As some of you probably already know, the CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. The new exam is now called CCNA 210-260 “Implementing Cisco Network Security”. We will now take a look at the differences between the two exams and highlight the most important topic changes.
First thing, IINS 3.0 topics combine and adjust the current domains. Instead of covering nine domains (IINS 2.0), only seven domains are now included. This change was made to better reflect current job roles and job tasks typically performed by CCNA Security individuals. Note that although there are fewer domains, the exam remains the same length – it lasts for 90 minutes and contains 60-70 questions. This is because some new technologies were added and certain topic areas are now covered in more depth. The exam prerequisites did not change – you will not be able to obtain a valid CCNA Security Certificate until you already possess a valid CCENT or CCNA R&S, or any CCIE certificate.
In general, the new CCNA Security exam tests the candidate’s knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web/email content security, and endpoint security. This not only includes the ability to configure certain technologies, but also the abilities to install, troubleshoot, and monitor the equipment to maintain integrity, confidentiality, and availability of data and devices.
Let’s now closely examine the most important differences between the old 2.0 and new 3.0 IINS CCNA Security exam:
- Cisco Configuration Professional (IOS GUI) is not included in IINS 3.0. Only Command Line is expected to be used for configuration (like in the CCIE Security exam).
- It is now assumed that CCNA Security candidates already know the fundamentals of IPv6 (covered in ICND1). This means that IPv6 is not part of the IINS 3.0 blueprint.
- Focus on ACLs has been reduced in the new exam (already covered in ICND1).
- Intrusion Prevention System (IPS) theory (no implementation) is now covered from the perspective of FirePower solution, instead of 4200 series sensors.
- Site-to-Site VPN configuration includes IOS – ASA examples.
- New security topics were added: 802.1x, Identity Services Engine (ISE), Bring Your Own Device (BYOD), Cloud Web Security (CWS).
- Certain examples and technologies were updated. For example, stronger cryptographic algorithms are used.
- The new exam is more hands-on based.
A full list of the new CCNA Security exam topics (the blueprint) can be found here:
https://learningnetwork.cisco.com/community/certifications/security_ccna/iins-v3/exam-topics
