CCNP Security – Core: SCOR 350-701

• Explain common threats against on-premises, hybrid, and cloud environments

o On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-themiddle attacks, SQL injection, cross-site scripting, malware

o Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials

• Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, OWASP top ten, missing encryption ciphers, buffer overflow, path traversal, cross-site scripting/forgery
• Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, preshared key, and certificate-based authorization
• Compare site-to-site and remote access VPN deployment types and components such as virtual tunnel interfaces, standards-based IPsec, DMVPN, FlexVPN, and Cisco Secure Client including high availability considerations
• Describe security intelligence authoring, sharing, and consumption
• Describe the controls used to protect against phishing and social engineering attacks
• Explain North Bound and South Bound APIs in the SDN architecture
• Explain Cisco DNA Center APIs for network provisioning, optimization, monitoring, and troubleshooting
• Interpret basic Python scripts used to call Cisco Security appliances APIs

• Compare network security solutions that provide intrusion prevention and firewall capabilities
• Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
• Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
• Configure and verify network infrastructure security methods

o Layer 2 methods (network segmentation using VLANs; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks)

o Device hardening of network infrastructure security devices (control plane, data plane, and management plane)

• Implement segmentation, access control policies, AVC, URL filtering, malware protection, and intrusion policies
• Implement management options for network security solutions (single vs. multidevice manager, in-band vs. out-of-band, cloud vs. on-premises)
• Configure AAA for device and network access such as TACACS+ and RADIUS
• Configure secure network management of perimeter security and infrastructure devices such as SNMPv3, NetConf, RestConf, APIs, secure syslog, and NTP with authentication
• Configure and verify site-to-site and remote access VPN

o Site-to-site VPN using Cisco routers and IOS

o Remote access VPN using Cisco AnyConnect Secure Mobility client

o Debug commands to view IPsec tunnel establishment and troubleshooting

• Identify security solutions for cloud environments

o Public, private, hybrid, and community clouds

o Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)

• Compare security responsibility for the different cloud service models

o Patch management in the cloud

o Security assessment in the cloud

• Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and secure software development)
• Implement application and data security in cloud environments
• Identify security capabilities, deployment models, and policy management to secure the cloud
• Configure cloud logging and monitoring methodologies
• Describe application and workload security concepts

• Implement traffic redirection and capture methods for web proxy
• Describe web proxy identity and authentication including transparent user identification
• Compare the components, capabilities, and benefits of on-premises, hybrid, and cloudbased email and web solutions (Cisco Secure Email Gateway, Cisco Secure Email Cloud Gateway, and Cisco Secure Web Appliance)
• Configure and verify web and email security deployment methods to protect onpremises, hybrid, and remote users
• Configure and verify email security features such as SPAM filtering, antimalware filtering, DLP, blocklisting, and email encryption
• Configure and verify Cisco Umbrella Secure Internet Gateway and web security features such as blocklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
• Describe the components, capabilities, and benefits of Cisco Umbrella
• Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)

• Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
• Configure endpoint antimalware protection using Cisco Secure Endpoint
• Configure and verify outbreak control and quarantines to limit infection
• Describe justifications for endpoint-based security
• Describe the value of endpoint device management and asset inventory systems such as MDM
• Describe the uses and importance of a multifactor authentication (MFA) strategy
• Describe endpoint posture assessment solutions to ensure endpoint security
• Explain the importance of an endpoint patching strategy

• Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
• Configure and verify network access control mechanisms such as 802.1X, MAB, WebAuth
• Describe network access with CoA
• Describe the benefits of device compliance and application control
• Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
• Describe the benefits of network telemetry
• Describe the components, capabilities, and benefits of these security products and solutions

o Cisco Secure Network Analytics

o Cisco Secure Cloud Analytics

o Cisco pxGrid

o Cisco Umbrella Investigate

o Cisco Cognitive Intelligence

o Cisco Encrypted Traffic Analytics

o Cisco Secure Client Network Visibility Module (NVM)