CCIE Security v5 Lab Predictions


The current version of the CCIE Security lab exam (v4) came in 2012. It is now 2016, so after three to four years, it's probably due for an update shortly.

In fact there are rumours and mentions that there will be an announcement at the Berlin Cisco Live event on the 15th February.

So, what could go out, and what could be in?

This is the current list of software versions:

  • Cisco ISR Series running IOS Software Version 15.1(x)T and 15.2(x)T
  • Cisco Catalyst 3560/3750 Series Switches running Cisco IOS Software Release 12.2SE/15.0(x)SE
  • Cisco ASA 5500 Series Adaptive Security Appliances OS Software Versions 8.2x, 8.4x, 8.6x
  • Cisco IPS Software Release 7.x
  • Cisco VPN Client Software for Windows, Release 5.x
  • Cisco Secure ACS System software version 5.3x
  • Cisco WLC 2500 Series software 7.2x
  • Cisco Aironet 1200 series AP Cisco IOS Software Release 12.4J(x)
  • Cisco WSA S-series software version 7.1x
  • Cisco ISE 3300 series software version 1.1x
  • Cisco NAC Posture Agent v4.X
  • Cisco AnyConnect Client v3.0X

Let's break it down and see what could be likely contenders! note - this is just my guesses!

Cisco ISR 15.1(x)T and 15.2(x)T

These are still relatively new. The latest version is 16.01, released in November 2015. 15.1 and 15.2 have been around for over a year, so we might see a jump to a newer version.

Probability/Impact: Low-Medium

Cisco Catalyst 3560/3750 Series Switches 12.2SE/15.0(x)SE

The 3560 and 3750's had an announcement in 2013 that they would be End-of-Life starting mid-2016.

The later versions of these (3560-X and 3750-X) had an EOL in October 2015, and shipping these stops in October 2016, however, support does not end until 2021. Support (in terms of patches) does not stop till 2017.

It it more likely that these will move to 3650s. These do MACSec and TrustSec, among other things, or 3850s.

Probability/Impact: Medium

Cisco ASA 5500 (8.2x, 8.4x, 8.6x)

I think there will be big changes here. The majority of the ASAs will move to the ASAv, which makes sense as there will be much more virtualization within the new lab exam. Expect more ASA 9.x and less 8.2.

Probability/Impact: High

Cisco IPS 7.x

Again, there will be big changes here. EOL was announced in 2013! Support will stop in 2019. Therefore it is highly likely that this will be replaced with FirePower/SourceFire.

Probability/Impact: High

Cisco VPN Client 5.x

EOL as of mid-2011, EOS (End-of-Support) mid-2012. Another contender for complete removal, with more focus on AnyConnect.

Probability/Impact: High

Cisco Secure ACS System 5.3x

5.3 went had an EOL (End-of-Life) announcement back in 2014. With the last day to order it being January 31st 2014, and it will no longer be supported by 31st January 2017. Similarly 5.7 is now EOL as well, as of 2nd November 2015. Looks very likely for complete removal.

This will be replaced with ISE 2.0

Probability/Impact: High

Cisco WLC 2500 Series software 7.2x

The 2500 series line is still going strong, but changes are that the software used will be 8.x (8.2 being the latest).

However, the current trend is to make more use of virtualization, so this may switch to the vWLC, which is also version 8.

Probability/Impact: Medium

Cisco Aironet 1200 series AP 12.4J(x)

This is EOL, so it'll probably move to the 1700 series.

Probability/Impact: High

Cisco WSA S-series software version 7.1x

These are still going strong, so it will stay in the exam, in one form or another. Most likely switching to the vWSA (virtual). Version 7.1 will not be supported beyond August 31st 2016, so expect the version to move to 9.0 (as per the vWSA).

Probability/Impact: High

Cisco ISE 3300 series software version 1.1x

Totally EOL. It'll be ISE 2.0

Probability/Impact: High

Cisco NAC Posture Agent v4.X

4.9 is still going strong, so there probably won't be any change.

Probability/Impact: Low

Cisco AnyConnect Client v3.0X

3.0 will be out and 4.0 will be in.

Probability/Impact: Low

CCIE #49337, author of CCNA and Beyond, BGP for Cisco Networks, MPLS for Cisco Networks, VPNs and NAT for Cisco Networks.

Related Posts

Previous
Next Post »

8 comments

comments
Anonymous
20 February 2016 at 05:28 delete

I was at Cisco Live in Berlin and had a chat with one of the guys from the security certification team, whilst they didn't announce v5 (at least not that I saw) the chap did say it's coming (v4.1 written exam is released in june / july, reading between the lines it looks like next year before v5 comes out but that's just guess work).
Wouldn't go into detail but he did say expect to see offerings from the recent Security acquisitions and new product lineups, so ASA seems likely to be replaced with the new firepower units. AMP, Stealthwatch and possibly threat grid seem likely to come into the mix as well.
HEAVY CAVEAT - These are approximate guesses based on a single conversation, they may prove wide of the mark.

Reply
avatar
20 February 2016 at 07:49 delete

Thank you very much for taking the time to let us know. Very much appreciated, looks like I don't have to worry too much at the moment then!

Reply
avatar
21 February 2016 at 02:59 delete This comment has been removed by the author.
avatar
21 February 2016 at 03:00 delete This comment has been removed by the author.
avatar
21 February 2016 at 03:00 delete

Also most of the time the SW needs to be stable and out for a year. So the only suitable one for Firepower now will be 5.4. However.. they already change to 6. Also I presume they want to switch to virtual environment. I presume they going to announce the lab this summer. Maybe change it at the end of the year.

Reply
avatar
14 June 2016 at 03:10 delete

You need 80% to pass the CCIE Security LAB. Do you know if that is 80% across board or 80% in each section?

Reply
avatar
14 June 2016 at 03:55 delete

I think its 80% across the board

Reply
avatar
BELHADJ
13 August 2016 at 12:57 delete

Hello,


I would like to know if we can pass a CCIE lab exam if we already passed another written exam.


For example: If I pass the CCIE Security v4.1 exam in December 2016. Can I pass the lab exam v5.0 in August 2017?


I didn't find any Cisco official link about that.


Best regards.

Reply
avatar