CCNP Security

Introducing the new CCNP Security certification
New exams go live on February 24, 2020

Overview
The new CCNP Security certification program prepares you for today’s professional-level job roles in security technologies.
CCNP Security now includes automation and programmability to help you scale your security infrastructure.
One of the industry’s most respected certifications, CCNP validates the core knowledge you need while giving you the flexibility to choose a focus area.
And now every exam in the CCNP Security program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

To earn CCNP Security, you pass two exams:

  • Core exam
  • A Security concentration exam of your choice.

Core Exam

  • The core exam focuses on your knowledge of security infrastructure.
  • The core exam is also the qualifying exam for CCIE Security certification.
  • Passing this exam helps toward earning both of these certifications.

Concentration exams

  • Concentration exams focus on emerging and industry-specific topics.
  • You can prepare for concentration exams by taking their corresponding Cisco training courses.

REQUIRED EXAMS

Core exam:
350-701 SCOR               Implementing and Operating Cisco Security Core Technologies (SCOR)

Concentration exams (choose one):
300-710 SNCF               Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW)
300-715 SISE                 Securing Networks with Cisco Firepower Next-Generation IPS (SSFIPS)
Implementing and Configuring Cisco Identity Services Engine (SISE)
300-720 SESA              Securing Email with Cisco Email Security Appliance (SESA)
300-725 SWSA            Securing the Web with Cisco Web Security Appliance (SWSA)
300-730 SVPN             Implementing Secure Solutions with Virtual Private Networks (SVPN)
300-735 SAUTO          Implementing Automation for Cisco Security Solutions (SAUI)

 

Currently we are offering the below Courses in Video Trainings. You can also find some sample Videos at our YouTube Channel.

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

  • Exam Number:                            350-701 SCOR
  • First date to test:                        February 24, 2020
  • Duration:                                          120 minutes
  • Available Languages:            English
  • Exam Registration:                   Pearson VUE

Associated Certifications:

  • CCNP Security
  • CCIE Security
  • Cisco Certified Specialist
  • Cisco Security Core

Exam overview
This exam tests your knowledge of implementing and operating core security technologies, including:

  • Network security
  • Cloud security
  • Content security
  • Endpoint protection and detection
  • Secure network access
  • Visibility and enforcement

 

Course Content

1.0 Security Concepts              25%
Explain common threats against on-premises and cloud environments

  • On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, cross-site scripting, malware
  • Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials

Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization
Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
Describe security intelligence authoring, sharing, and consumption
Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
Explain North Bound and South Bound APIs in the SDN architecture
Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
Interpret basic Python scripts used to call Cisco Security appliances APIs

2.0 Network Security              20%
Compare network security solutions that provide intrusion prevention and firewall capabilities
Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
Configure and verify network infrastructure security methods (router, switch, wireless)

  • Layer 2 methods (Network segmentation using VLANs and VRF-lite;
  • Layer 2 and port security;
  • DHCP snooping;
  • Dynamic ARP inspection;
  • Storm control;
  • PVLANs to segregate network traffic;
  • Defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
  • Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)

Implement segmentation, access control policies, AVC, URL filtering, and malware protection
Implement management options for network security solutions such as intrusion prevention and perimeter security

  • (Single vs. multidevice manager,
  • in-band vs. out-of-band,
  • CDP, DNS, SCP, SFTP, and DHCP security and risks)

Configure AAA for device and network access

  • (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)

Configure secure network management of perimeter security and infrastructure devices

  • (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)

Configure and verify site-to-site VPN and remote access VPN

  • Site-to-site VPN utilizing Cisco routers and IOS
  • Remote access VPN using Cisco AnyConnect Secure Mobility client
  • Debug commands to view IPsec tunnel establishment and troubleshooting

3.0 Securing the Cloud  15%
Identify security solutions for cloud environments

  • Public, private, hybrid, and community clouds
  • Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)

Compare the customer vs. provider security responsibility for the different cloud service models

  • Patch management in the cloud
  • Security assessment in the cloud
  • Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB

Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
Implement application and data security in cloud environments
Identify security capabilities, deployment models, and policy management to secure the cloud
Configure cloud logging and monitoring methodologies
Describe application and workload security concepts

4.0 Content Security                15%

Implement traffic redirection and capture methods
Describe web proxy identity and authentication including transparent user identification
Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA)
Configure and verify web and email security deployment methods to protect on-premises and remote users (inbound and outbound controls and policy management)
Configure and verify email security features such as SPAM filtering, antimalware filtering, DLP, blacklisting, and email encryption
Configure and verify secure internet gateway and web security features such as blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
Describe the components, capabilities, and benefits of Cisco Umbrella
Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)

