The Cisco CCIE Security Lab Exam version 5.0 is an eight-hour, hands-on exam that requires a candidate to plan, design, implement, operate, and troubleshoot complex security scenarios for a given specification. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam.
CCIE Security v5.0 unifies written and lab exam topics documents into a unique curriculum, while explicitly disclosing which domains pertain to which exam, and the relative weight of each domain.
The eight-hour lab format consists of three modules and need to be taken in the following sequence during the day of the exam:
The Troubleshooting module delivers incidents that are independent of each other, which means that the resolution of one incident does not depend on the resolution of another. The topology that is used in the Troubleshooting module is different than the topology used in the Configuration module.
The Troubleshooting module is 2 hours. If desired, candidates can extent the Troubleshooting module’s time by borrowing up to 30 min from the Configuration module. Note, the total Configuration's module time will be reduced by the extra time spend in the Troubleshooting module (if any, up to 30 min). If candidates finish the Troubleshooting module early, the unused Troubleshooting module’s time will be added to the Configuration module’s time, ensuring a total lab exam time of 8 hours. The Diagnostic module is fixed in duration (60 minutes).
The new Diagnostic module focuses on the skills required to properly diagnose network issues, without having device access. Candidates will be provided with a set of documentation that represents a snapshot of a realistic situation: at a point in time in an investigation process that a network engineer might be facing. The main objective of the Diagnostic module is to assess the skills required to properly diagnose network issues. These skills include:
These activities are naturally part of the overall troubleshooting skills. They are designed as a separated lab module because the format of the items is significantly different. In the Troubleshooting module, the candidate needs to be able to troubleshoot and resolve network security issues on actual devices.
In the Diagnostic module, the candidate need to make choices between pre-defined options to either indicate:
The Configuration module provides a setup very close to an actual production network having various security components providing various layers of security at different points in the network. Though the major part of the module is based on virtual instances of the Cisco security appliances, the candidate may be asked to work with physical devices as well. At the beginning of the module, the candidate has full visibility of the entire module. A candidate can choose to work in the sequence in which the items are presented or can resolve items in whatever order seems preferable and logical.
NOTE: The candidate must complete the modules in sequence and is not allowed to go back and forth between modules.
When working in the Troubleshooting module, the candidate can choose to borrow up to 30-minutes from the five hours allotted for the Configuration module. The result is that the total time the candidate will have to complete the Configuration module will only be four and one-half hours (4.5 hours).
To maintain the total exam time to eight hours, the optional 30- minutes the candidate decided to use in the Troubleshooting module is deducted automatically from the time originally allocated for the Configuration module.
The web-based delivery system will display a warning message when the two hours has expired in the Troubleshooting module. The system will then ask if the candidate wants to proceed in the Troubleshooting module, adding up to extra 30 minutes before advancing to the next module, or if the candidate wants to stop working on the Troubleshooting module and advance to the Diagnostic module.
To pass the lab exam, the candidate must meet these two conditions:
The reason for these criteria is to prevent the candidate from passing the lab exam while failing or even bypassing a module, for example, the Diagnostic module.
The point value of each item in each lab module is shown on the candidate guide, which is provided at the lab exam. The points are granted only when all the criteria of the item are met. No partial score is granted on any item.
Candidates can review lab exam results online (login required), usually within 48 hours. Results are Pass/Fail and failing score reports indicate major topic areas where additional study and preparation may be useful.
Reevaluation of Lab Results
A Reread involves having a second proctor load your configurations into a rack to re-create the test and re-score the entire exam. Rereads are available for the Routing and Switching, and Service Provider technology tracks.
A Review involves having a second proctor verify your answers and any applicable system-generated debug data saved from your exam. Reviews are available for all other tracks.
The Lab Exam cost does not including travel and lodging expenses. Costs may vary due to exchange rates and local taxes (VAT, GST). You are responsible for any fees your financial institution charges to complete the payment transaction. Price not confirmed and is subject to change until full payment is made.
Cisco documentation is available on-line during the exam, however knowledge of the more common protocols and technologies is assumed. The documentation can only be navigated using the index, as the search function has been disabled. No outside reference materials are permitted in the lab room. You must report any suspected equipment issues to the proctor during the exam; adjustments cannot be made once the exam is over.
Candidates to make your request within 14 days following the exam date by using the "Request for Reread" link next to the lab record. A Reread costs $1,000 USD and a Review costs $400 USD. Payment is made online via credit card and the Reread or Review will be initiated upon successful payment. You may not cancel the appeal request once the process has been initiated. Refunds are given only when results change from fail to pass.
Candidates can register for the Lab exam only after passing the Written exam. Learn more on how to register for the Lab exam.
IT Training Videos and Webinars
Find hundreds of free training videos from across the technology spectrum and register for upcoming live webinars too. Start Learning
Cisco Certifications Podcast
Hear from Cisco Certifications Program Manager Yusef Bhaiji as he discusses the latest enhancements to the Cisco Certifications program. Listen Now
Certification Community Event
Let our experts guide you through the training and certification program updates and answer your questions in real time. Register Now
If you are thinking about or actively pursuing a certification, please read about latest program changes. Read Now
Evolution of Cisco’s professional certification program embraces network professionals and software developers into one community. Learn More
The place on the Cisco Learning Network where you can ask questions and share ideas with other members as you prepare for your Certification. Join Now