CCNP-SCOR (350-701)

(350-701.AP1)/ISBN:978-1-64459-267-0

This course includes
Lessons
TestPrep
Hand-on Lab
AI Tutor (Add-on)

Create new career opportunities by being Cisco CCNP certified with the CCNP-SCOR (350-701) course and lab. The CCNP security training course and lab comprehensively cover the 350-701 SCOR exam objectives and expertise in the areas such as network security, cloud security, content security, endpoint protection, and detection, secure network access, visibility, and enforcement, and more. The CCNP certification training guide is equipped with comprehensive learning resources to help you deploy and configure Site-to-Site VPNs in Cisco Routers.

Here's what you will get

The CCNP Security certification validates your knowledge of security solutions. You must pass two tests to acquire the CCNP Security certification: one on core security technologies and one on a security concentration of your choice. The core exam is designed to test your understanding of security infrastructure. Exams that focus on emerging and industry-specific issues are called concentration exams.

Lessons

13+ Lessons | 237+ Quizzes | 162+ Flashcards | 162+ Glossary of terms

TestPrep

100+ Pre Assessment Questions | 2+ Full Length Tests | 100+ Post Assessment Questions | 200+ Practice Test Questions

Hand on lab

54+ LiveLab | 55+ Video tutorials | 01:40+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • The CCNP Security Certification
  • The CCIE Security Certification
  • The Exam Objectives (Domains)
  • Steps to Pass the SCOR Exam
  • Facts About the Exam

Lessons 2: Cybersecurity Fundamentals

  • Introduction to Cybersecurity
  • Defining What Are Threats, Vulnerabilities, and Exploits
  • Common Software and Hardware Vulnerabilities
  • Confidentiality, Integrity, and Availability
  • Cloud Security Threats
  • IoT Security Threats
  • An Introduction to Digital Forensics and Incident Response
  • Summary
  • Review All Key Topics

Lessons 3: Cryptography

  • Introduction to Cryptography
  • Fundamentals of PKI
  • Review All Key Topics

Lessons 4: Software-Defined Networking Security and Network Programmability

  • Introduction to Software-Defined Networking
  • Introduction to Network Programmability
  • Review All Key Topics

Lessons 5: Authentication, Authorization, Accounting (AAA) and Identity Management

  • Introduction to Authentication, Authorization, and Accounting
  • Authentication
  • Authorization
  • Accounting
  • Infrastructure Access Controls
  • AAA Protocols
  • Cisco Identity Services Engine (ISE)
  • Configuring TACACS+ Access
  • Configuring RADIUS Authentication
  • Additional Cisco ISE Design Tips
  • Review All Key Topics

Lessons 6: Network Visibility and Segmentation

  • Introduction to Network Visibility
  • NetFlow
  • IP Flow Information Export (IPFIX)
  • NetFlow Deployment Scenarios
  • Cisco Stealthwatch
  • Cisco Cognitive Threat Analytics (CTA) and Encrypted Traffic Analytics (ETA)
  • NetFlow Collection Considerations and Best Practices
  • Configuring NetFlow in Cisco IOS and Cisco IOS-XE
  • Configuring NetFlow in NX-OS
  • Introduction to Network Segmentation
  • Micro-Segmentation with Cisco ACI
  • Segmentation with Cisco ISE
  • Review All Key Topics

Lessons 7: Infrastructure Security

  • Securing Layer 2 Technologies
  • Common Layer 2 Threats and How to Mitigate Them
  • Network Foundation Protection
  • Understanding and Securing the Management Plane
  • Understanding the Control Plane
  • Understanding and Securing the Data Plane
  • Securing Management Traffic
  • Implementing Logging Features
  • Configuring NTP
  • Securing the Network Infrastructure Device Image and Configuration Files
  • Securing the Data Plane in IPv6
  • Securing Routing Protocols and the Control Plane
  • Review All Key Topics

Lessons 8: Cisco Next-Generation Firewalls and Cisco Next-Generation Intrusion Prevention Systems

  • Introduction to Cisco Next-Generation Firewalls ...-Generation Intrusion Prevention Systems (NGIPS)
  • Comparing Network Security Solutions That Provide Firewall Capabilities
  • Deployment Modes of Network Security Solutions and Architectures That Provide Firewall Capabilities
  • High Availability and Clustering
  • Implementing Access Control
  • Cisco Firepower Intrusion Policies
  • Cisco Advanced Malware Protection (AMP)
  • Security Intelligence, Security Updates, and Keeping Firepower Software Up to Date
  • Review All Key Topics

Lessons 9: Virtual Private Networks (VPNs)

  • Virtual Private Network (VPN) Fundamentals
  • Deploying and Configuring Site-to-Site VPNs in Cisco Routers
  • Configuring Site-to-Site VPNs in Cisco ASA Firewalls
  • Configuring Remote Access VPNs in the Cisco ASA
  • Configuring Clientless Remote Access SSL VPNs in the Cisco ASA
  • Configuring Client-Based Remote-Access SSL VPNs in the Cisco ASA
  • Configuring Remote Access VPNs in FTD
  • Configuring Site-to-Site VPNs in FTD
  • Review All Key Topics

