CCIE Security v5.0 LAB Dumps & Training

Pass FeedbacksView More >

CCIE Data Center Lab
Oct 13, 2019
CCIE Data Center Lab
CCIE Security Lab
Oct 11, 2019
CCIE Security Lab
CCIE Security Lab
Oct 11, 2019
CCIE Security Lab
CCIE Data Center Lab
Oct 11, 2019
CCIE Data Center Lab
CCIE Security Lab
Oct 11, 2019
CCIE Security Lab
CCIE Data Center Lab
Oct 10, 2019
CCIE Data Center Lab
CCIE RS Lab
Oct 9, 2019
CCIE RS Lab
CCIE Data Center Lab
Oct 9, 2019
CCIE Data Center Lab
CCIE Security Lab
Oct 9, 2019
CCIE Security Lab
CCIE Security Lab
Oct 9, 2019
CCIE Security Lab

CCIE Security Lab Exam Information:
  TS:TS1、TS2、TS3、TS3+、TS3++
  CFG :LAB1
  DIAG:DIAG1、DIAG2、DIA2+、DIAG2++、DIAG2+++
Special Dicount
Get special offers
Latest Solutions and feedback
Workbook & Solution & Feedbak

Product Advantages

  • Schedule Physical Racks Anytime and Anywhere
  • Update Timely
  • 100% Cover Real Exam
  • Latest Lab Exam Feedbacks
  • 7/24 Online Technical Support
  • 100% Pass
  • Tutorial Video Guide
  • Average 60 Days Pass Period
  • 3 CCIE LAB Pass Everyday
  • 16 Years of IT training Experience



CONTENTS
Task1Download Now

Task 1.1a : configure ASA1_V and ASA11_V For Active-Standby Failover

Your configuration should meet the following requirements:
ASA1_V
Interface Gi0/0 :
Address Primary-Standby: 20.1.1.1/24-20.1.1.2/24
Name: outside
Interface Gi0/1:
Address Primary-Standby: 10.1.11.1/24-10.1.11.2/24
Name: inside
Interface Management 0/0:
Address Primary-Standby: 150.1.7.53/24-150.1.7.54/24
Name: mgmt
Security level : 100

Failover :
Unit primary
Lan-link interface: Gi0/2
Primary-standby:10.10.11.1/24-10.10.11.2/24
Name: FO

EIGRP Routing :
Autonomous system: 12
Network:10.1.11.0/24
EIGRP Authentication :
Mode MD5
Key-ID : 1
Password:cisco

ASA11_V
Failover:
Unit secondary
Lan-link interface Gi0/2
Primary-Standby : 10.10.11.1/24-10.10.11.2/24
Name : FO

Note:
Make sure that all the interface are being monitored for this failover implementation。
Points:2




Solution
=================================================================
ASA1v/ASA11v:
ASA1v(config)# show firewall
Firewall mode: Router ----------correct mode
Or
ASA1v(config)# no firewall transparent
ASA1v(config)# show firewall
Firewall mode: Router
=================================================================
Failover
=================================================================
ASA1v/ASA11v:
interface GigabitEthernet0/2
no shutdown
----------------------------------------------------------------------------------------------------------------------
ASA1_V:
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
---------------------------------------------------------------------------------------------------------------------
ASA11_V:
failover lan unit secondary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
---------------------------------------------------------------------------------------------------------------------
ASA1v:
ASA1V(config)#ping 10.10.11.2

ASA1V(config)# failover

ASA11v:
ASA11V(config)# failover
===================================================================
Verify
===================================================================
ASA1V:

ASA11V:

===================================================================
ASA1v: Primary/Active
===================================================================
interface GigabitEthernet0/0
no shutdown
nameif outside
security-level 0
ip address 20.1.1.1 255.255.255.0 standby 20.1.1.2
exit
interface GigabitEthernet0/1
no shutdown
nameif inside
security-level 100
ip address 10.1.11.1 255.255.255.0 standby 10.1.11.2
authentication key eigrp 12 cisco key-id 1
authentication mode eigrp 12 md5
exit
interface Management0/0
no shutdown
nameif mgmt
security-level 100
ip address 150.1.7.53 255.255.255.0 standby 150.1.7.54
exit

