Goal

. The goal of this learning matrix is to help you attain your goal to become certified by providing study resources tail
. It is intended to be used as a reference, and not to provide a complete list of all resources available. The matrix foc
. These widely available preparation resources can be in the form of specific chapters of books, Cisco Validated Desi
webinars, VoDs, SRNDs, white papers, case studies, design guides, Design TechNotes, reference guides, etc.

Disclaimer
. There is no guarantee that you will be able to pass the exam by only referring to material provided within this matr
. There are a lot of other resources (both internal and external) that cover the same exam topics. You are encourage
. This matrix should be considered a living document and taking into account the sheer amount of possible relevant
. We encourage you to participate and engage with us, so if you have any suggestions for further content or any com

How to make the best out of this learning matrix?

1.1. Evaluate yourself and determine which areas you need to improve in

1.2. Create a strategy

Determine which preparation resources YOU need based upon your self-evaluation. Several options might be provid

1.3. Get preparation resources tailored to your own needs

Buy or borrow books, schedule classes, find a study partner, etc. In short, arrange all YOU need to get ready for the

1.4. Are you ready?

Once you are comfortable you are mastering exam topics, register and take the exam.

1.5. Pass?
Did you pass? Great! Did you not? Do not despair, do a lessons learned review and update your self-evaluation.
 providing study resources tailored to your own needs.
urces available. The matrix focusses primarely on Cisco and Cisco Press content.
of books, Cisco Validated Design documents (CVDs), Cisco Live 365 presentations, courses,
eference guides, etc.

erial provided within this matrix. But it will certainly improve your skills, which will serve as the foundation you need to build up
am topics. You are encouraged to use any other resources at your own discretion during your exam preparation.
r amount of possible relevant content, the objective here is to refine and improve this compilation of resources over time, so p
or further content or any comments regards to the current content, please let us know.

everal options might be provided to prepare to each topic, you might not need all of them.

OU need to get ready for the exam.

date your self-evaluation.

undation you need to build upon.
m preparation.
n of resources over time, so please refer to it frequently.
ID Exam Topics
1 Perimeter Security and Intrusion Prevention
1.1 Deployment modes on Cisco ASA and Cisco FTD

1.2 Firewall features on Cisco ASA and Cisco FTD

1.3 Security features on Cisco IOS/IOS-XE

1.4 Cisco Firepower Management Center (FMC) feature
1.5 NGIPS deployment modes

1.6 Next Generation Firewall (NGFW) features

1.7 Detect, and mitigate common types of attacks

1.8 Clustering/HA features on Cisco ASA and Cisco FTD

1.9 Policies and rules for traffic control on Cisco ASA and Cisco FTD

1.10 Routing protocols security on Cisco IOS, Cisco ASA and Cisco
FTD

1.11 Network connectivity through Cisco ASA and Cisco FTD

1.12 Correlation and remediation rules on Cisco FMC

2 Secure Connectivity and Segmentation
2.1 AnyConnect client-based remote access VPN technologies on
Cisco ASA, Cisco FTD, and Cisco Routers.

2.2 Cisco IOS CA for VPN authentication

2.3 FlexVPN, DMVPN, and IPsec L2L Tunnels

2.4 Uplink and downlink MACsec (802.1AE)

2.5 VPN high availability using (Cisco ASA VPN clustering, Dual-
Hub DMVPN deployments)

2.6 Infrastructure segmentation methods

2.7 Micro-segmentation with Cisco TrustSec using SGT and SXP

3 Infrastructure Security
3.1 Device hardening techniques and control plane protection
methods

3.2 Management plane protection techniques

3.3 Data plane protection techniques

3.4 Layer 2 security techniques

3.5 Wireless security technologies
3.6 Monitoring protocols

3.7 Security features to comply with organizational security

policies, procedures, and standards BCP 38
3.8 Cisco SAFE model to validate network security design and to
identify threats to different Places in the Network (PINs)

3.9 Interaction with network devices through APIs using basic

Python scripts
3.1 Cisco DNAC Northbound APIs use cases

4 Identity Management, Information Exchange, and Access Control

4.1 ISE scalability using multiple nodes and personas.
4.2 Cisco switches and Cisco Wireless LAN Controllers for network
access AAA with ISE.
4.3 Cisco devices for administrative access with ISE
4.4 AAA for network access with 802.1X and MAB using ISE.

