Cisco

CCNP Security

Cisco Certified Network Professional Security

Professional 350-701 SCOR (core required) + one concentration exam Content Available

Master enterprise security technologies across firewalls, identity, cloud, and threat defence.

Practice CCNP Security Questions Study Notes Exam Topics
Exam Code
350-701 SCOR (core required) + one concentration exam
Duration
120 min (core) / 90 min (concentration)
Questions
90–110
Passing Score
825 / 1000
Validity
3 years
Exam Cost
$400 USD (core) + $300 USD (concentration)
Overview

About CCNP Security

The Cisco CCNP Security certification validates the skills required to implement and manage comprehensive security solutions across modern enterprise environments. It requires passing the 350-701 SCOR core exam plus one security concentration exam, covering areas such as firewalls, identity management, endpoint security, secure email and web, and VPNs. CCNP Security is designed for security engineers, network security analysts, and IT professionals who need to demonstrate proficiency across the full Cisco security portfolio. Topics span cryptography fundamentals, next-generation firewall technologies (ASA/FTD), Cisco ISE, cloud security, endpoint protection, content security, and network visibility. Whether you're defending enterprise networks, implementing zero-trust architectures, or integrating threat intelligence, CCNP Security equips you with the knowledge and skills employers demand in the cybersecurity workforce.

Prerequisites
CCNA or CCNA Security (recommended) Understanding of networking fundamentals (routing, switching, TCP/IP) Familiarity with basic security concepts (firewalls, VPNs, ACLs) Some experience with Cisco IOS and security appliances
Exam Domains

What you need to know

7 domains, 70 objectives. Click a domain to expand its topics.