ASA1V(config)#ping 20.1.1.10
ASA1V(config)#ping 10.1.11.10
ASA1V(config)#ping 150.1.7.201

router eigrp 12
 network 10.1.11.0 255.255.255.0
==================================================================
Verify
==================================================================ASA1v:


Task 1.1b : configure ASA2_V and ASA22_V For Active-Standby Failover

Task 1.2 : configure ASA1 and ASA2 For the Active-Active Failover

Task 1.3 : configure ASA3 and ASA4 for Clustering

Task 1.4 : configure Access Policy On NGIPS

Your configuration should meet the following requirements:

Rule 1: Permit EIGRP routing process between R1 and R2.
R1 Should be in the external Zone.
R2 Should be in the internal Zone.
Enable Logging for the rules at the beginning of the connection.

Solution
*****************************************************************************************************
Tips:
  1、Sometimes should reconfigure Objects and Rules
  2、NGIPS has registered to FMC in the exam
*****************************************************************************************************

===================================================================
Permit EIGRP traffic
===================================================================
Just confirm eth1-external zone , eth2-internal zone





===================================================================
Check the preconfig of Objects
===================================================================
Add Rule 1
===================================================================


















===================================================================
Verify
===================================================================






Task2Download Now

Task 2.1 : configure WCCP Redirection On R2 For server1 and server2 HTTP traffic originated From client_pc1

Your configuration should meet the following requirements:

1)HTTP Traffic should be redirected to WSA at 150.1.7.213. Make sure R2 explicitly configured for traffic redirection to 150.1.7.213 only.
2)WCCP communication between R2 and WSA should be authenticated using password cisco
3)GRE only method should be used for packet forwarding and return.
4)Any traffic filtering applied should be network and host specific for the HTTP port 8080

Note:
This task can only be verified after the successful implementation of Task 1.1a Task 1.4 and Task 4.1 ( being able to perform end-to-end connectivity test )
Points : 5

Solution ===================================================================
Tips: WSA has been initialized in exam.
===================================================================
Firefox browser through candidate PC

-------------------------------------------------------------------------------------------------------------------
Tips: Disable http port, sometimes it is preconfigured,so check it.
------------------------------------------------------------------------------------------------------------------










----------------------------------------------------------------------------------------------------------------------
Tips: Check the default route which is pointing to R2 150.1.7.232.
----------------------------------------------------------------------------------------------------------------------




---------------------------------------------------------------------------------------------------------------------
WCCP
--------------------------------------------------------------------------------------------------------------------








----------------------------------------------------------------------------------------------------------------------
Web proxy
----------------------------------------------------------------------------------------------------------------------






R2:
ip access-list extended RED
  permit tcp 172.16.1.0 0.0.0.255 host 192.168.101.3 eq 8080
  permit tcp 172.16.1.0 0.0.0.255 host 192.168.102.3 eq 8080
exit
ip access-list standard WSA
  permit 150.1.7.213
exit

ip wccp 90 redirect-list RED group-list WSA password cisco

interface GigabitEthernet2
  ip address 10.1.12.2 255.255.255.0
  ip wccp 90 redirect in
===================================================================
Verify: After completing Task 1.1a Task 1.4 and Task 4.1
===================================================================

Task 2.2 : configure HTTP traffic Access Policy On WSA 68

Task 2.3 : Install FireAMP connector on candidate PC and configure FireAMP Cloud

Task3Download Now

Task 3.1 : configure Clientless SSL VPN between ASA2_V and Client_PC2

Task 3.2 : configure Site-To-Site certificate Based VPN between R15 R16 and R17

Your configuration should meet the following requirements:
The VPN session should secure traffic between 192.168.15.0/24 and 192.168.16.0/24 networks.
Configure trustpoint by the name of ccier15 on R15 as follows:
Common Name as r15
Organization as cisco.com
Certificate should include R15 loopback0 interface.
Enroll using loopback0 as the source interface
Enroll with CA running at R17 using its loopback0 interface.
RSA key pair should be ccier15

Configure trustpoint by the name of ccier16 on R16 as follows:
Common name as r16
Organization as cisco.com
Certificate should include R16 loopback0 interface
Enroll using loopback0 as the source interface
Enroll with CA running at R17 using its loopback0 interface.
RSA key pair should be ccier16

Note:
Any information not provided for this task can be assumed by the candidate.
Points : 3