4.5 Guest lifecycle management using ISE and Cisco Wireless LAN
controllers
4.6 BYOD on-boarding and network access flows
4.7 ISE integration with external identity sources

4.8 Provisioning of AnyConnect with ISE and ASA

4.9 Posture assessment with ISE

4.1 Endpoint profiling using ISE and Cisco network infrastructure
including device sensor
4.11 Integration of MDM with ISE
4.12 Certificate-based authentication using ISE
4.13 Authentication methods (EAP Chaining, Machine Access
Restriction (MAR))

4.14 Identity mapping on ASA, ISE, WSA, and FTD

4.15 pxGrid integration between security devices WSA, ISE, and
Cisco FMC
4.16 Integration of ISE with multi-factor authentication
4.17 Access control and single sign-on using Cisco DUO security
technology

5 Advanced Threat Protection and Content Security

5.1 AMP for networks, AMP for endpoints, and AMP for content
security (ESA, and WSA)

5.2 Detect, analyze, and mitigate malware incidents

5.3 Perform packet capture and analysis using Wireshark, tcpdump,

SPAN, ERSPAN, and RSPAN

5.4 DNS layer security, intelligent proxy, and user identification

using Cisco Umbrella

5.5 Web filtering, user identification, and Application Visibility and

Control (AVC) on Cisco FTD and WSA.

5.6 WCCP redirection on Cisco devices

5.7 Email security features
5.7 Email security features

5.8 HTTPS decryption and inspection on Cisco FTD, WSA and

Umbrella

5.9 SMA for centralized content security management

5.1 Cisco advanced threat solutions and their integration:

Stealthwatch, FMC, AMP, Cognitive Threat Analytics (CTA),
Threat Grid, Encrypted Traffic Analytics (ETA), WSA, SMA, CTR,
and Umbrella
Cisco Configuration Guides and Docs

Transparentor RoutedFirewallMode
Multiple Context Mode
Configuration Guides
Configuration Examples
Firepower Management Center Configuration Guide, Version 6.2.3
Cisco IOS XE Security Configuration Guide: Secure Connectivity, Release 2
Firepower Management Center Configuration Guide, Version 6.2.3
IPS Device Deployments and Configuration
Configure FTD Interfaces in Inline-Pair Mode
Cisco Next Generation Firewalls
Cisco Next Generation Firewalls
A Cisco Guide to Defending Against Distributed Denial of Service Attacks
Type of Attacks
Firepower Threat Defense High Availability
Clusteringfor the Firepower Threat Defense
Failoverfor High Availability
Deploy a Cluster for ASA on the Firepower 4100/9300 for Scalability and High Availability
Configuring Active/Active Failover
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2
Cisco ASA Series CLI Configuration Guide, 9.0
Configuring a Service Policy
Clarify Firepower Threat Defense Access Control Policy Rule Actions
Configuring OSPF
ASA 9.x EIGRP Configuration Example
Routing Overview for FirepowerThreat Defense
Cisco ASA Troubleshooting TechNotes
Firepower NGFW Troubleshooting TechNotes
Configuring Correlation Policies and Rules
Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.7

Configuring and Managing a Cisco IOS Certificate Server for PKI Deployment
Cisco FlexVPN Configuration Examples and TechNotes
DMVPN Configuration Examples and TechNotes
LAN-to-LAN IPsec Tunnel Between Two Routers Configuration Example
Configuring MACsec Encryption

Psec VPN High Availability Enhancements

Remote VPN Client Load Balancing on ASA 5500 Configuration Example
Small Branch—Dual Hub/Dual DMVPN
VLAN Configuration
Private VLAN Configuration
Configuring GRE Tunnels
Configuring VRF-lite
Cisco TrustSec Switch Configuration Guide

Configuring Control Plane Policing (CoPP)

Configuring IP Services
Protecting Your Core: Infrastructure Protection Access Control Lists
Implementing Management Plane Protection
Understanding Control Plane Protection
Infrastructure Device Access
Unicast Reverse Path Forwarding
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
REMOTELY TRIGGERED BLACK HOLE FILTERING—DESTINATION BASED AND SOURCE BASED
Configuring Dynamic ARP Inspection
IP Device Tracking (IPDT) Overview
Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches
Configuring Port Security
DHCP Snooping
 IPv6 RA Guard
VACLs
Authentication on Wireless LAN Controllers Configuration Examples
Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Configuring SNMP
System Message Logging
RMON Events and Alarms
Configuring eStreamer
https://www.ietf.org/rfc/rfc2827.txt
Cisco SAFE Reference Guide

