CCIE Security (350-701 SCOR)

  1. Home
  2. CCIE Security (350-701 SCOR)
CCIE Security (350-701 SCOR) study guide

The CCIE Security (350-701 SCOR) examination conducted by Cisco is designed to check a candidate’s ability to implement and operating core security technologies including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility, and enforcement. After this examination, you will learn security for networks, cloud and content, endpoint protection, secure network access, visibility, and enforcement. 

Target Audience

This exam will bring the best out those professionals, who are working in/as:

  • Security engineer
  • Network engineer, designer, and administrator
  • Systems engineer
  • Consulting systems engineer
  • Technical solutions architect
  • Network manager
  • Cisco integrators and partners

Exam Prerequisites

For this exam you must have the knowledge and skills:

  • Familiarity with Ethernet and TCP/IP networking
  • Working knowledge of the Windows operating system
  • Working knowledge of Cisco IOS networking and concepts
  • Familiarity with the basics of networking security concepts

Exam Details

For the CCIE Security (350-701 SCOR) you are given 120 minutes. The exam can contain various questions types that can be Multiple-Choice Single Answer, Multiple-Choice Multiple Answer & Drag and Drop Fill-in-the-Blank & Testlet. However, for passing scores, Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice. The cost of the exam is $400 USD and the exam is valid for three years. Also, you can give this examination in English and Japanese.

CCIE Security (350-701 SCOR exam details

Exam Registration

For registering you are required to follow the steps below:

  • Create an account on Pearson VUE. If you already have an account on Pearson VUE, then login to the account.
  • Select Proctored Exams and enter the exam number, 350-701 SCOR.
  • Follow the prompts to register and make the payment.
For more information, click on CCIE Security (350-701 SCOR) FAQ
CCIE Security (350-701 SCOR faq

Course Outline

Security Concepts: 25%

  •  Explain common threats against on-premises and cloud environments (Cisco Documentation:  Threat Prevention)
    • On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, cross-site scripting, malware
    • Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
  • Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
  • Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization (Cisco Reference:  Cryptography Basic Components)
  • Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
  • Describe security intelligence authoring, sharing, and consumption (Cisco Reference:  Configure and Troubleshoot Cisco Threat Intelligence Director)
  • Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
  • Describe North Bound and South Bound APIs in the SDN architecture (Cisco Documentation: Northbound API Overview)
  • Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
  • Interpret basic Python scripts used to call Cisco Security appliances APIs

Network Security: 20%

  • Compare network security solutions that provide intrusion prevention and firewall capabilities
  • Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
  • Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records (Cisco Documentation: Introduction to Cisco IOS NetFlow – A Technical Overview)
  • Configure and verify network infrastructure security methods (router, switch, wireless) (Cisco Documentation: Secure Network Infrastructure)
  • Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
    • Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)
  • Implement segmentation, access control policies, AVC, URL filtering, and malware protection
  • Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multi-device manager, in-band vs. out-of-band, CDP, DNS, SCP, SFTP, and DHCP security and risks)
  • Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL) (Cisco Documentation: Authentication, Authorization, and Accounting Configuration Guide)
  • Validate secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
  • Configure and verify site-to-site VPN and remote access VPN (Cisco Documentation: Site-to-Site and Extranet VPN Business Scenarios)
    • Site-to-site VPN utilizing Cisco routers and IOS
    • Remote access VPN using Cisco AnyConnect Secure Mobility client
    • Debug commands to view IPsec tunnel establishment and troubleshooting

Securing the Cloud: 15%

  • Identify security solutions for cloud environments (Cisco Documentation: Cisco Cloud Security Solutions)
    • Public, private, hybrid, and community clouds
  • Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)3.2 Compare the customer vs. provider security responsibility for the different cloud service models (Cisco Documentation: Cloud Services Development)
    • Patch management in the cloud
    • Security assessment in the cloud
    • Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB3.3 Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security3.4 Implement application and data security in cloud environments3.5 Identify security capabilities, deployment models, and policy management to secure the cloud3.6 Configure cloud logging and monitoring methodologies3.7 Describe application and workload security concepts

Content Security: 10%

  • Implement traffic redirection and capture methods (Cisco Documentation: Redirecting ISA Subscriber Traffic)
  • Describe web proxy identity and authentication including transparent user identification (Cisco Documentation: Web Authentication Proxy Configuration)
  • Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA) (Cisco Documentation: Solution-Level)
  • Configure and verify web and email security deployment methods to protect on-premises and remote users (inbound and outbound controls and policy management) (Cisco Documentation: Cisco Email Security Appliance)
  • Validate and verify email security features such as SPAM filtering, anti-malware filtering, DLP, block listing, and email encryption
  • Configure and verify secure internet gateway and web security features such as block listing, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
  • Describe the components, capabilities, and benefits of Cisco Umbrella (Cisco Documentation: Cisco Umbrella SIG)
  • Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)