Solution
===================================================================
Tips:
1. Configure NTP (Task 5.3) first
2. Check the BGP routes
===================================================================
R15:
router bgp 6
  network 10.100.9.0 mask 255.255.255.0
  network 20.1.6.0 mask 255.255.255.0
  network 150.1.7.0 mask 255.255.255.0
  network 172.16.100.15 mask 255.255.255.255
  network 192.168.15.0
  neighbor 20.1.6.18 remote-as 678

R16:
router bgp 7
  network 20.1.7.0 mask 255.255.255.0
  network 172.16.100.16 mask 255.255.255.255
  network 192.168.16.0
  neighbor 20.1.7.18 remote-as 678

R17:
router bgp 8
  network 20.1.8.0 mask 255.255.255.0
  network 172.16.100.17 mask 255.255.255.255
  neighbor 20.1.8.18 remote-as 678
===================================================================
R17 CA Server preconfigured
===================================================================
crypto key generate rsa label ccier17 modulus 1024 ----> Maybe it is preconfigured, need to verify as below .

ip http server
  crypto pki server ccier17 (ccieca)
  database level complete
  issuer-name CN=r17 O=cisco.com
  grant auto
  shutdown
no shutdown
Password: cisco123 ---shutdown→no shutdown ---verify server enable
Re-enter password: cisco123
===================================================================
Verify
===================================================================

===================================================================
R15 enroll certificate
===================================================================
ip domain-name cisco.com
ip name-server 150.1.7.200

crypto key generate rsa label ccier15 modulus 1024
crypto pki trustpoint ccier15
enrollment url http://172.16.100.17:80
ip-address loopback 0
subject-name CN=r15 O=cisco.com
revocation-check crl
source interface Loopback0
rsakeypair ccier15
----------------------------------------------------------------------------------------------------------------------
R15(config)#crypto pki authenticate ccier15
Certificate has the following attributes:
    Fingerprint MD5: 3F132300 572BF9B9 214C1804 2CA56145
  Fingerprint SHA1: 7BD034F8 A8AEE5A6 83E867CB 3F028BAF 3C98AD44
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.

R15(config)#crypto pki enroll ccier15
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
  password to the CA Administrator in order to revoke your certificate.
  For security reasons your password will not be saved in the configuration.
  Please make a note of it.
Password: enter (Null)
Re-enter password: enter (Null)
% The subject name in the certificate will include: cn=r15 o=cisco.com
% The subject name in the certificate will include: R15
% Include the router serial number in the subject name? [yes/no]: no
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The 'show crypto pki certificate verbose ccier15' command will show the fingerprint.
Apr 24 04:24:04.932: CRYPTO_PKI: Certificate Request Fingerprint MD5: F7303D59 EA755119 3CCA65E6 191E7E23
Apr 24 04:24:04.932: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 39860FEC F1AE881C 704752CB 4C4D8CEE 3C36C109
Apr 24 04:24:19.288: %PKI-6-CERTRET: Certificate received from Certificate Authority
R15(config)#
===================================================================
Verify
===================================================================

===================================================================
R16 enroll certificate
===================================================================
ip domain-name cisco.com
ip name-server 150.1.7.200
crypto key generate rsa label ccier16 modulus 1024
crypto pki trustpoint ccier16
  enrollment url http://172.16.100.17:80
  ip-address loopback 0
  subject-name CN=r16 O=cisco.com
source interface Loopback0
revocation-check crl
  rsakeypair ccier16

R16(config)#crypto pki authenticate ccier16
Certificate has the following attributes:
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
R16(config)#crypto pki enroll ccier16
===================================================================
Verify
===================================================================

*****************************************************************************************************
Tips: There could be PKI error, then delete trustpoint and reconfigure
*****************************************************************************************************
R15(config)#no crypto pki trustpoint ccier15/ccier16
yes
R15#crypto key zeroized rsa
yes