DEVNET Rest APIs

DEVNET DNA Center Platform Overview Intent APIs
DEVNET DNA Center Rest APIs
Access Control
Network Deployments in Cisco ISE
Central Web Authentication on the WLC and ISE Configuration Example
Control Device Administration Using TACACS+
MAC Authentication Bypass Deployment Guide
Wired 802.1X Deployment Guide
Configure 802.1x Authentication with PEAP,ISE 2.1 and WLC 8.3
Guest Management
ISE, Support Device Access
Active Directory Integration with Cisco ISE 2.x
Configure the ISE for Integration with an LDAP Server
Configure External RADIUS Servers on ISE
Deploy AnyConnect
Deploy AnyConnect
Posture Services on the Cisco ISE Configuration Guide
Cisco ISE Endpoint Profiling Policies
Manage Network Devices
Understand and configure EAP-TLS using WLC and ISE
Understanding EAP-FAST and Chaining implementations on AnyConnect NAM and ISE
Machine Access Restriction Pros and Cons
ISE 2.0 Initial Configuration - Enabling Services and Identity Mapping/PassiveID Configuration
Cisco Identity Services Engine Technology Partners
Two Factor Authentication on ISE – 2FA on ISE
Duo + Cisco

Cisco Advanced Malware Protection (AMP)

Configuration Guides
AMP for Endpoints User Guide
AsyncOS 10.1 for Cisco Web Security Appliances User Guide
User Guide for AsyncOS 11.1 for Cisco Email Security Appliances - GD (General Deployment)
Incident Investigation and Mitigation
Cisco Security
Cisco Incident Control System
Configuring SPAN and RSPAN
Configuring ERSPAN
Catalyst Switched Port Analyzer (SPAN) Configuration Example
Getting Started with Umbrella
Cisco Umbrella Branch
URL Filtering on a FireSIGHT System Configuration Example
Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.1 , Identity Policies
Web Security Deployment Guide
Acquire End-User Credentials
Enabling Application Visibility and Control (AVC)
Managing Access to Web Applications
Configuring WCCP Version 2 Services
Example of Mail Policies and Content Filters
Data Loss Prevention
Policy, Virus, and Outbreak Quarantines
Comprehensive Spam Quarantine Setup Guide on Email Security Appliance (ESA) and Security Management Applian
Spam Quarantine
ESA SMTP Authentication Condition to Prevent Spoofing
Email Authentication
Cisco Email Encryption
SSL Decryption
Create Decryption Policies to Control HTTPS Traffic
SSL Decryption in the Intelligent Proxy
End-User Guides

Cisco ISE and WSA Integration Guide

How To: Integrate Firepower Management Center (FMC) 6.0 with ISE and TrustSec through pxGrid
CiscoStealthwatch
Cisco Cognitive Threat Analytics
Encrypted Traffic Analytics (ETA)
Encrypted Traffic Analytics Configuration Guide, Cisco IOS XE Everest 16.6
Cisco Threat Response
Cisco Threat Response
 Cisco Live Sessions

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ftd#/
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ASA#/
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ftd#/
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ASA#/

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=IOS%20XE%20Security%20feature
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=Firepower%20management%20ce
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=NGIPS%20deplpyment#/session/1

https://www.ciscolive.com/global/on-demand-library.html?search=NGFW%20features#/session/15321128667370
https://www.ciscolive.com/global/on-demand-library.html?search=NGFW%20features#/session/15326216666180
https://www.ciscolive.com/global/on-demand-library.html?search=detect%20and%20motigate%20attacks#/

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ASA%20clustering#/

https://www.ciscolive.com/global/on-demand-library.html?search=ASA%20POLICY%20CONFIGURATION#/session/
https://www.ciscolive.com/global/on-demand-library.html?search=FTD%20deployment#/session/1475057171005

https://www.ciscolive.com/global/on-demand-library.html?search=NGFW%20troubleshooting#/session/14797438
https://www.ciscolive.com/global/on-demand-library.html?search=Anyconnect%20ASA#/session/1454486436582
https://www.ciscolive.com/global/on-demand-library.html?search=anyconnect%20FTD#/session/14750571720150
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=CA%20for%20VPN%20authenticati
https://www.ciscolive.com/global/on-demand-library.html?search=FlexVPN#/session/1437585485178001XrS2
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=dmvpn#/session/1484773617788
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=L2L%20Ipsec%20tunnels#/session
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=MACSEC#/session/142432757355
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=MACSEC#/session/148167480813
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=vpn%20clustering#/session/15326
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=vpn%20clustering#/session/14210