5.0 Endpoint Protection and Detection      10%
Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry
Configure and verify outbreak control and quarantines to limit infection
Describe justifications for endpoint-based security
Describe the value of endpoint device management and asset inventory such as MDM
Describe the uses and importance of a multifactor authentication (MFA) strategy
Describe endpoint posture assessment solutions to ensure endpoint security
Explain the importance of an endpoint patching strategy

6.0  Secure Network Access, Visibility, and Enforcement 15%
Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
Describe network access with CoA
Describe the benefits of device compliance and application control
Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
Describe the benefits of network telemetry
Describe the components, capabilities, and benefits of these security products and solutions

  • Cisco Stealthwatch
  • Cisco Stealthwatch Cloud
  • Cisco pxGrid
  • Cisco Umbrella Investigate
  • Cisco Cognitive Threat Analytics
  • Cisco Encrypted Traffic Analytics
  • Cisco AnyConnect Network Visibility Module (NVM)

Securing Networks with Cisco Firepower (SNCF 300-710)

  • Exam Number:                                               300-710 SNCF
  • First date to test:                           February 24, 2020
  • Duration:                                            90 minutes
  • Available Languages:                                 English
  • Exam Registration:                      Pearson VUE

Associated Certifications:

  • CCNP Security
  • Cisco Certified Specialist
  • Cisco  Network Security Firepower

Exam Description
This exam tests a candidate's knowledge of Cisco Firepower® Threat Defense and Firepower®, including policy configurations, integrations, deployments, management and troubleshooting.
These courses, Securing Networks with Cisco Firepower, and Securing Network with Cisco Firepower Next-Generation Intrusion Prevention System help candidates prepare for this exam.
The following topics are general guidelines for the content likely to be included on the exam.


 

Course Content
1.0 Deployment    30%
1.1 Implement NGFW modes

  • Routed mode
  • Transparent mode

1.2 Implement NGIPS modes

  • Passive
  • Inline

1.3 Implement high availability options

  • Link redundancy
  • Active/standby failover
  • Multi-instance

1.4 Describe IRB configurations
2.0 Configuration           30%
2.1 Configure system settings in Cisco Firepower Management Center
2.2 Configure these policies in Cisco Firepower Management Center

  • Access control
  • Intrusion
  • Malware and file
  • DNS
  • Identity
  • SSL
  • Prefilter

2.3 Configure these features using Cisco Firepower Management Center

  • Network discovery
  • Application detectors (Open AppID)
  • Correlation
  • Actions

2.4 Configure objects using Firepower Management Center

  • Object Management
  • Intrusion Rules

2.5 Configure devices using Firepower Management Center

  • Device Management
  • NAT
  • VPN
  •  QoS
  • Platform Settings
  • Certificates

3.0 Management and Troubleshooting               25%
3.1 Troubleshoot with FMC CLI and GUI
3.2 Configure dashboards and reporting in FMC
3.3 Troubleshoot using packet capture procedures
3.4 Analyze risk and standard reports
4.0 Integration                                15%
4.1 Configure Cisco AMP for Networks in Firepower Management Center
4.2 Configure Cisco AMP for Endpoints in Firepower Management Center
4.3 Implement Threat Intelligence Director for third-party security intelligence feeds
4.4 Describe using Cisco Threat Response for security investigations
4.5 Describe Cisco FMC PxGrid Integration with Cisco Identify Services Engine (ISE)
4.6 Describe Rapid Threat Containment (RTC) functionality within Firepower Management Center

Implementing and Configuring Cisco Identity Services Engine (SISE 300-715)

  • Exam Number:                            300-715 SISE
  • First date to test:                        February 24, 2020
  • Duration:                                          90 minutes
  • Available Languages:            English
  • Exam Registration:                   Pearson VUE

Associated Certifications:

  • CCNP Security
  • Cisco Certified Specialist
  • Cisco Security Identity Management Implementation

Exam Description
This exam tests a candidate's knowledge of Cisco Identify Services Engine,

  • Including architecture and deployment
  • policy enforcement
  • Web Auth
  • Guest services
  • Profiler
  • BYOD
  • Endpoint compliance
  • Network access device administration.

