program in general, contact the CCIE Program Coordinator for your region:
　　
　　North and South America: ccie_ucsa@cisco.com
　　Europe, Middle East and Africa: ccie_emea@cisco.com
　　Asia and the Pacific Rim: ccie_apt@cisco.com