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=TrustSec#/session/142556758554
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=TrustSec#/session/144792079460

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=layer%202%20security#/session/1
https://www.ciscolive.com/global/on-demand-library.html?search=wireless%20security#/session/1454529638041
https://www.ciscolive.com/global/on-demand-library.html?search=NETFLOW#/session/1437585475144001Xuh0
https://www.ciscolive.com/global/on-demand-library.html?search=SNMP#/session/1484334268267001WXxh

https://www.ciscolive.com/global/on-demand-library.html?search=Cisco%20SAFE#/session/14915995881330015G
https://www.ciscolive.com/global/on-demand-library.html?search=Cisco%20SAFE#/session/1499705668081001Pz
https://www.ciscolive.com/global/on-demand-library.html?search=Cisco%20SAFE#/session/1479743847754001ky
https://www.ciscolive.com/global/on-demand-library.html?search=API%20python%20scripts#/session/149029879
https://www.ciscolive.com/global/on-demand-library.html?search=DNAC%20API#/session/1507005077923001FW

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ise%20deployment#/session/1535
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=GUEST%20LIFE%20CYCLE%20ISE#

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ISE%20DEVICE%20ACCESS#/sessio

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=GUEST%20LIFE%20CYCLE%20ISE#
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=BYOD%20ise#/session/142108337
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ise%20intergration%20with%20ex

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=POSTURE%20ISE#/session/153131
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ISE%20profiling#/session/1535478
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ise%20mdm#/session/143758548
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ISE%20certificate%20authenticati

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ISE%20PID#/session/1447920793

https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=DUO#/session/153999807092300
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=DUO#/session/154077350281900
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=DUO#/session/153252299988400
https://www.ciscolive.com/c/r/ciscolive/global/on-demand-library.html?search=ISE%20DUO#/session/154031006

https://www.ciscolive.com/global/on-demand-library.html?search=amP#/session/1467135309779001hMi5
https://www.ciscolive.com/global/on-demand-library.html?search=amP#/session/1473287218891001vJpR
https://www.ciscolive.com/global/on-demand-library.html?search=amP#/session/14479207919620017fyK

https://www.ciscolive.com/global/on-demand-library.html?search=Detect%2C%20analyze%2C%20and%20mitigate
https://www.ciscolive.com/global/on-demand-library.html?search=Detect%2C%20analyze%2C%20and%20mitigate
https://www.ciscolive.com/global/on-demand-library.html?search=Detect%2C%20analyze%2C%20and%20mitigate

https://www.ciscolive.com/global/on-demand-library.html?search=CISCO%20UMBRELLA#/session/148484717554

https://www.ciscolive.com/global/on-demand-library.html?search=Web%20Filtering%20FTD#/session/142108337

https://www.ciscolive.com/global/on-demand-library.html?search=ESA%20features#/session/1467135309929001
https://www.ciscolive.com/global/on-demand-library.html?search=ESA%20features#/session/1447920790630001
https://www.ciscolive.com/global/on-demand-library.html?search=ESA%20features#/session/1535535540932001

https://www.ciscolive.com/global/on-demand-library.html?search=SSL%20Decryption#/session/149982259148400
https://www.ciscolive.com/global/on-demand-library.html?search=SSL%20Decryption%20WSA#/session/1473287
https://www.ciscolive.com/global/on-demand-library.html?search=ETA#/session/BRKSEC-2809
https://www.ciscolive.com/global/on-demand-library.html?search=stealthwatch#/session/1541782655956001Dbb
https://www.ciscolive.com/global/on-demand-library.html?search=CTA#/session/1475057170906001dBG9
https://www.ciscolive.com/global/on-demand-library.html?search=ThreatGrid#/session/15355355409320012HDU
Books Across All Domains

Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection
Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Se
Cisco ISE for BYOD and Secure Unified Access, 2nd Edition
Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP
Network Security Technologies and Solutions (CCIE Professional Development Series)