CCNP Security Certification (350-701) SCOR Exam Guide
CCNP Security Certification (350-701) SCOR
Implementing and Operating Cisco Security Core Technologies v1.1 (350-701)
Exam Overview: The Implementing and Operating Cisco Security Core Technologies v1.1 (SCOR 350-701) exam is a 120-minute assessment linked to the CCNP and CCIE Security Certifications. It evaluates a candidate’s proficiency in implementing and managing core security technologies, including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility, and enforcement. The associated course is designed to prepare candidates for this exam.
The topics listed are general guidelines for the exam content. However, additional related subjects may appear on specific versions of the exam. These guidelines may change at any time without prior notice to accurately reflect the exam content and for clarity.
1.0 Security Concepts
1.1 Explain common threats against on-premises, hybrid, and cloud environments
- On-premises: Includes threats like viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, cross-site scripting, and malware. These threats target physical infrastructures, exploiting vulnerabilities in local networks and devices.
- Cloud: Encompasses data breaches, insecure APIs, DoS/DDoS, and compromised credentials. These threats exploit weaknesses in cloud services, focusing on unauthorized access and data theft.
1.2 Compare common security vulnerabilities
- This includes software bugs, weak/hardcoded passwords, OWASP top ten vulnerabilities, missing encryption ciphers, buffer overflow, path traversal, and cross-site scripting/forgery. These vulnerabilities can lead to unauthorized access and data leaks.
1.3 Describe functions of cryptography components
- Covers hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, preshared key, and certificate-based authorization. Cryptography protects data integrity and confidentiality across networks.
1.4 Compare site-to-site and remote access VPN deployment types
- Site-to-site VPNs connect entire networks, while remote access VPNs allow individual users secure access. They include components like virtual tunnel interfaces, IPsec, DMVPN, FlexVPN, and Cisco Secure Client, focusing on high availability and security.
1.5 Describe security intelligence authoring, sharing, and consumption
- Involves creating, distributing, and using threat intelligence data to enhance security measures. It helps organizations respond to threats proactively.
1.6 Describe controls against phishing and social engineering
- Includes training, email filtering, multi-factor authentication, and user awareness programs to prevent phishing and social engineering attacks that exploit human psychology.
1.7 Explain North Bound and South Bound APIs in SDN architecture
- North Bound APIs enable communication between the SDN controller and applications, while South Bound APIs facilitate communication between the controller and network devices, enabling network programmability and automation.
1.8 Explain Cisco DNA Center APIs
- These APIs are used for network provisioning, optimization, monitoring, and troubleshooting, streamlining network management and enhancing operational efficiency.
1.9 Interpret basic Python scripts used to call Cisco Security appliances APIs
- Understanding Python scripts helps in automating interactions with Cisco Security appliances, allowing for efficient configuration and management.
2.0 Network Security
2.1 Compare network security solutions with intrusion prevention and firewall capabilities
- Intrusion Prevention Systems (IPS) and firewalls protect networks by detecting and blocking malicious activities, filtering traffic, and enforcing security policies.
2.2 Describe deployment models of network security solutions
- Includes on-premises, cloud-based, and hybrid architectures that provide intrusion prevention and firewall capabilities, each with unique benefits and considerations.
2.3 Describe components, capabilities, and benefits of NetFlow and Flexible NetFlow
- These tools monitor and analyze network traffic patterns, enhancing visibility, security, and performance management by collecting detailed flow data.
2.4 Configure and verify network infrastructure security methods
- Layer 2 methods: Implement VLANs, port security, DHCP snooping, ARP inspection, and storm control to prevent attacks like MAC flooding and VLAN hopping.
- Device hardening: Secures the control, data, and management planes, reducing vulnerabilities in network devices.
2.5 Implement segmentation, access control, and security policies
- Involves creating zones, defining access control policies, and employing features like AVC, URL filtering, malware protection, and intrusion policies to secure the network.
2.6 Implement management options for network security solutions
- Evaluates single vs. multi-device managers, in-band vs. out-of-band management, and cloud vs. on-premises setups to optimize security management.
2.7 Configure AAA for device and network access
- Uses TACACS+ and RADIUS for centralized authentication, authorization, and accounting, ensuring secure access to network resources.
2.8 Configure secure network management
- Involves using protocols like SNMPv3, NetConf, RestConf, secure syslog, and NTP with authentication to securely manage network devices and collect logs.
2.9 Configure and verify site-to-site and remote access VPN
- Site-to-site VPN: Uses Cisco routers and IOS for secure connections between networks.
- Remote access VPN: Employs Cisco AnyConnect for secure user connections, with debugging for troubleshooting IPsec tunnels.
3.0 Securing the Cloud
3.1 Identify security solutions for cloud environments
- Solutions vary for public, private, hybrid, and community clouds, tailored to different security needs and cloud service models like SaaS, PaaS, and IaaS.