🛡️
Security Concepts
Core security theory including threats, cryptography, PKI, and common attack methodologies.
25%
  • Explain common threats against on-premises and cloud environments (data breach, insider threat, DDoS)
  • Describe common vulnerabilities and exploits (OWASP Top 10, CVEs, zero-day exploits)
  • Describe the functionality of cryptographic protocols (symmetric, asymmetric, hashing)
  • Describe the concepts of Public Key Infrastructure (PKI) including CAs, certificates, CRLs, and OCSP
  • Explain the role and function of common hash algorithms (MD5, SHA-1, SHA-256, SHA-3)
  • Compare symmetric encryption algorithms (AES, DES, 3DES) and their use cases
  • Describe asymmetric encryption and digital signatures (RSA, ECC, DSA)
  • Describe the components of the IPsec framework (IKEv1, IKEv2, ESP, AH, modes)
  • Explain common network attacks (MITM, replay, spoofing, phishing, brute force)
  • Describe security concepts in the context of DevOps and agile development
  • Compare and contrast access control models (DAC, MAC, RBAC, ABAC)
  • Describe the NIST Cybersecurity Framework (identify, protect, detect, respond, recover)
  • Explain the concepts of defence-in-depth and zero-trust security models
🔥
Network Security
Firewall technologies (ASA, FTD), NGFW, IPS/IDS, NAT, and network telemetry.
20%
  • Describe and compare Cisco ASA and Cisco Firepower Threat Defence (FTD) features
  • Configure and verify ASA interface security levels, NAT, and access control
  • Describe Cisco FTD architecture (FMC, FDM, inline mode, passive mode, tap mode)
  • Configure and verify FTD access control policies, intrusion policies, and file policies
  • Describe Next-Generation Firewall (NGFW) capabilities (application visibility, user identity, TLS inspection)
  • Explain IDS vs IPS operation modes (inline, passive, promiscuous)
  • Describe Snort signature syntax and the role of preprocessors in IPS
  • Configure and verify ASA NAT (static, dynamic PAT, twice NAT)
  • Describe the use of NetFlow for network traffic telemetry and anomaly detection
  • Configure and verify firewall high availability (active/standby, active/active)
  • Describe Cisco NGFW clustering and its benefits for scalability
  • Explain the role of TLS decryption in NGFW and the privacy considerations
☁️
Securing the Cloud
Cloud security models, DevSecOps, CASB, microsegmentation, and cloud-native protection.
15%
  • Describe cloud security responsibility models (IaaS, PaaS, SaaS shared responsibility)
  • Explain DevSecOps principles and the integration of security into CI/CD pipelines
  • Describe cloud-native security controls (security groups, NACLs, IAM policies)
  • Describe the function and benefits of a Cloud Access Security Broker (CASB)
  • Explain microsegmentation concepts and their role in cloud workload protection
  • Describe Cisco Umbrella and its role in DNS-layer security and cloud-delivered SASE
  • Explain the use of cloud security posture management (CSPM) tools
  • Describe the security challenges of containerised environments and Kubernetes
  • Compare public, private, and hybrid cloud security architectures
  • Describe the concept of Secure Access Service Edge (SASE) and its components
📧
Content Security
Cisco WSA, ESA, CES, URL filtering, malware protection, and spam filtering.
15%
  • Describe Cisco Secure Email (ESA) features including anti-spam, anti-virus, and email encryption
  • Configure and verify Cisco ESA mail policies (incoming/outgoing), content filters, and DLP
  • Describe Cisco Secure Web Appliance (WSA) features and deployment modes (explicit vs transparent proxy)
  • Configure and verify WSA URL filtering, application visibility, and HTTPS decryption
  • Describe Cisco Cloud Email Security (CES) and its integration with ESA
  • Explain the role of Cisco Threat Intelligence Director (TID) in content security
  • Describe Advanced Malware Protection (AMP) for email and web security
  • Explain spam filtering techniques (reputation filtering, Bayesian analysis, DKIM, SPF, DMARC)
  • Describe the use of sandboxing (Cisco Threat Grid) for file analysis and detonation
💻
Endpoint Protection and Detection
Cisco Secure Endpoint (AMP), EDR capabilities, UEBA, and host-based defences.
10%
  • Describe Cisco Secure Endpoint (formerly AMP for Endpoints) architecture and deployment
  • Explain the AMP for Endpoints file trajectory, device trajectory, and threat hunting features
  • Describe EDR (Endpoint Detection and Response) capabilities and how they differ from traditional AV
  • Explain User and Entity Behaviour Analytics (UEBA) concepts and anomaly detection
  • Describe the use of host-based IPS (HIPS) and host-based firewalls
  • Explain the concept of indicators of compromise (IoC) and indicators of attack (IoA)
  • Describe the Cisco Secure Endpoint connector deployment and policy configuration
  • Explain how AMP integrates with other Cisco security products (FMC, ISE, Threat Grid)
🔑
Secure Network Access
Cisco ISE, AAA, 802.1X, MAB, posture assessment, TrustSec, and pxGrid.
15%
  • Describe Cisco Identity Services Engine (ISE) architecture (PAN, MnT, PSN nodes)
  • Configure and verify RADIUS and TACACS+ on Cisco ISE for network device administration
  • Configure and verify 802.1X wired and wireless authentication policies in ISE
  • Configure and verify MAC Authentication Bypass (MAB) for non-802.1X devices
  • Describe ISE posture assessment and compliance enforcement (AnyConnect agent)
  • Configure and verify ISE guest portal and sponsored guest access
  • Describe Cisco TrustSec (Security Group Tagging) and SGT propagation methods
  • Describe the role of pxGrid in ISE ecosystem integration with third-party solutions
  • Configure and verify ISE profiling policies and endpoint profiling probes
  • Explain the ISE change of authorisation (CoA) mechanism for dynamic policy enforcement
👁️
Visibility and Enforcement
Cisco Stealthwatch, Threat Intelligence Platform, incident response, and SIEM integration.
10%
  • Describe Cisco Secure Network Analytics (Stealthwatch) and its role in network visibility
  • Explain the Stealthwatch flow collection architecture (SMC, Flow Collectors, UDP Director)
  • Describe the concept of encrypted traffic analytics (ETA) and JA3/JA3S fingerprinting
  • Explain the role of Cisco Talos as a threat intelligence source
  • Describe the phases of incident response (preparation, identification, containment, eradication, recovery)
  • Describe SIEM integration concepts and the role of syslog, SNMP traps, and NetFlow
  • Explain the use of security orchestration, automation, and response (SOAR) platforms
  • Describe Cisco SecureX as an integration platform for Cisco security products
Resources

Study & Practice

Practice CCNP Security Questions Official Cisco CCNP Security Page 350-701 SCOR Exam Topics (Cisco) Official Cisco Exam Tutorial Official Cisco Certification Tracking Book your Official Cisco Certification Exam