 

1.0 Architecture and Deployment   10%

  • Configure personas
  • Describe deployment options

2.0 Policy Enforcement         25%
2.1 Configure native AD and LDAP
2.2 Describe identity store options

  • LDAP
  • AD
  • PKI
  •  OTP
  • Smart Card
  •  Local

2.3 Configure wired/wireless 802.1X network access
2.4 Configure 802.1X phasing deployment

  • Monitor mode
  • Low impact
  • Closed mode

2.5 Configure network access devices
2.6 Implement MAB
2.7 Configure Cisco TrustSec
2.8 Configure policies including authentication and authorization profiles

3.0 Web Auth and Guest Services 15%
3.1 Configure web authentication
3.2 Configure guest access services
3.3 Configure sponsor and guest portals
4.0 Profiler     15%

  • 4.1 Implement profiler services
  • 4.2 Implement probes
  • 4.3 Implement CoA
  • 4.4 Configure endpoint identity management

5.0 BYOD 15%
5.1 Describe Cisco BYOD functionality

  • Use cases and requirements
  •  Solution components
  •  BYOD flow

5.2 Configure BYOD device on-boarding using internal CA with Cisco switches and Cisco wireless LAN controllers
5.3 Configure certificates for BYOD
5.4 Configure blacklist/whitelist
6.0 Endpoint Compliance     10%
6.1 Describe endpoint compliance, posture services, and client provisioning
6.2 Configure posture conditions and policy, and client provisioning
6.3 Configure the compliance module
6.4 Configure Cisco ISE posture agents and operational modes
6.5 Describe supplicant, supplicant options, authenticator, and server

7.0 Network Access Device Administration            10%
7.1 Compare AAA protocols
7.2 Configure TACACS+ device administration and command authorization

Securing Email with Cisco Email Security Appliance (SESA 300-720)

  • Exam Number:                            300-720 SESA
  • First date to test:                        February 24, 2020
  • Duration:                                          90 minutes
  • Available Languages              English
  • Exam Registration:                   Pearson VUE

Associated Certifications:

  • CCNP Security
  • Cisco Certified Specialist
  • Cisco  Email Content Security

 Exam Description
This exam tests a candidate's knowledge of Cisco Email Security Appliance, including

  • Administration,
  • Spam control and antispam,
  • Message filters
  • Data loss prevention
  • LDAP
  • Email authentication and encryption,
  • System quarantines
  • Delivery methods.

 

Course Content
1.0 Cisco Email Security Appliance Administration           15%
1.1. Configure Cisco Email Security Appliance features

  • 1.1.a Hardware performance specifications
  • 1.1.b Initial configuration process
  • 1.1.c Routing and delivery features
  • 1.1.d GUI

1.2. Describe centralized services on a Cisco Content SMA
1.3. Configure mail policies

  • 1.3.a. Incoming and outgoing messages
  • 1.3.b. User matching
  • 1.3.c. Message splintering

2.0 Spam Control with Talos SenderBase and Antispam              15%
2.1 Control spam with Talos SenderBase and Antispam
2.2 Describe graymail management solution
2.3 Configure file reputation filtering and file analysis features
2.4 Implement malicious or undesirable URLs protection
2.5 Describe the bounce verification feature

3.0 Content and Message filters 20%
3.1 Describe the functions and capabilities of content filters
3.2 Create text resources such as content dictionaries, disclaimers, and templates

  • 3.2.a Dictionaries filter rules
  • 3.2.b Text resources management

3.3 Configure message filters components, rules, processing order and attachment scanning
3.4 Configure scan behavior
3.5 Configure the Cisco ESA to scan for viruses using Sophos and McAfee scanning engines
3.6 Configure outbreak filters
3.7 Configure Data Loss Prevention (DLP)

4.0 LDAP and SMTP Sessions           15%
4.1 Configure and verify LDAP servers and queries (Queries and Directory Harvest Attack)
4.2 Understand spam quarantine functions

  • 4.2.a Authentication for end-users of spam quarantine
  • 4.2.b Utilize spam quarantine alias to consolidate queries

4.3 Understand SMTP functionality

  • 4.3.a Email pipeline
  • 4.3.b Sender and recipient domains
  • 4.3.c SMTP session authentication using client certificates
  • 4.3.d SMTP TLS authentication
  • 4.3.e TLS email encryption

5.0 Email Authentication and Encryption 20%
5.1 Configure Domain Keys and DKIM signing
5.2 Configure SPF and SIDF
5.3 Configure DMARC verification
5.4 Configure forged email detection
5.5 Configure email encryption
5.6 Describe S/MIME security services and communication encryption with other MTAs
5.7 Manage certificate authorities

 

6.0 System Quarantines and Delivery Methods  15%
6.1 Configure quarantine (spam, policy, virus, and outbreak)
6.2 Utilize safelists and blocklists to control email delivery
6.3 Manage messages in local or external spam quarantines
6.4 Configure virtual gateways