Lessons 10: Securing the Cloud

  • What Is Cloud and What Are the Cloud Service Models?
  • DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps
  • Describing the Customer vs. Provider Security Responsibility for the Different Cloud Service Models
  • Cisco Umbrella
  • Cisco Email Security in the Cloud
  • Cisco Cloudlock
  • Stealthwatch Cloud
  • AppDynamics Cloud Monitoring
  • Cisco Tetration
  • Review All Key Topics

Lessons 11: Content Security

  • Content Security Fundamentals
  • Cisco WSA
  • Cisco ESA
  • Cisco Content Security Management Appliance (SMA)
  • Review All Key Topics

Lessons 12: Endpoint Protection and Detection

  • Introduction to Endpoint Protection and Detection
  • Cisco AMP for Endpoints
  • Cisco Threat Response
  • Review All Key Topics

Lessons 13: Final Preparation

  • Hands-on Activities
  • Suggested Plan for Final Review and Study
  • Summary

Hands-on LAB Activities

Cybersecurity Fundamentals

  • Conducting Vulnerability Scanning Using Nessus
  • Completing the Chain of Custody

Cryptography

  • Configuring IPSec
  • Generating an RSA Key Pair
  • Generating an Asymmetric Key
  • Using OpenSSL to Create a Public/Private Key Pair

Authentication, Authorization, Accounting (AAA) and Identity Management

  • Understanding MAC Bypass
  • Configuring the AAA Router for TACACS+ Authentication

Network Visibility and Segmentation

  • Configuring a Flow Record
  • Configuring a Flow Monitor for IPv4 or IPv6
  • Defining a Flow Record in Cisco NX-OS
  • Defining a Flow Exporter in Cisco NX-OS
  • Defining a Flow Monitor with a Custom Record in Cisco NX-OS Software

Infrastructure Security

  • Configuring Interfaces as Trunk Ports
  • Configuring Router-on-a-Stick and Switch Support for a Router
  • Configuring PortFast and Rapid Spanning Tree
  • Implementing BPDU Guard on a Switch Port
  • Implementing Port Security
  • Configuring DHCP Snooping
  • Locking Down Switch Ports Administratively
  • Enabling AAA Services and Working with Method Lists
  • Creating and Working with Parser Views
  • Preparing SSH in a Router
  • Configuring a Router to Use NTP Services
  • Creating a Secure Bootset
  • Configuring the IPv6 ACL
  • Configuring IPv6
  • Configuring and Displaying Control Plane Policing
  • Configuring the BGP MD5 Authentication Process between BGP Peers
  • Configuring the OSPF MD5 Authentication Process
  • Configuring the EIGRP MD5 Authentication Process
  • Configuring the RIPv2 MD5 Authentication Process

Cisco Next-Generation Firewalls and Cisco Next-Generation Intrusion Prevention Systems

  • Configuring Cisco ASA Application Inspection
  • Configuring the Cisco ASA To-The-Box Traffic Filtering
  • Configuring Static NAT
  • Configuring a Standard ACL
  • Configuring Dynamic PAT
  • Configuring Dynamic NAT

Virtual Private Networks (VPNs)

  • Implementing IPsec VPNs through CLI
  • Configuring the GRE Tunnel Interface
  • Configuring and Viewing DMVPN Phase 1
  • Configuring Site-to-Site IPsec VPN Topology
  • Configuring the Cisco ASA Remote Access IPsec VPN IKEv2 Policy, IPsec Policy, and Dynamic Crypto Map
  • Configuring the Group Policy in the Cisco ASA
  • Creating the IP Pool for VPN Clients
  • Creating the Tunnel Group for Remote Access VPN Clients
  • Configuring Clientless SSL VPNs on ASA
  • Enrolling in the Manual Certificate
  • Configuring a Tunnel Group for Clientless SSL VPN
  • Configuring the Cisco ASA to Authenticate Users Using a RADIUS Server
  • Defining a WebType ACL
  • Defining the RADIUS Server for Client-Based SSL VPN
  • Configuring Split Tunneling

Content Security

  • Configuring PBR in a Cisco Router

Exam FAQs

While there are no formal prerequisites, three to five years of experience implementing enterprise networking solutions is recommended.

USD 400

Fill in the blanks, drag and drop, multiple-choice single answer, ,multiple-choice multiple answer

The exam contains 90-110 questions.

120 minutes

Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice.

The policies for retaking exams are as follows:

  • Candidates who fail an Associate, Professional, or Specialist exam must wait a period of five (5) calendar days, beginning the day after the failed attempt, before they may retest for the same exam.
  • Candidates who fail any Cisco Certified Internetwork Experts (CCIE) certification or Cisco Certified Design Expert (CCDE) written exam must wait for a period of 15 calendar days, beginning the day after the failed attempt, before retaking the same exam.
  • Once passed, a candidate must wait a minimum of 180 days before taking the same exam with an identical exam number.
  • Candidates who violate these policies are in violation of the agreement. Such conduct is strictly prohibited as described in the Cisco certification and confidentiality agreement.

Three years