Ccnp Security Course Outline Page
To earn the Cisco Certified Network Professional (CCNP) Security
certification, you must pass two exams: a core exam and one concentration exam of your choice. Cisco Learning Network Core Exam: 350-701 SCOR
Implementing and Operating Cisco Security Core Technologies (SCOR)
exam covers the fundamental knowledge required for security across all platforms. Security Concepts (25%)
: Understanding core principles, common threats (viruses, phishing, DoS/DDoS), and vulnerabilities in on-premises and cloud environments. Network Security (20%)
: Comparing and deploying firewalls, intrusion prevention systems (IPS), and network infrastructure hardening. Securing the Cloud (15%) ccnp security course outline
: Security solutions for public, private, and hybrid clouds, including SaaS/IaaS models and DevSecOps. Content Security (15%)
: Implementing web proxy traffic redirection, user identification, and email security features. Endpoint Protection and Detection (10%)
: Comparing Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR). Secure Network Access (15%)
: Identity management (AAA), guest services, BYOD, and profiling using tools like Cisco ISE. Cisco Learning Network Concentration Exams (Choose One)
Candidates must select one specialization to complete the CCNP Security track. Cisco Learning Network 350-401 ENCOR Exam Topics and Study Guide To earn the Cisco Certified Network Professional (CCNP)
The Cisco Certified Network Professional (CCNP) Security certification is a professional-level credential designed to validate the skills required for security-focused roles in complex enterprise environments. To achieve this certification, a candidate must pass two exams: a mandatory core exam and one concentration exam of their choice. This structure allows professionals to tailor their learning to specific technical interests or job requirements.
The foundation of the certification is the Core Exam (SCOR 350-701), which focuses on implementing and operating Cisco security core technologies. The syllabus for this exam is comprehensive, covering six primary domains. It begins with network security, addressing fundamental concepts like defense-in-depth and the implementation of secure protocols. This is followed by cloud security, which emphasizes protecting cloud-based infrastructures and applications. The core curriculum also includes content security for email and web traffic, as well as endpoint protection and detection. Significant portions of the course are dedicated to secure network access—using tools like the Cisco Identity Services Engine (ISE)—and network visibility and enforcement.
Following the core requirement, candidates must select one concentration exam. These specialized modules allow for deeper expertise in specific areas of the security landscape. Options typically include: Securing Networks with Cisco Firepower (SNCF)
Implementing and Configuring Cisco Identity Services Engine (SISE) Securing Email with Cisco Email Security Appliance (SESA) Securing the Web with Cisco Web Security Appliance (SWSA)
Implementing Secure Solutions with Virtual Private Networks (SVPN) Automating and Programming Cisco Security Solutions (SAUTO) Hands-on labs (recommended)
Each of these concentration areas provides practical, hands-on knowledge. For example, the VPN module focuses on site-to-site and remote access solutions, while the automation track introduces Python programming and APIs to streamline security operations.
The CCNP Security course outline is strategically designed to bridge the gap between foundational knowledge and expert-level implementation. By combining a broad core understanding with a specialized elective, Cisco ensures that certified professionals are equipped to handle modern threats, manage complex security architectures, and support the evolving needs of digital enterprises. This dual-exam approach not only validates technical proficiency but also prepares candidates for the CCIE Security lab, should they choose to pursue the expert-level tier.
This outline focuses on the Core exam (SCOR) and the most popular concentration exam, SNCF (Firewall) .
Hands-on labs (recommended)
- Harden a router and switch; enable AAA and logging
- Configure site-to-site IPsec and AnyConnect remote access
- Deploy ASA/Firepower policies and inspect SSL traffic
- Implement ISE with 802.1X authentication and posture checks
- Simulate an incident: detect with NetFlow + SIEM, contain and remediate
Part 5: Why This Outline Matters for Your Career
The CCNP Security outline is a mirror of the modern SOC (Security Operations Center).
- If you handle firewalls: The SNCF (Firepower) track teaches you how to stop threats inline.
- If you handle access control: The SISE (ISE) track makes you the gatekeeper of the network.
- If you handle remote workers: The SVPN track ensures encrypted connectivity without performance loss.
Salary Expectation: In the US, a CCNP Security holder earns between $110,000 and $150,000, depending on geography and the concentration exam chosen.
Recertification: Your CCNP Security is valid for three years. You can recertify by earning Continuing Education (CE) credits, passing a higher exam (CCIE), or passing a core or concentration exam again.
Part 2: Concentration Exams (Choose One)
This is where the CCNP Security becomes highly practical. Candidates select the exam that aligns with their daily job responsibilities.
4.5 300-730 SVPN (Implementing Secure Solutions with Virtual Private Networks)
- Focus: Advanced VPN technologies.
- Key skills: Site-to-site VPN (IKEv2, DMVPN), remote access VPN (AnyConnect, FlexVPN), and troubleshooting.
4.6 300-735 SAUTO (Implementing Automation for Cisco Security Solutions)
- Focus: Security automation and orchestration.
- Key skills: REST APIs (Firepower, ISE, Umbrella), Python scripting for security tasks, and Ansible automation.
Module E: Network Analysis Policy (NAP)
- Sensitive Data Preprocessing: Detecting Credit Card numbers (PCI-DSS) or Social Security numbers in real-time traffic.
- Checksums & Defragmentation: Preventing Teardrop attacks and overlapping fragment attacks.