🔴 Cisco Certification
CCIE Security v6.1
Lab exam 8 heures — plan, design, deploy, operate et optimize des solutions dual stack (IPv4/IPv6) pour des réseaux enterprise complexes. Programmation et automatisation réseau incluses.
5Domaines
8hLab exam
v6.1Blueprint
25%ISE / Identity
Les 5 domaines du blueprint v6.1
20%
Domaine 1.0
Perimeter Security & Intrusion Prevention
Cisco ASA & FTD — routed/transparent/multi-context/multi-instance
Cisco FMC — alerting, logging, dynamic objects, corrélation
NGIPS — inline/passive/TAP · NGFW — SSL, App-ID, géolocalisation
Attaques — DoS/DDoS, MitM, spoofing, botnet, evasion
HA & clustering ASA/FTD · Routing protocols security
Cisco FMC — alerting, logging, dynamic objects, corrélation
NGIPS — inline/passive/TAP · NGFW — SSL, App-ID, géolocalisation
Attaques — DoS/DDoS, MitM, spoofing, botnet, evasion
HA & clustering ASA/FTD · Routing protocols security
→
20%
Domaine 2.0
Secure Connectivity & Segmentation
Cisco AnyConnect — remote access VPN (ASA, FTD, IOS routers)
Cisco IOS CA pour authentification VPN
FlexVPN, DMVPN, IPsec L2L tunnels
VPN HA — clustering ASA, dual-hub DMVPN
Segmentation — VLAN, PVLAN, GRE, VRF-Lite
Microsegmentation TrustSec (SGT / SXP)
Cisco IOS CA pour authentification VPN
FlexVPN, DMVPN, IPsec L2L tunnels
VPN HA — clustering ASA, dual-hub DMVPN
Segmentation — VLAN, PVLAN, GRE, VRF-Lite
Microsegmentation TrustSec (SGT / SXP)
→
15%
Domaine 3.0
Security Infrastructure
Hardening — CoPP, iACLs, uRPF, RTBH, management plane
L2 security — DAI, DHCP snooping, STP security, RA Guard, VACL
Wireless — WPA/WPA2/WPA3, TKIP, AES
Monitoring — NetFlow/IPFIX, SNMP, Syslog, eStreamer
Compliance — ISO 27001, PCI-DSS, BCP 38 · Cisco SAFE model
APIs Python — REST, JSON/XML, DNAC Northbound
L2 security — DAI, DHCP snooping, STP security, RA Guard, VACL
Wireless — WPA/WPA2/WPA3, TKIP, AES
Monitoring — NetFlow/IPFIX, SNMP, Syslog, eStreamer
Compliance — ISO 27001, PCI-DSS, BCP 38 · Cisco SAFE model
APIs Python — REST, JSON/XML, DNAC Northbound
→
25%
Domaine 4.0 — Le plus lourd !
Identity Management, Information Exchange & Access Control
Cisco ISE — scalabilité, nodes, personas
802.1X & MAB — switches, WLC, admin access
BYOD onboarding, Guest lifecycle, Posture assessment
ISE + LDAP / AD / RADIUS · Profiling & MDM
pxGrid — ISE ↔ FMC ↔ WSA · AnyConnect provisioning
DUO MFA · IBNS 2.0 (C3PL) · EAP Chaining / TEAP
802.1X & MAB — switches, WLC, admin access
BYOD onboarding, Guest lifecycle, Posture assessment
ISE + LDAP / AD / RADIUS · Profiling & MDM
pxGrid — ISE ↔ FMC ↔ WSA · AnyConnect provisioning
DUO MFA · IBNS 2.0 (C3PL) · EAP Chaining / TEAP
→
20%
Domaine 5.0
Advanced Threat Protection & Content Security
Cisco AMP — networks, endpoints, content security (ESA, WSA)
Cisco Umbrella — DNS security, CASB, DLP, RBI policies
WSA / ESA — web & email filtering, DLP, quarantaine
Stealthwatch, Threat Grid, CTA, ETA, Cisco Threat Response
PCAP & analyse — Wireshark, tcpdump, SPAN/ERSPAN/RSPAN
HTTP decryption & inspection FTD/WSA/Umbrella
Cisco Umbrella — DNS security, CASB, DLP, RBI policies
WSA / ESA — web & email filtering, DLP, quarantaine
Stealthwatch, Threat Grid, CTA, ETA, Cisco Threat Response
PCAP & analyse — Wireshark, tcpdump, SPAN/ERSPAN/RSPAN
HTTP decryption & inspection FTD/WSA/Umbrella
→