CCNP Security (350-701 SCOR)
The Implementing and Operating Cisco Security Core Technologies v1.0, SCOR 350-701 exam is linked with CCNP Security, Cisco Certified Specialist – Security Core, and CCIE Security certifications.
This exam validates a candidate’s ability to implement and operate core security technologies that include network security, cloud security, content security, endpoint protection and detection, secure network access, visibility and enforcement. The course, Implementing and Operating Cisco Security Core Technologies, allows candidates to prepare for this exam.
This exam tests candidate’s knowledge of implementing and operating core security technologies, including:
- Network security
- Cloud security
- Content security
- Endpoint protection and detection
- Secure network access
- Visibility and enforcement
Target Audience
This exam is suitable for the following candidates:
- Security engineer
- Network engineer
- Network designer
- Network administrator
- Systems engineer
- Consulting systems engineer
- Technical solutions architect
- Network manager
- Cisco integrators and partners
Exam Prerequisites
There are no prerequisites for this exam. However, it would be helpful if the candidate has knowledge of the following:
- Familiarity with Ethernet and TCP/IP networking
- Working knowledge of the Windows operating system
- Working knowledge of Cisco IOS networking and concepts
- Familiarity with the basics of networking security concepts
Basic Details
For Cisco 350-701 SCOR exam candidates will get 120 minutes to complete the exam. The exam can contain various questions types that can be Multiple-Choice Single Answer, Multiple-Choice Multiple Answer & Drag and Drop Fill-in-the-Blank & Testlet. However, for passing scores, Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice. This exam is available in English and Japanese language. The cost of the exam is $300 USD and the exam is valid for three years.
Course Outline: 350-701 SCOR
The following topics are general guidelines for the content likely to be included on the Cisco 350-701 SCOR exam. So, prepare yourself and ensure that you are well versed with the course outline.
Security Concepts: 25%
- Explain common threats against on-premises and cloud environments (Cisco Documentation: Threat Prevention)
- On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, cross-site scripting, malware
- Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
- Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
- Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization (Cisco Reference: Cryptography Basic Components)
- Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
- Describe security intelligence authoring, sharing, and consumption (Cisco Reference: Configure and Troubleshoot Cisco Threat Intelligence Director)
- Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
- Describe North Bound and South Bound APIs in the SDN architecture (Cisco Documentation: Northbound API Overview)
- Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
- Interpret basic Python scripts used to call Cisco Security appliances APIs
Network Security: 20%
- Compare network security solutions that provide intrusion prevention and firewall capabilities
- Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
- Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records (Cisco Documentation: Introduction to Cisco IOS NetFlow – A Technical Overview)
- Configure and verify network infrastructure security methods (router, switch, wireless) (Cisco Documentation: Secure Network Infrastructure)
- Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
- Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)
- Implement segmentation, access control policies, AVC, URL filtering, and malware protection
- Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multi-device manager, in-band vs. out-of-band, CDP, DNS, SCP, SFTP, and DHCP security and risks)
- Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL) (Cisco Documentation: Authentication, Authorization, and Accounting Configuration Guide)
- Validate secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
- Configure and verify site-to-site VPN and remote access VPN (Cisco Documentation: Site-to-Site and Extranet VPN Business Scenarios)
- Site-to-site VPN utilizing Cisco routers and IOS
- Remote access VPN using Cisco AnyConnect Secure Mobility client
- Debug commands to view IPsec tunnel establishment and troubleshooting
Securing the Cloud: 15%
- Identify security solutions for cloud environments (Cisco Documentation: Cisco Cloud Security Solutions)
- Public, private, hybrid, and community clouds
- Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)3.2 Compare the customer vs. provider security responsibility for the different cloud service models (Cisco Documentation: Cloud Services Development)
- Patch management in the cloud
- Security assessment in the cloud
- Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB
- Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security)
- Implement application and data security in cloud environments
- Identify security capabilities, deployment models, and policy management to secure the cloud
- Configure cloud logging and monitoring methodologies
- Describe application and workload security concepts
Content Security: 10%
- Implement traffic redirection and capture methods (Cisco Documentation: Redirecting ISA Subscriber Traffic)
- Describe web proxy identity and authentication including transparent user identification (Cisco Documentation: Web Authentication Proxy Configuration)
- Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA) (Cisco Documentation: Solution-Level)
- Configure and verify web and email security deployment methods to protect on-premises and remote users (inbound and outbound controls and policy management) (Cisco Documentation: Cisco Email Security Appliance)
- Validate and verify email security features such as SPAM filtering, anti-malware filtering, DLP, block listing, and email encryption
- Configure and verify secure internet gateway and web security features such as block listing, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
- Describe the components, capabilities, and benefits of Cisco Umbrella (Cisco Documentation: Cisco Umbrella SIG)
- Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)
Endpoint Protection and Detection: 15%
- Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions (Cisco Documentation: Endpoint Protection Platform (EPP) vs Endpoint Detection & Response (EDR))
- Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry (Cisco Documentation: CISCO ENDPOINT IOC ATTRIBUTES)
- Configure and verify outbreak control and quarantines to limit infection
- Describe justifications for endpoint-based security (Cisco Documentation: endpoints)
- Explain the value of endpoint device management and asset inventory such as MDM
- Describe the uses and importance of multifactor authentication (MFA) strategy (Cisco Documentation: Multi-Factor Authentication)
- Describe endpoint posture assessment solutions to ensure endpoint security
- Explain the importance of an endpoint patching strategy
Secure Network Access, Visibility, and Enforcement: 15%
- Describe identity management and secure network access concepts such as guest services, profiling, posture assessment, and BYOD (Cisco Documentation: Cisco ISE BYOD Prescriptive Deployment Guide)
- Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
- Describe network access with CoA
- Describe the benefits of device compliance and application control
- Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP,Messenger, IRC, NTP) (Cisco Documentation: Sensitive Data Exfiltration and the Insider)
- Describe the benefits of network telemetry
- Describe the components, capabilities, and benefits of these security products and solutions.
Exam Policies
Cisco includes various exam policies to help candidates understand the terms and procedures for the certification exam. Some of them include:
Exam Scheduling
For Cisco 350-701 SCOR exam scheduling, candidates have to follow some steps that are:
- Log into your account at Pearson VUE.
- There, select the Proctored exam and enter the exam number, 350-701.
- Follow the prompts to register.
After that, once you have successfully scheduled your exam appointment, a confirmation email will be sent with your appointment details and important things to know for the exam.
Exam Retake Policy
Cisco exam retakes policy states that candidates who fail an Associate, Professional, Specialist, or CCNP Written exam must have to wait for five calendar days, beginning the day after the failed attempt. However, once passed, a candidate must wait for a minimum of 180 days before taking the same exam with an identical exam number.
Exam Reschedule Policy
Candidates who want to reschedule their online proctored exam must contact Pearson VUE or access an online Pearson VUE account to reschedule the exam up until the scheduled start time of your appointment. However, failure to reschedule before your appointment time or failure to appear for your appointment will result in the forfeiture of your exam fee.
Cancellation Policy
To cancel online proctored exam candidates must contact Pearson VUE or access your online Pearson VUE account to cancel your exam up until the scheduled start time of your appointment. However, failure to cancel before your appointment time or failure to appear for your appointment will result in the forfeiture of your exam fee.
Preparation Guide for CCNP Security (350-701 SCOR)
Following this preparation guide will help you learn and understand every exam objectives. Here we are providing you with the best learning resources to qualify the exam.
Review all Exam Objectives
Before, venturing on any journey, one must have a clear idea of what he/she is putting themselves into. With that being said, reviewing each and every exam objective becomes the most important part of your preparation. So, make sure you visit the Official website of CISCO, to have a clear view. Since it is the most authentic site to provide any information regarding the Cisco 350-701 SCOR exam. After you’ve gone through the basic exam details. It’s time to hit the exam guide.
Download the Course Outline
The second most crucial step is to download the Course outline aka the Exam Guide. It consists of all the domains and topics of the examination. So, make sure to download the Course Outline. This allows you to prepare for the Cisco 350-701 SCOR exam, keeping in mind all the objectives.
- Security Concepts
- Network Security
- Securing the Cloud
- Content Security
- Endpoint Protection and Detection
- Secure Network Access, Visibility, and Enforcement
Official Cisco training
Cisco provides an official training course to help candidates prepare for the 350-701 SCOR exam that is, the Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0. This will help you prepare for the Cisco CCNP Security and CCIE Security certifications and for senior-level security roles.
In this course you will learn the following:
- Describing information security concepts and strategies within the network
- Describing common TCP/IP, network application, and endpoint attacks
- Describing how various network security technologies work together to guard against attacks
- Implementing access control on the Cisco ASA appliance and Cisco Firepower Next-Generation Firewall
- Describing and implement basic email content security features and functions provided by the Cisco Email Security Appliance
- Describing and implement web content security features and functions provided by the Cisco Web Security Appliance
- Describing Cisco Umbrella security capabilities, deployment models, policy management, and Investigate console
- Introducing VPNs and describe cryptography solutions and algorithms
- Providing a basic understanding of endpoint security and describe Advanced Malware Protection (AMP) for Endpoints architecture and basic features
- Examining various defences on Cisco devices that protect the control and management plane
- Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls
- Describing Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions
- Describing the basics of cloud computing and common cloud attacks and how to secure cloud environment
Private Group Training
Cisco offers candidates Private group training that brings the Cisco classroom experience anywhere, whether it’s an office, or to an offsite location of your choice. This can deliver any Cisco course in this format, from certification classes to the latest technology and business transformation training. Moreover, Private group training is a convenient, cost-effective choice for groups with many people who all need the same training.
Cisco Learning Library
Cisco provides a Learning Library to help candidates to gain foundational knowledge and skills for all network needs. However, this new library includes the Cisco Platinum Learning Library and Cisco Technical Knowledge Library for a great price. Cisco Learning Library for 350-701 SCOR exam is an online certification training program that helps candidates to explore new opportunities, In addition, it gives candidates access to the Cisco Technical Knowledge Library that comes with best practices, design guides, and live webinars.
Online Study Groups
One thing that will be beneficial during the exam preparation time is to join study groups. These groups will help you to stay connected with the other people who are on the same pathway as yours. Moreover, here you can start any discussion about the issue related to the exam or any query. By doing so, you will get the best possible answer to your query.
Practice Tests
This is a very essential part that can help you to prepare better for the exam. That is to say, practice tests are important as by assessing yourself with these tests you will know about your weak and strong areas. However, by practising you will be able to improve your answering skills that will result in saving a lot of time. Moreover, the best way to start doing practice tests is after completing one full topic as this will work as a revision part for you. So, make sure to find the best practice sources.