Marek Skrobacki

CCIE Security Written Blueprint 4.0 vs 3.0 - changes list

I have started preparring for my CCIE Security exam again. As you may be aware, Cisco is changing the lab and written exams in November. New blueprint is available for few weeks now. I have passed my previous written exam (version 3.0) but I never managed to approach lab. The plan is to try the beta exam first and if that fails, do proper written and follow up with the lab sometime next year.

Infrastructure, Connectivity, Communications, Network Security

  • added: IKEv2
  • changed: TLS -> TLS/DTLS
  • added: WEP/WPA/WPA2
  • added: Web Cache Communication Protocol (WCCP)
  • added: Secure Group Tagging Exchange Protocol (SXP)
  • added: MacSec
Application and Infrastructure Security

  • added: SFTP
  • added: Netlogon,Netbios, SMB
  • added: RPCs
  • added: PCoIP
  • added: OWASP
  • added: Basic unnecessary services
Threats, Vulnerability Analysis and Mitigation
  • removed: URL Filtering (combined into Content filtering)
  • removed: Proxy authentication
  • removed: event correlation
  • added attacks:
    • MITM
    • ICMP attacks
    • Botnets
    • Wireless attacks
    • Header attacks
    • Tunneling attacks
    • QOS marking attacks
  • added: Software/OS exploits
  • added: Security/Attack Tools
  • added: Endpoint/Posture assesment
Cisco Security Products, Features and Management

  • added: Cisco ASA
    • multicast capabilities
    • NAT - Pre 8.4/post 8.4
    • identity based services
    • failover options
  • added: Cisco IOS
    • Identity based firewalling
  • specified: Cisco AAA:
    • RADIUS
    • TACACS+
    • Device Admin
    • Network Access
    • 802.1x
    • VSAs
  • added: Cisco Identity Services Engine (ISE)
  • added: Virtual Security Gateway
  • added: Scansafe Functionality & Components
  • added: IronPort products
  • added: Security Managemnt:
    • Cisco Prime
Cisco Security Technologies and Solutions

  • Router security
    • removed: NBAR, CAR, MQC, CPPPr)
  • Switch security:
    • added: MacSec
    • added: NDAC
    • added: NEAT
    • removed: PVLAN
  • added: Network Segregation
    • VRF-aware technologies
    • VXLAN
  • VPN Solutions:
    •  added FlexVPN
  • added: QOS application for security
  • added: Load Balancing & failover
Security Policies and Procedures, Best Practices, Standards
  • compliance: removed HIPAA, GLBA, FISMA
  • added: Desktop Security Risk Assessment/Desktop Security Risk Management
Security Blueprint Written 3.0 Cisco Ccie Security Ccie 4.0