🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
350-701
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
350-701 Cisco Systems Coming Soon

CCNP Security Core

The CCNP Security Core (SCOR 350-701) course equips security engineers with advanced knowledge of Cisco security architectures, covering concepts, network defenses, cloud hardening, content filtering, and endpoint detection to protect enterprise environments.

120
Minutes
100
Questions
$400
Exam Cost

Who Should Take This

Network security professionals with three to five years of hands‑on experience deploying Cisco firewalls, VPNs, and threat‑prevention tools should take this exam. They seek to validate their expertise, deepen their understanding of cloud and content security, and qualify for senior roles overseeing enterprise‑wide protection strategies.

What's Covered

1 All domains in the Cisco CCNP Security Core (SCOR 350-701) exam: Security Concepts
2 , Network Security
3 , Securing the Cloud
4 , Content Security
5 , Endpoint Protection and Detection
6 , Secure Network Access
7 , and Visibility and Enforcement

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

60 learning goals
1 Domain 1: Security Concepts
3 topics

Threats, vulnerabilities, and attack vectors

  • Analyze common network attack techniques including phishing, SQL injection, cross-site scripting, buffer overflow, and man-in-the-middle to assess enterprise exposure and prioritize mitigations.
  • Evaluate software vulnerability lifecycle stages including discovery, disclosure, patch availability, and exploitation to recommend patch management prioritization strategies.
  • Compare on-path, DDoS, DNS poisoning, and ARP spoofing attack vectors to assess which network security controls provide effective mitigation for each threat category.

Cryptography and PKI

  • Implement PKI certificate enrollment and lifecycle management using Cisco IOS CA servers and SCEP/EST protocols for enterprise device identity authentication.
  • Compare symmetric (AES, 3DES) and asymmetric (RSA, ECDSA) cryptographic algorithms to evaluate their suitability for VPN tunnel establishment, data-at-rest encryption, and digital signatures.
  • Configure certificate-based authentication for site-to-site VPNs and remote access VPNs using IKEv2 with RSA or ECDSA certificates issued by an enterprise CA hierarchy.

Security frameworks and models

  • Evaluate the MITRE ATT&CK framework tactics and techniques to map observed adversary behaviors to enterprise detection and response capabilities across Cisco security products.
  • Design a defense-in-depth security architecture applying layered controls across network, endpoint, cloud, and identity domains using Cisco Secure portfolio components.
2 Domain 2: Network Security
4 topics

Next-generation firewall

  • Deploy Cisco Firepower Threat Defense in routed and transparent modes, configuring interfaces, routing, NAT policies, and high availability failover pairs for enterprise perimeter defense.
  • Configure Firepower access control policies with application visibility, URL filtering, intrusion prevention, and file/malware policies to enforce granular traffic inspection at the NGFW.
  • Implement Firepower IPS policies with Snort rule management, custom rules, and variable sets to detect and block network-based exploits targeting enterprise server and client vulnerabilities.
  • Analyze Firepower event logs, connection events, and intrusion alerts to correlate threat indicators and assess the effectiveness of NGFW security policies.
  • Design a Firepower Management Center deployment architecture with multi-domain management, policy inheritance, and role-based access to scale NGFW management across distributed enterprise sites.

VPN technologies

  • Configure site-to-site IPsec VPN tunnels on Cisco ASA and FTD using IKEv1 and IKEv2 with pre-shared keys, defining crypto maps, tunnel groups, and transform sets.
  • Implement Cisco AnyConnect remote access VPN with SSL and IKEv2 protocols, configuring connection profiles, group policies, split tunneling, and posture enforcement.
  • Compare FlexVPN, DMVPN, and GET VPN architectures to recommend the optimal VPN overlay design for enterprise hub-and-spoke, spoke-to-spoke, and group encryption requirements.

Network segmentation and security zones

  • Implement zone-based firewall policies on Cisco IOS routers to segment enterprise traffic flows between internal, DMZ, and external security zones with stateful inspection.
  • Design network segmentation architectures using VLANs, VRFs, firewalls, and micro-segmentation to contain lateral movement and limit blast radius of security breaches.

ASA firewall operations

  • Configure Cisco ASA security levels, interface ACLs, and object groups to implement stateful packet inspection and zone-based traffic filtering for legacy firewall deployments.
  • Implement ASA NAT policies including auto-NAT, manual NAT, and twice NAT with proper rule ordering to translate addresses for inbound service publishing and outbound internet access.
3 Domain 3: Securing the Cloud
3 topics

Cloud security concepts and architecture

  • Evaluate cloud service model security responsibilities across IaaS, PaaS, and SaaS to define the enterprise security control boundaries under the shared responsibility model.
  • Assess cloud security risks including data sovereignty, multi-tenancy exposure, API security, and identity federation to recommend risk mitigation controls for enterprise cloud adoption.
  • Configure cloud identity federation using SAML 2.0 and OpenID Connect to extend enterprise SSO to cloud applications while maintaining centralized authentication and access governance.

