What’s New on the Cisco CCNA Security IINS v3.0 Certification Exam?
February 5, 2016
Cisco retired IINS v2.0 of the CCNA Security certification exam on November 30th, 2015. IINSv3.0 of CCNA Security arrived with revised exam objectives. Read about the new exam objectives and Cisco technologies you may encounter.
New CCNA Security IINS v3.0 Exam Objectives
- Security Concepts (12%)- This section addresses security principles, threats, cryptography, and network topologies.
- Secure Access (14%)- This section covers secure management, AAA concepts, 802.1X authentication, and BYOD.
- VPN (17%)- This section concentrates on VPN concepts (IPsec protocols and delivery modes), remote access VPNs, and site-to-site VPNs.
- Secure Routing and Switching (18%)- This section focuses on VLAN security, mitigation techniques, layer 2 attacks, routing protocols, and overall security on Cisco routers.
- Cisco Firewall Technologies (18%)- This section focuses on stateful and stateless firewalls, proxy firewalls, application, and personal firewalls. Also, it concentrates on Network Address Translation (NAT) and other features on Cisco ASA 9.x.
- IPS (9%)- This section focuses on network-based and host-based IPS, deployment, and IPS technologies.
- Content and Endpoint Security (12%)- This section focuses on the endpoint, web-based, and email-based threats. Then it goes into appropriate and effective mitigation technology and techniques to counter those threats.
Prepare to study the pros, cons, and capabilities of Cisco technologies utilized for security, but do not overlook features and capabilities of new advanced Cisco technologies that adhere to new network threats and environments.
The Increase in Connected Devices Calls for Change
The updated version of the exam and certification goes beyond focusing solely on Cisco IOS. The ever-expanding world of the Internet of Things (IoT) demands change in network security and management to accommodate an evolving networking security landscape. Countless devices connect to the Internet. Enterprises must maintain a certain level of networking security control over those devices.
The certification goes into new Cisco advanced network security technologies, including:
- Cisco Cloud Web Security (CWS)
- Cisco Identity Services Engine (ISE)
- Cisco Bring Your Own Device (BYOD) technology and environments
- Cisco Next-Generation Intrusion Prevention System (NGIPS)
Cisco Cloud Web Security (CWS)
CWS is a cloud-delivery web proxy that utilizes the Cisco worldwide threat intelligence to secure the distributed enterprise. CWS provides security against web-based threats and protects Software-as-a-Service (SaaS) applications that are accessible to enterprise employees wherever their physical location.
Cisco Identity Services Engine (ISE)
Cisco’s ISE attempts to tackle security issues for enterprise BYOD environments. Mobility continues to take center stage in enterprise environments. Employees use their mobile devices to access corporate data from internal and external physical locations outside of the corporate networks. ISE provides a centralized and unified access policy management for secure access for all devices through various network connections.
Among the many features of ISE, it is capable of performing:
- Software-defined segmentation for isolating and containing network threats with Cisco TurstSec technology
- Automatic containment for potentially infected endpoints
- Automation of enterprise mobility device onboarding and device certificate management
Cisco Bring-Your-Own-Device (BYOD)
Cisco BYOD technology enables networking pros to focus on managing the design, access, and control for mobile devices on networks. The technology impacts access points, controllers, security, network management, and mobile collaboration applications.
Cisco Next-Generation Intrusion Prevention System (NGIPS)
The Cisco FirePOWER NGIPS 7000 and 8000 series contains several network management and security tools. NGIPS enables networking pros to leverage real-time network data about their environment. The software accumulates and logs data about users, operating systems, devices, applications, services, processes, files, threats, vulnerabilities, and a vast array of networking behaviors. This type of data empowers an admin to come to probable conclusions on network security potential threats and risk priority.
NGIS supports advanced security automation for event impact assessment, policy management, policy tuning for the IPS, user identification, and network behavior analysis. For all admins tasked with network management and security, managing the entire network can prove burdensome. When properly implemented, automation is an admin’s best friend.