Preparation for CCNP Security 350-701 SCOR

This certified training is the gateway to Cisco's security sector. It is one of the two prerequisites for passing CCNP Security exam. By following it, you will learn to master the skills and technologies needed to implement the main Cisco security solutions to ensure advanced protection against cyber security attacks.

You will develop your knowledge in the implementation and operation of core security technologies, including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility and application. This training consists of face-to-face courses, hands-on assignments and other e-learning modules that are available 90 days after the first day of the course, to better prepare you to pass the 350-701 SCOR exam.

CCNP and CCIE Security Core SCOR 350-701

Objectives

  • To know the concepts and strategies of information security within the network
  • Understand common TCP/IP attacks, network applications and endpoints
  • Describe how different network security technologies work together to protect against attacks
  • Knowing how to implement access control on Cisco ASA equipment and Cisco Firepower firewalls
  • Be able to describe and implement the basic email content security functions provided by the Cisco Email Security Appliance
  • Know and implement the web content security features and functions provided by the Cisco Web Security Appliance
  • Master Cisco Umbrella's security capabilities, deployment models, policy management and Investigate console
  • Knowing VPNs and knowing how to describe cryptographic solutions and algorithms
  • Master Cisco's secure site-to-site connectivity solutions and know how to deploy point-to-point IPsec VPNs based on Cisco IOS VTI, and point-to-point IPsec VPNs based on Cisco ASA and Cisco FirePower NGFW
  • Know how to implement Cisco Secure Remote Access connectivity solutions and how to configure 802.1X and EAP authentication
  • Know the basics of access point security and the basic architecture and features of MPA for access points
  • Knowing how to examine the different defences of Cisco devices that protect the control and management plan
  • To be able to implement and verify the controls of layer 2 and layer 3 data plans in Cisco IOS software
  • Learn about Cisco's Stealthwatch Enterprise and Stealthwatch Cloud solutions
  • Understanding the basics of cloud computing and common attacks in the cloud, and how to secure the cloud environment

Programs

Information security concepts

  • Overview of information security
  • Risk management
  • Vulnerability assessment
  • Understanding the CVSS

Common TCP/IP attacks

  • Inherited TCP/IP vulnerabilities
  • IP, ICMP, TCP, UDP vulnerabilities
  • Etching surface and etching vectors
  • Reconnaissance attacks
  • Access attacks
  • Attacks Man in the middle
  • Denial of service and distributed denial of service attacks
  • Reflection and amplification of attacks
  • Identity theft attacks
  • DHCP attacks

Attacks on common network applications

  • Password attacks
  • DNS-based attacks
  • DNS Tunneling
  • Attacks on the web
  • HTTP 302 Amortisation
  • Injections of orders
  • SQL injections
  • Cross-site scripting and falsification of applications
  • E-mail attacks

Common endpoint attacks

  • Buffer overflow
  • Malware
  • Reconnaissance attack
  • Gaining access and control
  • Gaining access through social engineering
  • Gaining access through web-based attacks
  • Operating Kits and Rootkits
  • Escalation of privileges
  • Post-operating phase
  • Angler Exploit Kit

Network security technologies

  • Defence strategy at all levels
  • Defending across the continuum of attacks
  • Overview of network segmentation and virtualisation
  • Presentation of the Stateful firewall
  • Overview of Security Intelligence
  • Standardization of threat information
  • Overview of malware protection on networks
  • Overview of SPIs
  • New generation firewall
  • Overview of e-mail content security
  • Web Content Security Overview
  • Overview of threat analysis systems
  • Overview of DNS security
  • Authentication, authorisation and accounting
  • Overview of Identity and Access Management
  • Overview of virtual private network technology

The deployment of the Cisco ASA firewall

  • Types of deployment
  • Interface security levels
  • Objects and groups of objects
  • Network address translation
  • LFA management
  • Global ACL
  • Advanced access policies
  • Presentation of high availability

Cisco Firepower Next Generation Firewall

  • Cisco Firepower's packet handling and policies
  • Objects Cisco Firepower NGFW
  • NAT management on Cisco Firepower NGFW
  • Screening Policies
  • Access control policies
  • Security Intelligence
  • IPS Policies
  • Cisco Firepower NGFW malware and file policies

Security of email content

  • Overview of Cisco email content security
  • SMTP overview
  • Overview of e-mail routing
  • Public and private auditors
  • Overview of mail policies
  • Protection against spam and grey mail

Anti-virus and anti-malware protection

  • Epidemic filters
  • Content Filters
  • Prevention of data loss
  • Email encryption
  • Web content security
  • Overview of Cisco WSA
  • Deployment options
  • Authentication of network users
  • HTTPS traffic decryption
  • Access policies and identification profiles
  • Acceptable Use Control Parameters
  • Malware protection

The deployment of Cisco Umbrella

  • Cisco Umbrella Architecture
  • Cisco Umbrella Deployment
  • Cisco Umbrella Roaming Client
  • Management of Cisco Umbrella
  • Introduction to Cisco Umbrella Investigate

VPN technologies and cryptography

  • Definition of VPNs
  • Presentation of the different types of VPNs
  • Secure communications and encryption services
  • Encryption keys
  • Public Key Infrastructure

Cisco Site-to-Site VPN solutions

  • Site-to-Site VPN Topologies
  • Introduction to IPsec VPN
  • IPsec Static Crypto Maps
  • IPsec Static Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN

The use of VTI-Based Point-to-Point

  • Cisco IOS VTIs
  • VTI Point-to-Point IPsec static configuration

Point-to-Point IPSEC VPNs on Cisco ASA and Cisco Firepower NGFW

  • Point-to-Point VPN presentation on Cisco ASA and Cisco Firepower NGFW
  • Configuration on the Cisco ASA
  • Configuration on Cisco Firepower NGFW

Cisco VPN Secure Remote Access Solutions

  • Components of a Remote Access VPN
  • Remote access VPN technologies
  • