Pass CCIE Security Lab Exam with SPOTO 100% Real Workbooks and Solutions

Latest CCIE SEC Lab v6.0 exam study materials to guarantee 100% pass!

  • Technical Support from Professional Tutors
  • 2100+ CCIE Pass Results
  • CCIE Lab Materials Update Quickly
  • 100% Real CCIE Lab Exam Workbooks and Solutions
  • 100% Real CCIE Lab Exam Environment
  • Latest Rack Hardware Fully Support Real Lab

CCIE RS Written Testing

100% Real Exam Questions, Accurate & Verified Answers as Seen in the Real Exam! Are you ready for your Cisco CCIE R&S Written Exam? Let do it. Instant Result!
Start the test

IT Training Leader for 18 Years

SPOTO, an outstanding IT training Institute with 17-year experience, has assisted thousands of candidates to pass their dream IT exams in first try. Our candidates speak highly of quality practice tests & outstanding service.

7/24 Professional Technical Support

To help SPOTO candidates well prepared exam, we have professional tutors to provide 7/24 online technical support to ensure candidates solve any problems at any time.

Latest & 100% Pass Exam Solutions

Our solutions cover 100% real pass exam answers and questions and exam practice tests. SPOTO will update the exam solutions timely and our product manager will ensure the accuracy and stability of exam solutions to help you 100% pass exam.

Latest Passing Reports from SPOTO Candidates

Pass FeedbacksView More >

CCNP Enterprise Written

CCNP Enterprise Written

CCNP Security Written

CCNP Security Written

CCNP Collaboration Written

CCNP Collaboration Written

CCNP Enterprise Written

CCNP Enterprise Written

CCNP Enterprise Written

CCNP Enterprise Written

CCNP Security Written

CCNP Security Written

CCNP Data Center Written

CCNP Data Center Written

CCNP Enterprise Written

CCNP Enterprise Written

CCNP SP Written

CCNP SP Written

CCNP Enterprise Written

CCNP Enterprise Written

CCIE Security Lab Exam Info-Fully Prepare Exam With SPOTO

The Cisco CCIE Security (v6.0) Practical Exam is an eight-hour, hands-on exam that requires a candidate to plan, design, deploy, operate, and optimize network security solutions to protect your network. CCIE Security LAB Exam include 2 models (Design and Deploy & Operate & Optimize). SPOTO offers latest & updated CCIE Security Lab Exam Workbook and Solutions for candidates to fully prepare CCIE Security Lab exam with ease. You can pass your CCIE Security Lab exam in the first attempt by using SPOTO CCIE Security Lab study materials if you work hard and practice more.

Exam Code: CCIE Security Lab    

Exam Fee:  $1,600     

Exam Duration: 8 hours   

Validity Period: 3 years

Major topics of CCIE Security Lab Exam:

 1. Perimeter Security and Intrusion Prevention (20%)

2. Secure Connectivity and Segmentation (20%)

3. Infrastructure Security (15%)

4. Identity Management, Information Exchange, and Access Control (25%)

5. Advanced Threat Protection and Content Security (20%)

DOO DEMO

Section 1

1.5 You have been asked to set up a secure link between the RTP branch and HQ. The link will provide confidentiality and integrity for the traffic between supplicants in 5.2.XX.0/24 network and intranet address space in DC 3. The requirements are as follows:

FlexVPN VTI method must be used to establish security between R16 and R5.

The secure tunnel must extend t........

 

Section 2

2.1 You have been asked to configure high availability for ASAs in the Internet Edge 1 layer of the network. The requirements are as follows:

The last octet of the active and standby management interface addresses must be .53 and .54 respectively.

The last octet of the active and standby non-management interface addresses must be .1 and .2 respectively.

The last octet of the failover link active and standby addresses must be .1 and .2 respectively.

Note: ASA1v must be active in the pair when you have completed this task.

 

2.2 You have been asked to configure high availability for ASAs in the Internet Edge 2 layer of the network. The requirements are as follows:

The last octet of the active and standby management interface addresses must be .58 and .59 respectively.

The last octet of the active and standby non-management interface addresses must be .1 and .2 respectively.

The last octet of the failover link active and standby addresses must be .1 and .2 respectively.

Note: ASA2v must be active in the pair when you have completed this task.

 

Section 3

3.1 You have been asked to configure SW1 and ISE for the on-boarding of the TAC PC Windows machine using 802.1X. The requirements are as follows:

SW1 must provide the IP address, next hop, and DNS server to the Windows machine.

The SW1 port to which a supplicant is connected must be moved dynamically to the relevant VLAN.

The session authentication must be performed by ISE with Active Directory as the external identity source. ISE internal database must serve as a backup in case Active Directory is not available.

The session DACL must only permit access from any source to:

 

Section 4

4.1 You have been asked to provision NGIPS and define access policies for the traffic that is sourced from Windows machines on-boarded by SW1. The requirements are as follows:

IPS zones must be present in the access policy.

Traffic that originated from a Windows machine must allow .........

 

Design Demo

Questions:

9. Which attack surface in the design, when compromised, results in the bypass of downstream technical controls?

○ Core

○ Access

○ Human

○ Application

○ Device

 

11. Which two attack surfaces in the design can be used to define the traffic baseline for anomaly detection? (Choose two.)

○ Access

○ Device

○ Network

○ Application

 

Refer to the new resource(s) available.

 

15. Choose the correct options to develop a valid ASA high availability configuration for the solution.

ASA2 configured as (secondary/primary/standby) unit in the high availability setup. The traffic for the Sales organization routed through (ASA2-C2/ASA1-C1/ASA1-C2) context and traffic for the Finance organization routed through (ASA2-C2/ASA1-C2/ASA1-C1) context. For context resources the (default/no/custom) class is applied.

Refer to the new resource(s) available.

 

16. Choose the correct options to develop a valid NAT configuration for the solution.

In the (Datacenter/Access/Core-Distribution/Internet Edge) layer deploy (Static NAT/Identity NAT/Dynamic NAT/PAT) using (PAT Object/Twice PAT/Twice NAT/Network Object) for (Engineering server/Marketing server/Sales server/Finance server) from (Outside/Inside/DMZ) to (Outside/DMZ/Inside) routed through (ASA2-C2/ASA1-C1/C1 and C1)

 

Refer to the new resource(s) available.

20. Which four configuration components enable a valid ASA high availability configuration? (Choose four.)

○ ASA1v-ASA11v configured in routed mode as Active-Standby failover.

○ ASA1v-ASA11v have an inside route for DNS reachability.

○ ASA1v and ASA11v configured as secondary units in the failover pair.

○ ASA1v-ASA11v have an DMZ route for DNS reachability.

 

CCIE Security LAB Exam include 2 models (Design and Deploy & Operate & Optimize).

This is the material content that you need practice. You will face them when you take exam.

Design: Design 1

 

Deploy & Operate & Optimize:LAB1

This is CCIE Security v6.0 LAB study plan we suggest. If you can spend 2~4 hours on lab practice per day, you can take the exam after 2 months.

We provide 3 months service time, you can follow your time to practice, it is flexible.

 

We delivered the materials stage by stage:

Stage 1:Section 2.1-2.4: Failover A/S A/A, Cluster; section 4.1: FMC/NGIPS

Stage 2:Section 1.2-1.5: IPSec IKEv2, clientless SSL, Site-to-Site and FlexVPN

Stage 3:Section 3.4, 3.5, 4.6: Syslog, NetFlow

Stage 4:Section 3.1-3.3, 4.4: 802.1X, MAB, TrustSec

Stage 5:Section 4.2, 4.3, 4.5: WSA, FireAMP, Stealthwatch

We delivered stage 2 materials after you complete stage 1.

We delivered stage 3 materials after you complete stage 2.

The design materials will be sent 1 week before your exam date.

1. What are the CCIE Security lab exam learning materials?

The followings will be sent to your email no later than 8 hours after verification of your payment.

  • Software and setup instructions
  • Learning Materials, including Workbook, Solutions and Instruction Video.
  • Study Plan
  • The materials we provide by module delivery. We send CFG for practice first, we will send TS materials after you complete CFG practice. Finally is DIAG materials.

We reserve the rights to terminate all the services in case we learned you have been sharing our materials with others. Thank you for your understanding.

2. How long is my service period?

Our standard service period is 3 months.

3. Is the environment of the rack practice the same as the examination?

The environment in which you practice on the rack is the same as the real lab exam.

4. How to open CCIE SECURITY Lab exam workbook and solution?

All of the workbook and solution are encrypted documents, it only allows one pc to open it. We will send a guide to tell you how to open the workbook and solution. It supports windows operating system and mac operating system

5. How to use remote rack?

You use software of CRT to login. We have a tutorial to show you how to use. There is no requirement for PC performance when remote access rack. You can schedule your practice time on our schedule system, it is 4 hours per session. you can schedule practice time before 24 hours.

6.What happens if the exam becomes unstable?

We make sure you will receive updated information and materials as soon as we learned any changes to the exam. In case we learned any major changes happened during your service period, your remaining service period will be calculated from the date we learned the exam becomes stable again.

7.How do I contact you for any issues and questions?

We highly recommend that you add our Tutor’s whatsapp: +86 152 5915 2519 so that we can follow up on your progress and help you with any questions. You may also email our tutor at tutor@spoto.cn . Either Whatsapp or email we guarantee a response within 24 hours. If you have any problem or difficulty during the practice, our tutor will help you to solve it through teamview.

Get Limited Time Offer

Pass Your IT Certification Exams in the First Attempt With SPOTO!

SPOTO offers 100% real and valid IT exam dumps, 100% same with the real exam. SPOTO, the leader of IT certification online training for 17 years, has helped 2100+ candidates to get their Cisco CCIE certifications. Our products cover Cisco, PMP, ISACA, Amazon Aws, Palo Alto, Microsoft and other IT exams. With SPOTO real IT exam practice tests, you can boost salary and advance your IT networking career fast!