As a CCIE instructor, this type of question is one that I see (in IEOC) or hear (in class) often. To help directly address this question, I have maintained a document I call the Expanded Blueprint for many years now. I was quite flattered to see the CCIE team at Cisco publish their own version and name it the Expansion Blueprint. :-)
I made sure to correlate their’s against my own and ensure that I did not miss anything. In fact, what I learned quickly was the fact that they had some very glaring omissions of topic areas that were on the original Lab Blueprint. I would hope they have since corrected that.
But what I want to discuss in this blog post is the fact that regardless of which blueprint document you are relying upon in your studies, Cisco does make it very clear that it is their Certification-given right to test anything they deem appropriate from the 12.4T IOS code (in the case of the routers in the exam). Hmmmm, wait a minute! So they can test anything that the routers or switches can do!?!?!? This will certainly go a long way in dashing the hopes of many feint of heart candidates.
Before you get excessively upset about this fact, just be sure to use some common sense. My Expanded Blueprint is certainly going to cover the overwhelming majority of exam topics. Moreover, I will go so far as to say, since you do not require to pass this exam (either section) with a perfect score, knowledge of the Expanded Blueprint topics is indeed enough to pass. Whew!
I believe that one of the reasons Cisco likes to make this disclaimer (they can test anything), is the fact that they often like to challenge students on new features of protocols or services. This is one of the reasons that I like students to incorporate the New Features section of the DOC-CD in their studies. For more information on using the DOC-CD, you might want to check out my free vSeminar on the topic.
Another perfectly valid reason for Cisco making this statement is the case where a proctor wants to compose a juicy new task and they simply do not want to have to worry about whether or not it is on the blueprint, their expansion version or otherwise. They believe, correctly, that if the feature is contained within the context sensitive help, and/or the documentation, then it is certainly reasonable that a CCIE-level candidate should be able to achieve the points. Buy again, note we are talking about minor router and switch capabilities here and not a dramatically vast topic area.
I would recommend the use of common sense when contemplating your scope of studies. Sure the official, original, condensed Cisco Lab Blueprint might say “Other Security Features”, but do you really think they are going to test R&S candidates on the GET VPN? No. This is the fun that CCIE Security candidates get to enjoy.
If you ever have questions regarding study scope, be sure to hit our forums, but I am thinking you can answer many of those questions for yourself now as well.
By the way, I would recommend you be very careful about listening to what just anyone has to say on subjects like this. For various reasons, candidates, CCIEs, and even some non-INE instructors I have come across, love to instill fear and doubt in others regarding the CCIE and its pursuit.