CCNP Security (350-701 SCOR) V1.1 Practice Exam
CCNP Security (350-701 SCOR) V1.1 Practice Exam
About CCNP Security (350-701 SCOR) V1.1 Exam
The CCNP Security (350-701 SCOR) V1.1 Practice Exam has been developed to assess a candidate's skills and knowledge to implement and operate core security technologies like network security, cloud security, content security, endpoint protection and detection, secure network access, visibility, and enforcements. The candidates must gain experience on deploying Cisco Firepower® Next-Generation Firewall and Cisco Adaptive Security Appliance (ASA) Firewall. Also they must be able to configure access control policies, mail policies, and 802.1X Authentication.
Knowledge required for the exam
The CCNP Security (350-701 SCOR) V1.1 exam focus on developing the skills and technologies required to implement core Cisco security solutions for providing advanced threat protection against cybersecurity attacks. Candidates will focus their learning on areas including -
- Security for networks
- cloud and content
- Endpoint protection
- Secure network access
- Visibility, and enforcements.
- Ethernet and TCP/IP networking
- the Windows operating system
- Cisco IOS networking and concepts
- Familiarity with basics of networking security concepts
Who should take the exam?
- Cisco integrators and partners
- Consulting systems engineer
- Network administrator
- Network designer
- Network engineer
- Network manager
- Security engineer
- Systems engineer
- Technical solutions architect
Course Structure
The CCNP Security (350-701 SCOR) V1.1 exam covers the following topics -
Domain 1 - Understanding Security Concepts (25%)
1.1 Describe common threats against on-premises, hybrid, and cloud environments
- Learn about On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-themiddle attacks, SQL injection, cross-site scripting, malware
- Learn about Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
1.2 Describe to compare common security vulnerabilities
- Learn about Software bugs
- Learn about Weak and/or hardcoded passwords
- Learn about OWASP top ten
- Learn about Missing encryption ciphers
- Learn about Buffer overflow
- Learn about Path traversal
- Learn about Cross-site scripting/forgery
1.3 Describe functions of the cryptography components such as hashing, encryption, PKI,
- Learn about SSL
- Learn about IPsec
- Learn about NAT-T IPv4 for IPsec
- Learn about preshared key, and certificate-based authorization
1.4 Describe to compare site-to-site and remote access VPN deployment types and components
- Learn about virtual tunnel interfaces
- Learn about standards-based IPsec
- Learn about DMVPN
- Learn about FlexVPN
- Learn about Cisco Secure Client including high availability considerations
1.5 Explain security intelligence authoring, sharing, and consumption
1.6 Explain the various controls used to protect against phishing and social engineering attacks
1.7 Describe North Bound and South Bound APIs in the SDN architecture
1.8 Describe Cisco DNA Center APIs for network provisioning, optimization, monitoring, and troubleshooting
1.9 Describe to interpret basic Python scripts used to call Cisco Security appliances APIs
Domain 2 - Understanding Network Security (20%)
2.1 Explain to compare network security solutions that provide intrusion prevention and firewall capabilities
2.2 Explain deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
2.3 Explain the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
2.4 Explain to configure and verify network infrastructure security methods
- Learn about Layer 2 methods like network segmentation using VLANs
- Learn about Layer 2 and port security
- Learn about DHCP snooping
- Learn about Dynamic ARP inspection
- Learn about Storm control
- Learn about PVLANs to segregate network traffic; and defenses against MAC, ARP
- Learn about VLAN hopping
- Learn about STP, and DHCP rogue attacks
- Learn about Device hardening of network infrastructure security devices (including control plane, data plane, and management plane)
2.5 Describe the process of Implementing segmentation, access control policies, AVC, URL filtering, malware protection, and intrusion policies
2.6 Describe the process of Implementing management options for network security solutions
- Learn about single vs. multidevice manager
- Learn about in-band vs. out-of-band
- Learn about cloud vs. on-premises
2.7 Describe configuring AAA for device and network access including TACACS+ and RADIUS
2.8 Describe configuring secure network management of perimeter security and infrastructure devices
- SNMPv3, NetConf
- RestConf, APIs
- secure syslog
- NTP with authentication
2.9 Configure and verify site-to-site and remote access VPN
- Site-to-site VPN using Cisco routers and IOS
- Remote access VPN using Cisco AnyConnect Secure Mobility client
- Debug commands to view IPsec tunnel establishment and troubleshooting
Domain 3 - Securing the Cloud (15%)
3.1 Describe to Identify security solutions for cloud environments
- Learn about Public, private, hybrid, and community clouds
- Learn about Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
3.2 Explain Compare security responsibility for the different cloud service models
- Learn about Patch management in the cloud
- Learn about security assessment in the cloud
3.3 Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and secure software development)
3.4 Describe to implement application and data security in cloud environments
3.5 Describe to identify security capabilities, deployment models, and policy management to secure the cloud
3.6 Describe configuring cloud logging and monitoring methodologies
3.7 Explain application and workload security concepts
Domain 4 - UnderstandingContent Security (15%)
- Learn about implementing traffic redirection and capture methods for web proxy
- Learn about web proxy identity and authentication including transparent user identification
- Learn about comparing the components, capabilities, and benefits of on-premises hybrid, and cloudbased email and web solutions
- Learn about configuring and verifying web and email security deployment methods to protect onpremises, hybrid, and remote users
- Learn about configuring and verifying email security features such as SPAM filtering, antimalware filtering, DLP, blocklisting, and email encryption
- Learn about configuring and verifying Cisco Umbrella Secure Internet Gateway and web security features such as blocklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
- Learn about configuring and verifying the components, capabilities, and benefits of Cisco Umbrella
- Learn about configuring and verifying web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)
Domain 5 - Understanding Endpoint Protection and Detection (10%)
5.1 Learn about comparing Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
5.2 Learn about configuring endpoint antimalware protection using Cisco Secure Endpoint
5.3 Learn about configuring and verifying outbreak control and quarantines to limit infection
5.4 Learn about justifications for endpoint-based security
5.5 Learn about the value of endpoint device management and asset inventory systems such as MDM
5.6 Learn about the uses and importance of a multifactor authentication (MFA) strategy
5.7 Learn about endpoint posture assessment solutions to ensure endpoint security
5.8 Learn about the importance of an endpoint patching strategy
Domain 6 - Understanding Secure Network Access, Visibility, and Enforcement (15%)
6.1 Learn about identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
6.2 Learn about configuring and verifying network access control mechanisms such as 802.1X, MAB, WebAuth
6.3 Learn about network access with CoA
6.4 Learn about the benefits of device compliance and application control
6.5 Learn about exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
6.6 Learn about the benefits of network telemetry
- Describe the components, capabilities, and benefits of these security products and solutions
- Cisco Secure Network Analytics
- Cisco Secure Cloud Analytics
- Cisco pxGrid
- Cisco Umbrella Investigate
- Cisco Cognitive Intelligence
- Cisco Encrypted Traffic Analytics
- Cisco Secure Client Network Visibility Module (NVM)
What do we offer?
- Full-Length Mock Test with unique questions in each test set
- Practice objective questions with section-wise scores
- An in-depth and exhaustive explanation for every question
- Reliable exam reports evaluating strengths and weaknesses
- Latest Questions with an updated version
- Tips & Tricks to crack the test
- Unlimited access
What are our Practice Exams?
- Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.
- Practice exam questions have been created on the basis of content outlined in the official documentation.
- Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
- Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
- You can also create your own practice exam based on your choice and preference
100% Assured Test Pass Guarantee
We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee!
If you are not able to clear the exam, you can ask for a 100% refund.