Back to RCSA

RCSA Certification Blueprint

Large-format A0 poster · prints edge-to-edge at 841 × 1189 mm

RKR NETWORKSAI-Readiness Academy
Security · AssociateCertification Blueprint · A0
RCSA

RKR Certified Security Associate

Lab-first perimeter, crypto, VPN and identity engineering aligned to Juniper JNCIA-SEC and Cisco CCNA Security foundations

12 weeks
Duration
10 hrs/week
Effort
7 modules
Curriculum
18 graded labs
Hands-on
Comparable in rigor toJuniper JNCIA-SECCisco CCNAVendor-neutral associate security baseline

The blueprint

RCSA builds a job-ready network security operator who can stand up and defend an enterprise edge end-to-end: model the threat landscape, run a working PKI, enforce zone-based stateful and next-generation firewall policy on Juniper SRX and Cisco ASA/Firepower, terminate IPsec and SSL VPNs, gate the LAN with 802.1X/RADIUS, and operate the whole estate through syslog/SIEM and flow telemetry. Every competency is proven on live RKR range hardware and digital-twin topologies, not slideware.

Skill domains

5 assessed domains
01

Threat Landscape & Cryptographic Foundations

  • Cyber Kill Chain and MITRE ATT&CK mapping of real captures
  • CIA/AAA, defense-in-depth and trust/untrust/DMZ zoning
  • L2/L3 attacks: ARP spoof, MAC flood, VLAN hop, DHCP starvation
  • Symmetric/asymmetric crypto, two-tier X.509 PKI, TLS 1.3 + PFS
02

Stateful & Next-Generation Firewalls

  • SRX security zones, screens, policies, address/application objects
  • Cisco ASA interfaces, security-levels and zone-based policy
  • Source/destination/static NAT and session-table verification
  • AppSecure/App-ID, IPS/IDS, URL filtering, SSL forward-proxy decryption
03

VPN & Secure Connectivity

  • IKEv2 route-based site-to-site IPsec on SRX (st0)
  • ASA policy-based crypto-map tunnels and interesting-traffic matching
  • Remote-access SSL VPN with split tunneling and certificate auth
  • Phase-1/Phase-2 negotiation troubleshooting via IKE debug
04

Identity, AAA & Access Control

  • 802.1X supplicant/authenticator/auth-server with dynamic VLAN
  • RADIUS vs TACACS+ and device-administration AAA
  • EAP-TLS with client certificates and MAB fallback
  • Change-of-Authorization and posture-based access
05

Security Operations & Compliance

  • Centralized syslog/SIEM correlation of firewall and device logs
  • NetFlow/J-Flow/IPFIX anomaly detection
  • NIST incident-response lifecycle on a simulated breach
  • Device-hardening baselines and India DPDP Act 2023 breach obligations

Signature labs

Rack time, not watch time

Kill-chain reconstruction from a captured intrusion mapped to MITRE ATT&CK

Two-tier PKI: issue, validate via OCSP/CRL, and revoke an X.509 certificate

SRX zone policy + NAT and screen-based DoS mitigation, cross-checked on Cisco ASA

IKEv2 route-based SRX-to-SRX site-to-site VPN plus remote-access SSL VPN

802.1X + FreeRADIUS with dynamic VLAN assignment and EAP-TLS/MAB fallback

Firepower IPS with Security Intelligence and SSL forward-proxy decryption

Syslog/SIEM pipeline with correlation searches and J-Flow anomaly detection

How you are examined

RKR RCSA is assessed in two blocks. Block A is a 90-minute remotely-proctored theory exam: 65 multiple-choice, multiple-select and drag-map items on threat modeling, crypto/PKI, firewall/NAT logic, IPsec/SSL VPN, AAA/802.1X and security operations (pass mark 70%). Block B is a 4-hour graded practical lab exam on the live RKR range: candidates zone and NAT an SRX and an ASA to a supplied policy matrix, mitigate a scripted L2/flood attack, bring up one IPsec site-to-site and one remote-access SSL VPN, enable 802.1X dynamic VLAN against RADIUS, and pipe logs to the SIEM — each task auto-scored against reachability, session-table, SA and authentication verifiers (pass mark 75%, both blocks required).

Career ladder

  1. Entry
    SOC Analyst L1 / Security Operations TraineeRs 4-8 LPA
  2. Foundation
    Firewall Administrator (SRX / ASA / Firepower)Rs 8-13 LPA
  3. Growth
    Network Security Engineer (Perimeter / VPN / NAC)Rs 12-16 LPA

Rs 4-16 LPA

Don't watch security — build the edge, break it, and defend it on real SRX, ASA and Firepower.

RKR NETWORKSNetworks First, Networks LastRCSA · Security stream · Associate tier · training.rkr-networks.com

Tip: in the print dialog choose “Save as PDF”, set paper size to A0 and margins to none for a full-bleed poster.