===================================================================
R15
===================================================================
crypto isakmp policy 10
exit
crypto ipsec transform-set TS esp-aes esp-sha-hmac
mode tunnel
exit

ip access-list extended VPN
permit ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255
exit

crypto map VPN 10 ipsec-isakmp
set peer 20.1.7.16
set transform-set TS
match address VPN
reverse-route static
exit

interface GigabitEthernet3
crypto map VPN
===================================================================
R16
===================================================================
crypto isakmp policy 10
exit
crypto ipsec transform-set TS esp-aes esp-sha-hmac
mode tunnel
exit

ip access-list extended VPN
permit ip 192.168.16.0 0.0.0.255 192.168.15.0 0.0.0.255
exit

crypto map VPN 10 ipsec-isakmp
set peer 20.1.6.15
match address VPN
set transform-set TS
reverse-route static
exit

interface GigabitEthernet2
crypto map VPN
===================================================================
Verify
===================================================================
R16:






R15:






Task 3.3 : configure VRF-Aware GETVPN betwwen R3 R4 and R5

Task 3.4 : configure FLEXVPN between R9 R10 and R11

Task 3.5 : configure SXP between SW2_P and ASA3

Task 4Download Now

Task 4.1 : configure anyconnect IKEv2 between ASA1_V and client_pc1

Task 4.2 : configure SW2_P Gig1/0/9 To Authentication Dot1x Session From dot1x_pc

Your configuration should meet the following requirements:

Dot1x session should DHCP IP address from the SW2_P local pool in VLAN8.
ISE should authentication Dot1x user ccie password should be set Ccie123 user ccie should be part of ISE internal database.
ISE should authorize session based on the NAS IP address.
On Successful authorization ISE should assign the session VLAN8 SGT of PC2 and push DACL to permit IP traffic from any source to any destination.
From dot1x_pc you should be able to only browser server4 to verify the implementation.

Notes:
The verification of this task depends on the successful implementation of Task 1.3 and Task 3.5.
Make sure your implementation of AAA should not impact SW2_P console access.
Dot1x session should be in established state when you have ended your lab.
Any information not provided to implementation this task can be assumed by the candidate .
Points : 3

Solution
=============================================================
SW2:
interface gigabitEthernet 1/0/9
shutdown
exit
interface gigabitEthernet 1/0/7
shutdown
*******************************************************************************************
Tips: If ISE GUI account is expired, refer to guidelines and reset password
*******************************************************************************************

ise/admin# application reset-passwd ise admin
Enter new password: Akhshao2/Akhsha02 ===copy password from guideline.
Enter new password: Akhshao2/Akhsha02

ISE:










AAA client:

Task 4.3 : configure R1 For The SSH Authentication

Task 4.4 : configure SW2_P Gig1/0/9 To authentication And Authorize PC mab_pc And IP Phone

Task 5Download Now

Task 5.1 : configure syslog On R1 and R17

Your configuration should meet the following requirements:

R1 should send information level messages to syslog server setup at the candidate PC.
Messages seen from R1 on the syslog server are marked with R1 hostname

R17 should send debug level messages to syslog server setup at candidate PC.
Messages seen from on R17 on the syslog server are marked with string CA

Notes:
Candidate PC is preconfigured with kiwi syslog server for this task.
Points : 2
Solution
===================================================================
R1
===================================================================
logging on
logging origin-id hostname
logging host 150.1.7.201
logging trap informational
============================================================
R17
===========================================================
logging on
logging trap debugging
logging origin-id string CA
logging host 150.1.7.201
===================================================================
Verify
===================================================================


R1:

R17:

Task 5.2 : configure secure wireless deployment between WLC ISE SW2_P AP And wireless_client

Task 5.3 : configure NTP Between R1 R2 R15 R16 and R17


1、incident 1Download Now

Failover has issue between ASA1 and ASA2. Resolve the issue and verify failover state.
preconfig
ASA1
①ASA1(config)# more system:running-config | include failover
no failover
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover key cisco
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
ASA1(config)#

ASA2
①ASA1(config)# more system:running-config | include failover
no failover
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover key ccie
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
ASA1(config)#

=====================================================================
Solution
=====================================================================
ASA2
① ASA1(config)#failover key cisco
ASA1(config)#

ASA1
①ASA1(config)#failover
ASA2
①ASA1(config)#failover
verify
①ASA1(config)show failover state

②ASA1(config)#write memory

2、incident 2Download Now

User is unable to establish VPN session from the “Anyconnect PC” to the remote gateway “ASA1”. Resolve the issue and verify the VPN connectivity.
Notes:
1)Anyconnect session credentials: Username ccie Password ccie
2)Provision your fix so that VPN session should have on idle-timeout of two days VPN session should be in establish state when you have enable the Troubleshooting.
3)This incident has no dependency and could be verified for the resolution without fixing any other incidents.