Cloud-delivered security services

  • Deploy Cisco Umbrella as a cloud-delivered DNS security service to block malicious domains, enforce acceptable use policies, and provide off-network protection for roaming users.
  • Configure Cisco Umbrella Secure Internet Gateway with full web proxy, SSL decryption, and DLP policies to extend content security to cloud-first and remote work environments.
  • Implement CASB integration with Cisco Cloudlock to monitor SaaS application usage, detect shadow IT, enforce DLP policies, and identify compromised account behaviors.

Cloud workload security

  • Apply Cisco Secure Workload (Tetration) to generate application dependency maps and enforce micro-segmentation policies for workloads running in public cloud and on-premises data centers.
  • Design a comprehensive cloud security architecture integrating Umbrella, CASB, Secure Workload, and NGFW to provide consistent security posture across hybrid and multi-cloud deployments.
4 Domain 4: Content Security
2 topics

Web security

  • Deploy Cisco Secure Web Appliance (WSA) in explicit proxy and transparent proxy modes to enforce web access policies, URL filtering, and HTTPS inspection for enterprise users.
  • Configure WSA access policies with user authentication, application visibility controls, and anti-malware scanning to provide layered web threat defense for enterprise outbound traffic.
  • Analyze WSA reporting data and access logs to evaluate policy effectiveness, identify high-risk user behaviors, and recommend policy adjustments for improved web security posture.

Email security

  • Deploy Cisco Secure Email Gateway (ESA) with mail flow policies, sender reputation filtering, and anti-spam engines to protect enterprise email infrastructure from phishing and malware.
  • Configure ESA content filters, DLP policies, and outbreak filters to detect and quarantine sensitive data exfiltration, zero-day malware attachments, and targeted email attacks.
  • Implement DMARC, DKIM, and SPF email authentication on Cisco ESA to validate sender identity and prevent domain spoofing in enterprise inbound and outbound email flows.
  • Design an integrated content security strategy combining WSA, ESA, and Umbrella to provide unified threat defense across web, email, and DNS attack surfaces for the enterprise.
5 Domain 5: Endpoint Protection and Detection
3 topics

Endpoint protection platform

  • Deploy Cisco Secure Endpoint connectors across enterprise Windows, macOS, and Linux endpoints with outbreak control, custom detections, and exclusion policies for operational compatibility.
  • Configure Cisco Secure Endpoint policies for file conviction, behavioral protection, exploit prevention, and script control to detect and block advanced malware on managed endpoints.
  • Analyze Cisco Secure Endpoint trajectory data including file trajectory, device trajectory, and threat root cause to trace malware propagation paths and identify patient-zero endpoints.
  • Configure endpoint posture assessment policies on ISE and Secure Endpoint to verify antivirus status, OS patch level, and disk encryption before granting compliant network access.

Malware analysis and sandboxing

  • Implement Cisco Threat Grid (Secure Malware Analytics) integration with NGFW, ESA, and Secure Endpoint to submit suspicious files for dynamic sandbox analysis and threat scoring.
  • Evaluate sandbox analysis reports including behavioral indicators, network callbacks, and file modifications to classify malware families and assess organizational impact severity.

Endpoint detection and response

  • Apply Cisco Secure Endpoint orbital queries and live investigation capabilities to perform real-time endpoint forensic data collection during active incident response scenarios.
  • Design an endpoint security strategy integrating prevention, detection, and response capabilities with retrospective security to address the full malware attack lifecycle.
6 Domain 6: Secure Network Access
3 topics

Cisco ISE deployment and policy

  • Deploy Cisco ISE nodes in a distributed architecture with primary and secondary policy administration, monitoring, and policy service personas for enterprise scale and redundancy.
  • Configure ISE authentication policies using 802.1X with EAP-TLS and PEAP-MSCHAPv2 to authenticate wired and wireless endpoints against Active Directory and certificate stores.
  • Implement ISE authorization policies with downloadable ACLs, VLAN assignment, and SGT tagging to enforce differentiated network access based on user role, device type, and posture compliance.
  • Configure ISE profiling services using DHCP, HTTP, RADIUS, and SNMP probes to dynamically classify endpoints and apply appropriate authorization policies based on device identity.

