Course Details/Schedule

Day 1

• Perimeter Security and Intrusion Prevention
• Deployment modes on Cisco ASA and Cisco FTD
• Firewall features on Cisco ASA and Cisco FTD
• Security features on Cisco IOS/IOS-XE
• Cisco Firepower Management Center (FMC) features
• NGIPS deployment modes
• Next-Generation Firewall (NGFW) features
• Detect and mitigate common types of attacks

Day 2

• Clustering/HA features on Cisco ASA and Cisco FTD
• Policies and rules for traffic control on Cisco ASA and Cisco FTD
• Routing protocols security on Cisco IOS, Cisco ASA and Cisco FTD
• Network connectivity through Cisco ASA and Cisco FTD
• Correlation and remediation rules on Cisco FMC

Day 3

• Secure Connectivity and Segmentation
• AnyConnect client-based remote access VPN technologies on Cisco ASA, Cisco FTD, and Cisco Routers
• Cisco IOS CA for VPN authentication
• FlexVPN, DMVPN, and IPsec L2L Tunnels

Day 4

• Uplink and downlink MACsec (802.1AE)
• VPN high availability using
• Infrastructure segmentation methods
• Micro-segmentation with Cisco TrustSec using SGT and SXP

Day 5

• Infrastructure Security
• Device hardening techniques and control plane protection methods
• Management plane protection techniques
• Data plane protection techniques
• Layer 2 security techniques
• Wireless security technologies

Day 6

• Monitoring protocols
• Security features to comply with organizational security policies
• Cisco SAFE model 
• Interaction with network devices through APIs using basic Python scripts
• Cisco DNAC Northbound APIs use cases

Day 7

• ISE scalability using multiple nodes and personas.
• Cisco switches and Cisco Wireless LAN Controllers for network access AAA with ISE
• Cisco devices for administrative access with ISE
• AAA for network access with 802.1X and MAB using ISE.
• Guest lifecycle management using ISE and Cisco Wireless LAN controllers
• BYOD on-boarding and network access flows
• ISE integration with external identity sources
• Provisioning of AnyConnect with ISE and ASA

Day 8

• Posture assessment with ISE
• Endpoint profiling using ISE and Cisco network infrastructure including device sensor
• Integration of MDM with ISE
• Certificate-based authentication using ISE
• Authentication methods
• Identity mapping on ASA, ISE, WSA, and FTD
• pxGrid integration between security devices WSA, ISE, and Cisco FMC
• Integration of ISE with multi-factor authentication
• Access control and single sign-on using Cisco DUO security technology

Day 9

• Advanced Threat Protection and Content Security
• AMP for networks, AMP for endpoints, and AMP for content security (ESA, and WSA)
• Detect, analyze, and mitigate malware incidents
• Perform packet capture and analysis using Wireshark, tcpdump, SPAN, ERSPAN, and RSPAN
• DNS layer security, intelligent proxy, and user identification using Cisco Umbrella
• Web filtering, user identification, and Application Visibility and Control (AVC) on Cisco FTD and WSA.

Day 10

• WCCP redirection on Cisco devices
• Email security features
• HTTPS decryption and inspection on Cisco FTD, WSA, and Umbrella
• SMA for centralized content security management
• Cisco advanced threat solutions and their integration