Endpoint Protection and Detection: 15%

  • Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions (Cisco Documentation: Endpoint Protection Platform (EPP) vs Endpoint Detection & Response (EDR))
  • Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry (Cisco Documentation: CISCO ENDPOINT IOC ATTRIBUTES)
  • Configure and verify outbreak control and quarantines to limit infection
  • Describe justifications for endpoint-based security (Cisco Documentation: endpoints)
  • Explain the value of endpoint device management and asset inventory such as MDM
  • Describe the uses and importance of multifactor authentication (MFA) strategy (Cisco Documentation: Multi-Factor Authentication)
  • Describe endpoint posture assessment solutions to ensure endpoint security
  • Explain the importance of an endpoint patching strategy

Secure Network Access, Visibility, and Enforcement: 15%

  • Describe identity management and secure network access concepts such as guest services, profiling, posture assessment, and BYOD (Cisco Documentation: Cisco ISE BYOD Prescriptive Deployment Guide)
  • Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
  • Describe network access with CoA
  • Describe the benefits of device compliance and application control
  • Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP,Messenger, IRC, NTP) (Cisco Documentation: Sensitive Data Exfiltration and the Insider)
  • Describe the benefits of network telemetry
  • Describe the components, capabilities, and benefits of these security products and solutions.

Exam Policies

There are various policies to which the candidate is required to adhere to. Cisco includes various exam policies to help candidates understand the terms and procedures for the certification exam. Also, it is advised to check the policies beforehand to avoid any kind of confusion. Some of them are:

Exam Retake Policy

The candidate has to wait for five calendar days, beginning the day after the failed attempt. However, once passed, a candidate must wait for a minimum of 180 days before taking the same exam with an identical exam number.

Exam Reschedule Policy

Candidates who want to reschedule their online proctored exam must contact Pearson VUE or access an online Pearson VUE account to reschedule the exam up until the scheduled start time of your appointment. However, failure to reschedule before your appointment time or failure to appear for your appointment will result in the forfeiture of your exam fee.

Cancellation Policy

To cancel the online proctored exam candidates must contact Pearson VUE or access your online Pearson VUE account to cancel your exam up until the scheduled start time of your appointment. However, failure to cancel before your appointment time or failure to appear for your appointment will result in the forfeiture of your exam fee. 

Preparatory Guide for CCIE Security (350-701 SCOR)

All set for your exam now. It’s time to start your preparation. Here, we have provided you with a exam guide specially designed by our experts. We are going to illustrate a detailed description to help you prepare for the exam with expert learning resources and a study guide.

Preparatory Guide for CCIE Security (350-701 SCOR)

Refer the Exam Guide

For any examination, it is important to know the course outline and guide. Also, Cisco also provides the complete course guide on its official website.  Since it is the most authentic site to provide any information regarding the CCIE Security (350-701 SCOR) exam. After you’ve gone through the basic exam details. It’s time to hit the exam guide. For your assistance we have also provided you with the exam objectives:

  • Security Concepts (25%)
  • Network Security (20%)
  • Securing the Cloud (15%)
  • Content Security (15%)
  • Endpoint Protection and Detection (10%)
  • Secure Network Access, Visibility, and Enforcement (15%)

Learning Resources

Official Cisco Training

Cisco provides an official training course to help candidates prepare for the CCIE Security (350-701 SCOR) examination. The Implementing and Operating Cisco Security Core Technologies (SCOR) training help you in developing the skills and technologies you need to implement core Cisco security solutions to provide advanced threat protection against cybersecurity attacks. Also, you will learn security for networks, cloud and content, endpoint protection, secure network access, visibility, and enforcement.

Private Group Training

Cisco offers Private group training that brings the Cisco classroom experience anywhere, whether it’s an office, or to an offsite location of your choice. Also, this can deliver any Cisco course in this format, from certification classes to the latest technology and business transformation training. Moreover, Private group training is a convenient, cost-effective choice for groups with many people who all need the same training. 

CCIE Security (350-701 SCOR)
 reference book
Reference Books

Everything is now almost done. However, you are still confused to choose from which book to prepare, no worries we are here to help you. Below are the books for CCIE Security (350-701 SCOR):

  • CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide by Omar Santos

Join Study groups

Joining study groups is a good way to get yourself fully involved with the certification exam you applied for. These groups will help you get up to date with the latest changes or any update happening exam. Also, these groups contain both beginners as well as professionals. Also, you can ask any query related to the exam or you can talk about the exam without any hesitation. Moreover, here you can start any discussion about the issue related to the exam or any query. By doing so, you will get the best possible answer to your query.

Practice Tests

It is very important to practice what you have learned so that you are in a position to analyze your practice, by practicing you will be able to improve your answering skills that will result in saving a lot of time. Moreover, the best way to start doing practice tests is after completing one full topic as this will work as a revision part for you. So, start your preparation now!

CCIE Security (350-701 SCOR) free practice test
Menu