3.2 Compare security responsibility across cloud service models
- Involves aspects like patch management and security assessment, highlighting shared responsibilities between cloud providers and users.
3.3 Describe DevSecOps
- Integrates security into the CI/CD pipeline, container orchestration, and software development, ensuring secure and compliant software delivery.
3.4 Implement application and data security in cloud environments
- Focuses on encryption, access controls, and data loss prevention to protect sensitive information in the cloud.
3.5 Identify security capabilities, deployment models, and policy management in the cloud
- Involves selecting appropriate security tools, understanding deployment models, and managing policies to secure cloud environments effectively.
3.6 Configure cloud logging and monitoring methodologies
- Implements logging and monitoring solutions to track cloud activities, enhancing visibility and incident response capabilities.
3.7 Describe application and workload security concepts
- Involves securing applications and workloads through measures like vulnerability management, access controls, and runtime protection.
4.0 Content Security
4.1 Implement traffic redirection and capture methods for web proxy
- Techniques that redirect and monitor web traffic to ensure security and enforce policies.
4.2 Describe web proxy identity and authentication
- Methods for transparent user identification and authentication to control web access and enforce security measures.
4.3 Compare email and web solutions
- Evaluates on-premises, hybrid, and cloud-based solutions like Cisco Secure Email and Web Appliances, highlighting their components, capabilities, and benefits.
4.4 Configure and verify web and email security deployment
- Involves setting up security measures to protect users across various environments, ensuring safe communication and browsing.
4.5 Configure and verify email security features
- Includes SPAM filtering, antimalware protection, DLP, blocklisting, and encryption to secure email communications.
4.6 Configure and verify Cisco Umbrella Secure Internet Gateway
- Implements features like blocklisting, URL filtering, malware scanning, and TLS decryption to enhance web security.
4.7 Describe components of Cisco Umbrella
- Details the capabilities and benefits of Cisco Umbrella, which provides cloud-based security for internet access.
4.8 Configure and verify web security controls on Cisco Umbrella
- Involves setting identities, URL content settings, destination lists, and reporting to manage and secure web access.
5.0 Endpoint Protection and Detection
5.1 Compare EPP and EDR solutions
- Distinguishes between Endpoint Protection Platforms and Endpoint Detection & Response solutions, focusing on their roles in securing endpoints.
5.2 Configure endpoint antimalware protection
- Utilizes Cisco Secure Endpoint to implement antimalware measures, protecting devices from malicious software.
5.3 Configure and verify outbreak control and quarantines
- Implements strategies to limit infection spread, isolating compromised systems to protect the network.
5.4 Describe justifications for endpoint-based security
- Highlights the importance of securing individual devices as part of an overall security strategy.
5.5 Describe the value of endpoint device management
- Explains the role of Mobile Device Management (MDM) and asset inventory systems in maintaining security and compliance.
5.6 Describe uses and importance of MFA
- Emphasizes the significance of multifactor authentication in enhancing security by requiring multiple verification methods.
5.7 Describe endpoint posture assessment solutions
- Discusses tools and techniques used to evaluate the security posture of endpoints, ensuring they meet compliance requirements.
5.8 Explain the importance of an endpoint patching strategy
- Stresses the need for regular patching to address vulnerabilities and maintain endpoint security.
6.0 Secure Network Access, Visibility, and Enforcement
6.1 Describe identity management and secure network access concepts
- Covers guest services, profiling, posture assessment, and BYOD, ensuring secure and controlled access to networks.
6.2 Configure and verify network access control mechanisms
- Implements 802.1X, MAB, and WebAuth to manage and secure network access, verifying user identities.
6.3 Describe network access with CoA
- Discusses Change of Authorization, allowing dynamic policy changes based on network access conditions.
6.4 Describe the benefits of device compliance and application control
- Highlights how ensuring device compliance and controlling applications enhance network security.
6.5 Explain exfiltration techniques
- Details methods like DNS tunneling, HTTPS, email, and other protocols that can be used for unauthorized data extraction.
6.6 Describe the benefits of network telemetry
- Explains how telemetry provides insights into network behavior, helping detect anomalies and enhance security monitoring.
6.7 Describe components and benefits of security products and solutions
- Cisco Secure Network Analytics: Provides network visibility and security analytics.
- Cisco Secure Cloud Analytics: Offers security analytics for cloud environments.
- Cisco pxGrid: Enables integration and data sharing among security products.
- Cisco Umbrella Investigate: Provides threat intelligence and insights.
- Cisco Cognitive Intelligence: Delivers advanced threat detection using machine learning.
- Cisco Encrypted Traffic Analytics: Analyzes encrypted traffic for security threats.
- Cisco Secure Client Network Visibility Module (NVM): Enhances visibility into network activities of endpoints.
Responses