3、incident 3Download Now

Issue has been reported that “ASA1” is not peering with “R1” therefore unable to learn EIGRP routes
Notes:
1)Your fix for the incident should not disable EIGRP peer authentication.
2)This incident has no dependency and could be verified for the resolution without fixing any other incidents.

========================================
Preconfig check the interface number , based on topology on real Lab !!! The interface number changes frequently in different attempts.
========================================
R1 EIGRP
①R1#show running-config | section router eigrp
router eigrp 12
  network 10.1.11.0 0.0.0.255
  network 10.1.12.0 0.0.0.255
  network 10.1.111.0 0.0.0.255
  network 172.16.100.0 0.0.0.255
R1#
②R1#show running-config interface gigabitEthernet 2
Building configuration...
Current configuration : 169 bytes
!
interface GigabitEthernet2
  ip address 10.1.11.11 255.255.255.0
  ip authentication mode eigrp 12 md5
  ip authentication key-chain eigrp 12 ccie
  negotiation auto
end
R1#
③R1#show running-config | section key chain
key chain ccie
  key 1
    key-string cisco
R1#
ASA1 EIGRP
①ASA1(config)# show running-config router eigrp
router eigrp 12
  network 10.1.1.0 255.255.255.0
  network 10.1.11.0 255.255.255.0
ASA1(config)#
②ASA1(config)# more system:running-config | begin interface GigabitEthernet0/1
interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 10.1.11.1 255.255.255.0 standby 10.1.11.2
  authentication key eigrp 12 ccie key-id 1 ###ASA1 key is ccie while R1 is cisco , correct ASA1 or R1 key ,our solution chooses to correct ASA1###
!

======================================
solution
======================================

ASA1(config)# interface gigabitEthernet 0/1
ASA1(config-if)# authentication mode eigrp 12 md5
ASA1(config-if)# authentication key eigrp 12 cisco key-id 1

======================================
verify
======================================

ASA1# clear eigrp neighbors
ASA1#
②ASA1# show eigrp neighbors
EIGRP-IPv4 Neighbors for AS(12)
H  Address    Interface  Hold Uptime  SRTT  RTO  Q  Seq
        (sec)    (ms)    Cnt Num
0  10.1.11.11    inside  12 00:00:04 10  200  0  16
ASA1#

③ASA1(config)#write memory

7、incident 7Download Now

It has been reported that user “cisco” using Dot1x failed to connect to the network from “dot1x_pc”. Fix the issues so that user cisco is able to connect to the network. Make sure after the connection is established you can browser to server2 and ping server1 from dot1x_pc.

Notes:
1)“Server1” and “Server2” credentials: Username cisco Password cisco
2)This issue has dependency on the other incidents that must be resolved in order to verify.

Total points:4


==================================================
preconfig
==================================================
①ISE
Authentication Policy

②MAB Authorization Conditions

③802.1X Authorization Conditions

4.802.1X Authorization Policy

5.802.1X Downloadable ACLs

6.802.1X Authorization Profiles

7.802.1x username cisco

8.802.1x user group “guest”

FMC

8、Incident 8Download Now

Issue has been reported that “R2” is unable to synchronization with the NTP server

===============================================================================
Preconfig
tips:
  the ntp key is cisco
===============================================================================
1.R1
(一)R1#show running-config | section ntp
ntp authentication-key 12 md5 060506324F41 7
ntp authenticate
ntp trusted-key 12
ntp source GigabitEthernet1
ntp master 1
R1#
(二)R1#show ntp status
Clock is synchronized, stratum 1, reference is .LOCL.
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
ntp uptime is 9932600 (1/100 of seconds), resolution is 4000
reference time is DF48911A.5A1CAD00 (01:21:46.352 ccie Sun Sep 16 2018)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 2.37 msec, peer dispersion is 1.20 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 16, last update was 14 sec ago.
R1#

