The Complete CCNA Security Certification Guide

- select the contributor at the end of the page -

In my last article, The Complete Cisco CCNA Certification Guide, I outlined the required objectives that the CCENT and CCNA exams cover, along with providing some recommended training to use while preparing for your Cisco exams.

Today, I'm going to be focusing on one of the specialty certificates which you may want to get after completing your CCNA -- the CCNA Security Certification: Implementing Cisco IOS Network Security (exam 640-553).

We'll take a look at the exam objectives and some recommended training materials that will help you prepare for your CCNA Security certification.


Network Security: The Most In Demand IT Skill Today

CCNA Security Certification

Why would you want to get the CCNA Security cert?

Well for one thing, it's a great move for your career, as all companies are looking for security savvy IT pros. If you look at the current job postings for networking professionals, you will notice that security is one of the top skills that companies are looking for.

Network security is also one of the most important factors in today's business environments, thus the need for you to be proactive in your approach towards securing your company's data.

As technology advances, so does the kinds of vulnerabilities that an attacker can use to exploit your network. Cisco understands this concept and is keen in ensuring that their products aren't just the best in terms of performance and reliability, but also in ensuring that they're at the top of their game when it comes to security.

The CCNA Security certification track prepares candidates to be able to do just that. It covers a wide range of topics, focusing on securing Cisco routers and switches (also called Hardening Cisco Devices).

CCNA Security candidates will gain the knowledge needed to mitigate network attacks by properly configuring Cisco devices.


Cisco CCNA Security Exam (640-553) Objectives

To take the CCNA Security exam, you must have a valid CCNA certification. Once you pass your exam, your CCNA Security certification will be valid for three years.

These are the objectives for the CCNA Security Exam: Implementing Cisco IOS Network Security (640-553) as listed on Cisco Learning Network:

Describe the security threats facing modern network infrastructures



  • Describe and list mitigation methods for common network attacks

  • Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks

  • Describe the Cisco Self Defending Network architecture

Secure Cisco routers



  • Secure Cisco routers using the SDM Security Audit feature

  • Use the One-Step Lockdown feature in SDM to secure a Cisco router

  • Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements

  • Secure administrative access to Cisco routers by configuring multiple privilege levels

  • Secure administrative access to Cisco routers by configuring role based CLI

  • Secure the Cisco IOS image and configuration file

Implement AAA on Cisco routers using local router database and external ACS



  • Explain the functions and importance of AAA

  • Describe the features of TACACS+ and RADIUS AAA protocols

  • Configure AAA authentication

  • Configure AAA authorization

  • Configure AAA accounting

Mitigate threats to Cisco routers and networks using ACLs



  • Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets

  • Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI

  • Configure IP ACLs to prevent IP address spoofing using CLI

  • Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting



  • Use CLI and SDM to configure SSH on Cisco routers to enable secured management access

  • Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Mitigate common Layer 2 attacks



  • Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Implement the Cisco IOS firewall feature set using SDM



  • Describe the operational strengths and weaknesses of the different firewall technologies

  • Explain stateful firewall operations and the function of the state table

  • Implement Zone Based Firewall using SDM

Implement the Cisco IOS IPS feature set using SDM



  • Define network based vs. host based intrusion detection and prevention

  • Explain IPS technologies, attack responses, and monitoring options

  • Enable and verify Cisco IOS IPS operations using SDM

Implement site-to-site VPNs on Cisco Routers using SDM



  • Explain the different methods used in cryptography

  • Explain IKE protocol functionality and phases

  • Describe the building blocks of IPSec and the security functions it provides

  • Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM


Recommended Training Materials for the CCNA Security Exam

Cisco Press really should be your first place to look when considering purchasing study materials for this exam as the material is authorized and published by Cisco. This means that you are guaranteed that the topics covered in the books are exactly what Cisco recommends you study in order to prepare and pass your exam.

  •   CCNA Security Books

The CCNA Security Exams GuideThe CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace is the recommended book and can be found on the Cisco Press website.

It covers all of the exam objectives while providing you with questions to test your knowledge of the subject matter.

However, I would not recommend this book to be your only source of exam preparation. This text is a good place to start as it will help you get ready for the 640-553 exam, but make sure too utilize other training materials including practice exams and simulators as well.

The CCNA Security Quick Reference is another good book to check out. After you have completed most of your studies and are at the final stages before your exam, this reference guide is a really good tool to provide you with quick reminders of the main topics the exam covers, stuff you should know before actually taking the exam.

  •   CCNA Security Training Videos

Cisco CCNA SecurityAs you know by now, I'm a big fan of Train Signal's training videos. I've used them for my CCNA and currently I'm using them for my CCNP studies as well. They truly are one of the best providers of self paced training materials.

Chris Bryant is your instructor for the CCNA Security track as was the case with the CCNA training. This guy is really good, trust me.

Plus the training covers all of the exam objectives and Chris Bryant goes over lots of examples, which can be helpful when you're practicing your commands on a simulator.

  •   Cisco Simulators

Cisco updated their Packet Tracer to 5.2 which was a really cool upgrade. It now includes commands to help you pass your CCNA Security exam, like being able to configure site-to-site VPNs, and AAA on your device.

GNS3 is probably the closest you'll come to actually testing the Cisco IOS commands on a real IOS, without actually having the hardware.

Sounds confusing? It's really not. What GNS3 actually does is use real Cisco IOS images and simulate the hardware so that you can do actual configurations using the IOS. Awesome stuff!

  •   Cisco Learning Network

Again I must stress how useful the Cisco Learning Network can be when preparing for any Cisco Certification.

As I mentioned in my previous article, make sure to sign up and join this community of peers just like you -- aspiring to get their Cisco certifications. You gain access to a wealth of resources, one of my favorite being the Quick Learning Modules, which are simple and short videos, explaining various topics covered on the exam.

  •   CCNA Security Practice Exams

Yes! The famous Transcender test engines. These exams truly are amazing at how they test your knowledge of the exam materials.

They even provide you with explanations to each question you got wrong, so that when you are reviewing your practice exam results, you'll know exactly why you got that particular question wrong.

Set Yourself Apart with the Cisco Security Certification

Overall, the CCNA Security track covers topics that are instrumental in providing technicians with the skills they need to properly secure corporate networks using Cisco switches and routers.

Achieving your CCNA Security certification also sets you apart from other applicants, mainly because it provides proof to current and potential employers that you do in fact know your security stuff as opposed to just putting on your resume that you have some security experience. You will also feel more comfortable in your role as a network admin because you will have a better understanding of security.

I hope this article has been informative to you. Let me know if you have any other recommended materials to share.

Good luck on your next Cisco exam!

Get our content first. In your inbox.

Loading form...

If this message remains, it may be due to cookies being disabled or to an ad blocker.


Jason Harry

Jason Harry is a technology enthusiast and a Systems Engineer with over 3 years of experience in the IT field. He spends most of his time playing video games, reading and researching the latest technological advancements as well as studying for his next IT certification. At the moment he is preparing for his MCTS on MOSS 2007 and MCITP Server Administrator. His long term goals include obtaining CCDA, CCDP and MCITP Enterprise Administrator certifications. Jason is very passionate about becoming one of the best IT Professionals amongst his peers and he dreams of one day being able to be a successful IT consultant. (CCNA, CCNP, CCNA Voice, MCSA, MCP, Net+, A+)