CCIE Security Version 4 vs Version 5 - Know the Changes!
CCIE Security Certifications V5 replaces V4
All speculations and rumours regarding evolvement of CCIE Security Certifications from version 4 to version 5 can be put to rest now as Cisco has officially announced the replacement of v4 by v5.
All new CCIE Security Version 5 has come out with major changes in its content and pattern and a brief intro about the changes have been given below.
CCIE Security Version 5 Written and lab exam pattern
The number of the written exam has been changed from 350-081 to 400-251. To ensure that the communication between the certified-experts and business leaders regarding new technical areas (like cloud technology, network programmability and the internet of things) remain meaningful and productive, a newer educational approach will be included in the exam. This approach tends to instill expert-level demonstrational capabilities in the candidates.
The Scary Part of Version 5 – For Aspirants! :)
The lab exam will be an 8-hour exam consisting of 3 modules, namely, Troubleshooting Module (two hours), Diagnostic Module (one hour) and Configuration Module (five hours).
The new version is a beast! Prepare like a Devil! :)
Addition and deletion of topics in new CCIE Security V5 Syllabus
To stay at par with today’s evolving network security environment, certain new topics have been added and some have also been deleted. The feedbacks received from the security subject matter experts, during their analysis of job role and job task of the v5 exam, have played a key role in bringing this change.
Five new topics have been added into the V5 curriculum, which are:
- Advanced Threat Protection
- Virtualization
- Automation
- Information Exchange
- Evolving Technologies
Topics in V4 that have not been included in V5 are:
- Legacy IPS Appliance
- Easy VPN
Changes in CCIE Security V5 lab equipment and software:
Version 5 has brought in certain changes in the lab equipment and software. For instance, Cisco ISE 2.1.0 has replaced the previous ISE 1.1.1 and Cisco Secure Access Control System 5.8.0.32 has taken over ACS 5.3. Catalyst Switches 3560-E: 122-55.SE5 and 3750-X: 150-1.SE2 have been replaced by Cisco Catalyst Switch C3850-12S 16.2.1.
Introduction of new devices in Version 5:
Cisco Email Security Appliance – ESA (Remember the Iron Port WSA S Series in CCIE Security Version 4.0 lab equipment checklist? WSA is used for Web Content Security whereas ESA is also an Iron Port and is used for Email Security).
Our predictions never go wrong. As written in our last article on expected changed in CCIE Security Version 5 that Cisco will be concentrating on Firepower product range, Cisco finally introduced the following devices:
- Firepower Management Center Virtual Appliance
- Next generation IPS technology, i.e. Firepower NGIPSv
- Cisco Firepower Threat Defense
All above Firepower technologies will have 6.0.1 running on it.
Above was all about update on Virtual Security appliances range of Cisco. Rest of the devices like ASA 5515x, ISE and others remains the same. You can either use ISE as a physical machine or as a virtual machine as per your preference, however Cisco has ISE as Virtual machine in its CCIE Security lab equipment checklist.
Referring the Core Devices list released by Cisco, here are few important updates on devices:
- Layer 2 with IOSv 15.2 – The Switching part
- Layer 3 with IOSv 15.5(2)T and CSR 1kv (1000V) Cloud Services Router series of Cisco
- Cisco ASAv 9.6.1 – Virtual Adaptive Security Appliance
List of Physical Devices used in CCIE Security Version 5 Lab Exam:
- Cisco Catalyst Switches – 3850 Series running 16.2.1
- Wireless Controllers – 2504 Series running 8.0.133.0
- Cisco ASA firewalls – ASA 5512x or/and 5515x with 9.6.1
- Cisco Aironet – 1602E with 15.3.3
- Cisco IP Phones – 7965 series
The curriculum in version 5 has been set up by closely analyzing the dynamic network security environment and also considering the security job roles in the market. With all these changes, Version 5 of the CCIE Security Certifications aims to channel the focus of the exam to be more technology-driven than hardware-driven.
Version 5 will be available for testing from January 31, 2017 onwards. But until then, Version 4 will be continued. The written and lab exams for version 4 will go on only till July 24, 2016 and v4.1 will be available for testing from July 25 to Jan 30, 2017.
Network Bulls being the Best Institute for CCIE Security Certification Training in India, has already started offering trainings on all new CCIE Security V5 syllabus. Fresher candidates looking for CCIE Security course can opt in for CCIE Security Integrated course and experienced candidates who already have in-depth knowledge of CCNA Security and CCNP Security, can opt for CCIE Security Written + Lab exam training.
Major changes introduced in CCIE Security v5.0 Certification
- A unified and unique curriculum
A unique curriculum has been created in version 5. The domains previously present in written and lab exam topics of v4 have been combined to form a unified curriculum in v5.
- Integration and restructuring of domains
The exam curriculum of Version 5 comprises of six domains as against seven domains in V4. To shift the focus more towards technology, domains present in v4 have been renamed, integrated and reshuffled in v5. For ex-the 7th domain (Security Policies and Procedures, Best Practices and Standards) in V4 has been integrated into the 5th domain (Infrastructure Security, Virtualization and Automation) in V5.
CCIE Security Version 5 Certification Details:
After release of CCIE Security Version 5 Certification, its pretty much clear that what cisco is upto! The All new CCIE Security V5 Certification is the future for all Network Security aspirants out there looking forward to make their career in the new age Network Security technologies. IPSv, Intro to SDN and IoT, Firepower, Email Security Appliance - Iron Port C series, IOSv, you just name it, they have it in the new blueprint/syllabus of lab exam.
Rightly said, the new CCIE Security Certification is a beast. Not just because they added Troubleshooting section along with Diagnostic and Configuration sections, because of the range of devices they are planning to use in the new topology of CCIE Security V5 lab exam! Its obvious that they are planning to use virtual devices, hell lot of virtual devices in the all new topology of Version 5 lab exam, and some of the real boxes as well, but devices are devices! Be it real or Virtual. Its going to be tough, real tough! Believe me!
And yeah, be it Version 4 or Version 5, CCIE Security Certification has always been a big deal. Look at the past, when they introduced CCIE Security Version 4 blueprints along with ASA 5512x series firewalls and IronPorts WSA S Series, everyone was amazed with the changes. They added VoIP Security using IP Phones, 29xx series Routers, 37xx series switches, WLC/AP, ISE Servers, remember?
This time they have come with similar massive changes, and hell yeah we are also ready to exploit it as an opportunity as we always did! We are going to learn these all new technologies like Aliens and produce the finest Network Security Engineers, like we did in 2014-2016.
- Paras Jairath
- RECOMMENDED POSTS