2.R3
(一)R3#show running-config | section ntp
ntp authentication-key 12 md5 1511021F0725 7
ntp authenticate
ntp trusted-key 12
ntp server 171.1.7.21 key 12
R3#
(二)R3#show ntp status      ###R3 preconfig is syncheronized , just check###
Clock is synchronized, stratum 2, reference is 171.1.7.21
nominal freq is 250.0000 Hz, actual freq is 249.9997 Hz, precision is 2**10
ntp uptime is 9937300 (1/100 of seconds), resolution is 4016
reference time is DF488B48.23D70AA0 (00:56:56.140 ccie Sun Sep 16 2018)
clock offset is -4.5000 msec, root delay is 5.00 msec
root dispersion is 32.08 msec, peer dispersion is 2.06 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000001124 s/s
system poll interval is 1024, last update was 1551 sec ago.
R3#
3.R2
(一)R2#show running-config | section ntp
ntp authentication-key 12 md5 070C285F4D06 7
ntp authenticate
ntp trusted-key 12
ntp trusted-key 102
R2#
(二)R2#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
ntp uptime is 9949100 (1/100 of seconds), resolution is 4000
reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 1492.37 msec, peer dispersion is 0.00 msec
loopfilter state is 'NSET' (Never set), drift is 0.000000000 s/s
system poll interval is 64, never updated.
R2#
===============================================================================
solution
===============================================================================
1.testing the network connectivity
R2(config)#do ping 171.1.7.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 171.1.7.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/11 ms
R2(config)#
2.correct ntp
R2(config)#no ntp trusted-key 102
R2(config)#ntp server 171.1.7.21 key 12
R2(config)#end
R2#write memory

CCIE SEC v5.0 LAB Examination Content

SPOTO offers 75 days service time for our CCIE Security LAB candidates. Generally, you can complete all CCIE Security Lab training within 71 days if you practice lab materials 4 hours per day. SPOTO Tutors and services will assist you along the whole preparation. Every module we do provide workbooks, solutions, and videos tutorial. You can watch videos first, and practice with materials access to our rack.
Phase 1: Tutors advice to spend 31 days on practicing Configuration module(CFG1)and 7 days on reviewing;
Phase 2: 2 Days to practice Diagnostic Module: DIAG 1、DIAG 2、DIAG2+、DIAG2++、DIAG2+++;
Phase 3: 19 Days to practice all incidents of TS, including TS1, TS2, TS3, TS3+, TS3++. You can access to all TS materials after completing CFG module. Study materials will cover video tutorials, workbooks and solutions;
Phase 4: 19 Days to Review all modules, including CFG, TS and DIAG;

How soon can I receive the learning materials?
The followings will be sent to your email no later than 8 hours after verification of your payment.
- Software and setup instructions
- CCIE Security Lab Exam v5.0 Learning Materials, including Workbook, Solutions, and Instruction Video
- CCIE Security Lab Exam v5.0 Study Plan.
How many remote rack hours are included?
You can access to Security rack up to 8 hours per day within your service period.

CCIE Lab Pass Results

1635

Customers passed CCIE Lab exam

96.8%

First-attempt pass rate

100%

SPOTO Lab materials Cover real exam

Product Reviews * The most recent comment are at the top

Tamara 2019-09-18

U can use this CCIE Security Lab dump to clear the exam and u can also achieve good marks by using this dump.So read this dump seriously and score the marks.I am also going to give exam on coming Monday

Melody 2019-09-17

This CCIE Security LAB dump is valid. Very useful. cleared with 90% marks And thanks to all the guys who put efforts into it.

Jessie 2019-09-16

All Cisco CCIE Security LAB questions I had on exam were in this dump. I just passed my exam. Full scored. Thanks very much for your help.

Hellen 2019-09-15

The CCIE Security LAB dump is more than enough. There are also the same new questions in the exam but I cannot remember. Sorry...

Christina 2019-09-14

I passed the CCIE Security LAB exam with high score without doubt.Thanks for this valid dump.

Ruth 2019-09-06

Passed today, the dump is so valid! Thanks!

Estelle 2019-09-03

Dumps are valid. I passed my exam this morning. Few questions are different with the Qs from the dump but never mind. I passed. Thank you. Good luck to you all.

Jessica 2019-08-30

This dump is enough to pass exam.There are many new questions and some modified questions.Good luck to you all.

Enid 2019-08-23

Not take the exam yet. But i feel more and more confident with my exam by using this dump. Now I am writing my exam on coming Saturday. I believe I will pass.

Alice 2019-08-21

this dump is really good and useful, i have passed the exam successfully. i will share with my friend