Securing the Web with Cisco Web Security Appliance (SWSA 300-725)

  • First date to test:                        February 24, 2020
  • Exam Number:                            300-725 SWSA
  • Duration:                                          90 minutes
  • Available Languages:            English
  • Exam Registration:                   Pearson VUE

Associated Certifications:

  • CCNP Security
  • Cisco Certified Specialist
  • Cisco  Web Content Security

 Exam Description
This exam tests a candidate's knowledge of Cisco Web Security Appliance, including

  • Proxy services
  • Authentication
  • Decryption policies
  • Differentiated traffic
  • Access policies
  • Identification policies
  • Acceptable use control settings
  • Malware defense
  • Data security and data loss prevention.

 

Course Content
1.0 Cisco WSA Features         10%
1.1 Describe Cisco WSA features and functionality

  • Proxy service
  • Cognitive Threat Analytics
  • Data loss prevention service
  • Integrated L4TM service
  • Management tools

1.2 Describe WSA solutions

  • Cisco Advanced Web Security Reporting
  • Cisco Content Security Management Appliance

1.3 Integrate Cisco WSA with Splunk
1.4 Integrate Cisco WSA with Cisco ISE
1.5 Troubleshoot data security and external data loss using log files

2.0 Configuration 20%
2.1 Perform initial configuration tasks on Cisco WSA
2.2 Configure an Acceptable Use Policy
2.3 Configure and verify web proxy features

  • Explicit proxy functionality
  • Proxy access logs using CLI
  • Active directory proxy authentication

2.4 Configure a referrer header to filter web categories

3.0 Proxy Services    10%
3.1 Compare proxy terms

  •  Explicit proxy vs. transparent proxy
  •  Upstream proxy vs. downstream proxy

3.2 Describe tune caching behavior for safety or performance
3.3 Describe the functions of a Proxy Auto-Configuration (PAC) file
3.4 Describe the SOCKS protocol and the SOCKS proxy services

4.0 Authentication     10%
4.1 Describe authentication features

  •  Supported authentication protocols
  •  Authentication realms
  •  Supported authentication surrogates supported
  •  Bypassing authentication of problematic agents
  •  Authentication logs for accounting records
  •  Re-authentication

4.2 Configure traffic redirection to Cisco WSA using explicit forward proxy mode
4.3 Describe the FTP proxy authentication
4.4 Troubleshoot authentication issues
5.0 Decryption Policies to Control HTTPS Traffic                10%
5.1 Describe SSL and TLS inspection
5.2 Configure HTTPS capabilities

  • HTTPS decryption policies
  • HTTPS proxy function
  • ACL tags for HTTPS inspection
  • HTTPS proxy and verify TLS/SSL decryption
  • Certificate types used for HTTPS decryption

5.3 Configure self-signed and intermediate certificates within SSL/TLS transactions
6.0 Differentiated Traffic Access Policies and Identification Profiles  10%
6.1 Describe access policies
6.2 Describe identification profiles and authentication
6.3 Troubleshoot using access logs

7.0 Acceptable Use Control 10%
7.1 Configure URL filtering
7.2 Configure the dynamic content analysis engine
7.3 Configure time-based & traffic volume acceptable use policies and end user notifications
7.4 Configure web application visibility and control (Office 365, third-party feeds)
7.5 Create a corporate global acceptable use policy
7.6 Implement policy trace tool to verify corporate global acceptable use policy
7.7 Configure WSA to inspect archive file types
8.0 Malware Defense             10%
8.1 Describe anti-malware scanning
8.2 Configure file reputation filtering and file analysis
8.3 Describe Advanced Malware Protection (AMP)
8.4 Describe integration with Cognitive Threat Analytics

9.0 Reporting and Tracking Web Transactions     10%
9.1 Configure and analyze web tracking reports
9.2 Configure Cisco Advanced Web Security Reporting (AWSR)

  •  Basic web usage
  •  Custom filters

9.3 Troubleshoot connectivity issues

Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730)

  • Exam Number:                            300-730 SVPN
  • First date to test:                        February 24, 2020
  • Duration:                                          90 minutes
  • Available Languages:            English
  • Exam Registration:                   Pearson VUE

Associated Certifications:

  • CCNP Security
  • Cisco Certified Specialist
  • Cisco  Network Security VPN Implementation

Exam Description
This exam tests a candidate's knowledge of implementing secure remote communications with Virtual Private Network (VPN) solutions including