Guest, BYOD, and device administration

  • Implement ISE guest access workflows with sponsored and self-registration portals, time-based access policies, and bandwidth throttling for visitor network connectivity.
  • Configure ISE BYOD onboarding flows with native supplicant provisioning, certificate enrollment, and My Devices portal to enable secure personal device access on the enterprise network.
  • Implement TACACS+ device administration on Cisco ISE to centralize authentication, authorization, and command accounting for network infrastructure management access.

TrustSec and SGT policy enforcement

  • Configure TrustSec SGT assignment and propagation using inline tagging and SXP to transport security group context across switches, routers, and firewalls in the enterprise fabric.
  • Implement SGACL enforcement matrices on Cisco switches and Firepower NGFW to apply identity-based segmentation policies between security groups without IP-based ACL management.
  • Design a phased TrustSec deployment strategy progressing from monitor mode through low-impact to closed mode to minimize disruption while achieving enterprise-wide identity-based segmentation.
7 Domain 7: Visibility and Enforcement
2 topics

Network analytics and threat detection

  • Deploy Cisco Secure Network Analytics (Stealthwatch) with flow collectors and management console to establish behavioral baselines and detect anomalous traffic patterns across the enterprise.
  • Configure Stealthwatch security events, host groups, and custom policies to detect command-and-control communications, data exfiltration, and insider threat behaviors using NetFlow analytics.
  • Implement Encrypted Traffic Analytics on Cisco routers and switches to detect malware in TLS-encrypted flows without decryption using enhanced NetFlow metadata and machine learning classifiers.
  • Analyze Stealthwatch alarm data including host lock violations, excessive connections, and data hoarding to prioritize threat investigations and correlate with endpoint and firewall telemetry.

Integrated security operations

  • Apply Cisco SecureX platform integrations to orchestrate threat response workflows across NGFW, Secure Endpoint, ISE, and Umbrella for automated containment and remediation actions.
  • Evaluate Cisco Cognitive Threat Analytics cloud-based behavioral analysis to detect threats hidden in web traffic and assess its integration value with on-premises security infrastructure.
  • Design an enterprise security visibility architecture integrating Stealthwatch, SecureX, pxGrid, and SIEM to provide correlated threat intelligence from network, endpoint, and cloud data sources.

Scope

Included Topics

  • All domains in the Cisco CCNP Security Core (SCOR 350-701) exam: Security Concepts (25%), Network Security (20%), Securing the Cloud (15%), Content Security (10%), Endpoint Protection and Detection (10%), Secure Network Access (15%), and Visibility and Enforcement (5%).
  • Security concepts including common threats and vulnerabilities, cryptographic foundations, PKI and certificate management, security intelligence, and Cisco security product portfolio mapping.
  • Network security technologies including Cisco Firepower NGFW, ASA, IPS/IDS, zone-based firewalls, NAT in security contexts, VPN technologies (site-to-site and remote access), and network segmentation strategies.
  • Cloud security including CASB integration, cloud-delivered security services (Umbrella), cloud workload protection, and security policies for IaaS/SaaS/PaaS environments.
  • Content security including Cisco Web Security Appliance (WSA/Secure Web Appliance), Email Security Appliance (ESA/Secure Email Gateway), URL filtering, DLP, and anti-malware scanning.
  • Endpoint protection including Cisco Secure Endpoint (formerly AMP for Endpoints), endpoint detection and response, malware analysis (sandboxing, retrospective security), and endpoint posture assessment.
  • Secure network access including Cisco ISE deployment, 802.1X, MAB, guest services, profiling, TrustSec/SGT, BYOD workflows, and TACACS+ device administration.
  • Visibility and enforcement including Cisco Stealthwatch (Secure Network Analytics), Cognitive Threat Analytics, encrypted traffic analytics, and NetFlow-based anomaly detection.

Not Covered

  • Enterprise routing and switching infrastructure (OSPF, EIGRP, BGP, STP) that is covered by the ENCOR exam rather than SCOR.
  • Deep malware reverse engineering, exploit development, and offensive security techniques not required for SCOR.
  • SOC analyst workflow details, SIEM correlation rule authoring, and incident response forensics beyond the scope of SCOR.
  • Physical security, personnel security, and governance frameworks (ISO 27001, NIST CSF) at audit depth not tested on SCOR.

Official Exam Page

Learn more at Cisco Systems

Visit

350-701 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

Cisco®, CCNA®, CCNP®, CCIE®, and related marks are registered trademarks of Cisco Technology, Inc. Cisco does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.