The current version of the CCIE Security lab exam (v4) came in 2012. It is now 2016, so after three to four years, it’s probably due for an update shortly.
In fact there are rumours and mentions that there will be an announcement at the Berlin Cisco Live event on the 15th February.
So, what could go out, and what could be in?
This is the current list of software versions:
- Cisco ISR Series running IOS Software Version 15.1(x)T and 15.2(x)T
- Cisco Catalyst 3560/3750 Series Switches running Cisco IOS Software Release 12.2SE/15.0(x)SE
- Cisco ASA 5500 Series Adaptive Security Appliances OS Software Versions 8.2x, 8.4x, 8.6x
- Cisco IPS Software Release 7.x
- Cisco VPN Client Software for Windows, Release 5.x
- Cisco Secure ACS System software version 5.3x
- Cisco WLC 2500 Series software 7.2x
- Cisco Aironet 1200 series AP Cisco IOS Software Release 12.4J(x)
- Cisco WSA S-series software version 7.1x
- Cisco ISE 3300 series software version 1.1x
- Cisco NAC Posture Agent v4.X
- Cisco AnyConnect Client v3.0X
Let’s break it down and see what could be likely contenders! note – this is just my guesses!
Cisco ISR 15.1(x)T and 15.2(x)T
These are still relatively new. The latest version is 16.01, released in November 2015. 15.1 and 15.2 have been around for over a year, so we might see a jump to a newer version.
Probability/Impact: Low-Medium
Cisco Catalyst 3560/3750 Series Switches 12.2SE/15.0(x)SE
The 3560 and 3750’s had an announcement in 2013 that they would be End-of-Life starting mid-2016.
The later versions of these (3560-X and 3750-X) had an EOL in October 2015, and shipping these stops in October 2016, however, support does not end until 2021. Support (in terms of patches) does not stop till 2017.
It it more likely that these will move to 3650s. These do MACSec and TrustSec, among other things, or 3850s.
Probability/Impact: Medium
Cisco ASA 5500 (8.2x, 8.4x, 8.6x)
I think there will be big changes here. The majority of the ASAs will move to the ASAv, which makes sense as there will be much more virtualization within the new lab exam. Expect more ASA 9.x and less 8.2.
Probability/Impact: High
Cisco IPS 7.x
Again, there will be big changes here. EOL was announced in 2013! Support will stop in 2019. Therefore it is highly likely that this will be replaced with FirePower/SourceFire.
Probability/Impact: High
Cisco VPN Client 5.x
EOL as of mid-2011, EOS (End-of-Support) mid-2012. Another contender for complete removal, with more focus on AnyConnect.
Probability/Impact: High
Cisco Secure ACS System 5.3x
5.3 went had an EOL (End-of-Life) announcement back in 2014. With the last day to order it being January 31st 2014, and it will no longer be supported by 31st January 2017. Similarly 5.7 is now EOL as well, as of 2nd November 2015. Looks very likely for complete removal.
This will be replaced with ISE 2.0
Probability/Impact: High
Cisco WLC 2500 Series software 7.2x
The 2500 series line is still going strong, but changes are that the software used will be 8.x (8.2 being the latest).
However, the current trend is to make more use of virtualization, so this may switch to the vWLC, which is also version 8.
Probability/Impact: Medium
Cisco Aironet 1200 series AP 12.4J(x)
This is EOL, so it’ll probably move to the 1700 series.
Probability/Impact: High
Cisco WSA S-series software version 7.1x
These are still going strong, so it will stay in the exam, in one form or another. Most likely switching to the vWSA (virtual). Version 7.1 will not be supported beyond August 31st 2016, so expect the version to move to 9.0 (as per the vWSA).
Probability/Impact: High
Cisco ISE 3300 series software version 1.1x
Totally EOL. It’ll be ISE 2.0
Probability/Impact: High
Cisco NAC Posture Agent v4.X
4.9 is still going strong, so there probably won’t be any change.
Probability/Impact: Low
Cisco AnyConnect Client v3.0X
3.0 will be out and 4.0 will be in.
Probability/Impact: Low
I was at Cisco Live in Berlin and had a chat with one of the guys from the security certification team, whilst they didn't announce v5 (at least not that I saw) the chap did say it's coming (v4.1 written exam is released in june / july, reading between the lines it looks like next year before v5 comes out but that's just guess work).
Wouldn't go into detail but he did say expect to see offerings from the recent Security acquisitions and new product lineups, so ASA seems likely to be replaced with the new firepower units. AMP, Stealthwatch and possibly threat grid seem likely to come into the mix as well.
HEAVY CAVEAT – These are approximate guesses based on a single conversation, they may prove wide of the mark.
Thank you very much for taking the time to let us know. Very much appreciated, looks like I don't have to worry too much at the moment then!
Also most of the time the SW needs to be stable and out for a year. So the only suitable one for Firepower now will be 5.4. However.. they already change to 6. Also I presume they want to switch to virtual environment. I presume they going to announce the lab this summer. Maybe change it at the end of the year.
This comment has been removed by the author.
This comment has been removed by the author.
You need 80% to pass the CCIE Security LAB. Do you know if that is 80% across board or 80% in each section?
I think its 80% across the board
Hello,
I would like to know if we can pass a CCIE lab exam if we already passed another written exam.
For example: If I pass the CCIE Security v4.1 exam in December 2016. Can I pass the lab exam v5.0 in August 2017?
I didn't find any Cisco official link about that.
Best regards.