  • Secure communications
  • Architectures
  • Troubleshooting

Course Content
1.0 Site-to-site Virtual Private Networks on Routers and Firewalls     15%
1.1 Describe GETVPN
1.2 Implement DMVPN (hub-and-spoke and spoke-to-spoke on both IPv4 & IPv6)
1.3 Implement FlexVPN (hub-and-spoke on both IPv4 & IPv6) using local AAA
2.0 Remote access VPNs                      20%
2.1 Implement AnyConnect IKEv2 VPNs on ASA and routers
2.2 Implement AnyConnect SSLVPN on ASA and routers
2.3 Implement Clientless SSLVPN on ASA and routers
2.4 Implement Flex VPN on routers

3.0 Troubleshooting using ASDM and CLI  35%
3.1 Troubleshoot IPsec
3.2 Troubleshoot DMVPN
3.3 Troubleshoot FlexVPN
3.4 Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
3.5 Troubleshoot Clientless SSLVPN on ASA and routers
4.0 Secure Communications Architectures           30%
4.1 Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec for site-to-site VPN solutions

4.2 Identify functional components of FlexVPN, IPsec, and Clientless SSL for remote access VPN solutions
4.3 Identify VPN technology based on configuration output for site-to-site VPN solutions
4.4 Identify VPN technology based on configuration output for remote access VPN solutions
4.5 Identify split tunneling requirements for remote access VPN solutions
4.6 Design site-to-site VPN solutions

  •  VPN technology considerations based on functional requirements
  • High availability considerations

4.7 Design remote access VPN solutions

  • VPN technology considerations based on functional requirements
  • High availability considerations
  • Clientless SSL browser and client considerations and requirements

4.8 Identify Elliptic Curve Cryptography (ECC) algorithms

Automating and Programming Cisco Security Solutions (SAUTO 300-735)

  • Exam Number:                    300-735 SAUTO
  • First date to test:                February 24, 2020
  • Duration:                                  90 minutes
  • Available Languages:    English
  • Exam Registration:           Pearson VUE

Associated Certifications

  • CCNP Security
  • Cisco Certified DevNet Professional
  • Cisco Certified DevNet Specialist
  • Cisco Security Automation and Programmability

 Exam Description
This exam tests a candidate's knowledge of implementing Security automated solutions, including programming concepts

  • RESTful API
  • Data models
  • Protocols
  • Firewalls
  • Web
  • DNS
  • Cloud & email security
  • ISE

 

 

Course Content
 1.0 Network Programmability Foundation             10%
1.1 Utilize common version control operations with git (add, clone, push, commit, diff, branching, and merging conflict)
1.2 Describe characteristics of API styles (REST and RPC)
1.3 Describe the challenges encountered and patterns used when consuming APIs synchronously and asynchronously
1.4 Interpret Python scripts containing data types, functions, classes, conditions, and looping
1.5 Describe the benefits of Python virtual environments
1.6 Explain the benefits of using network configuration tools such as Ansible and Puppet for automating security platforms

2.0 Network Security              35%
2.1 Describe the event streaming capabilities of Firepower Management Center eStreamer API
2.2 Describe the capabilities and components of these APIs

  • Firepower (Firepower Management Center and Firepower Device Management)
  • ISE
  • pxGRID
  • Stealthwatch Enterprise

2.3 Implement firewall objects, rules, intrusion policies, and access policies using Firepower Management Center API
2.4 Implement firewall objects, rules, intrusion policies, and access policies using Firepower Threat Defense API (also known as Firepower Device Manager API)
2.5 Construct a Python script for pxGrid to retrieve information such as endpoint device type, network policy and security telemetry
2.6 Construct API requests using Stealthwatch API

  • Perform configuration modifications
  • Generate rich reports

3.0 Advanced Threat & Endpoint Security 30%
3.1 Describe the capabilities and components of these APIs

  • Umbrella Investigate APIs
  • AMP for endpoints APIs
  • ThreatGRID API

3.2 Construct an Umbrella Investigate API request
3.3 Construct AMP for endpoints API requests for event, computer, and policies
3.4 Construct ThreatGRID APIs request for search, sample feeds, IoC feeds, and threat disposition

4.0 Cloud, Web, and Email Security 25%
4.1 Describe the capabilities and components of these APIs

  • Umbrella reporting and enforcement APIs
  • Stealthwatch cloud APIs
  • Cisco Security Management Appliance APIs

4.2 Construct Stealthwatch cloud API request for reporting
4.3 Construct an Umbrella Reporting and Enforcement API request
4.4 Construct a report using Cisco Security Management Appliance API request (email and web)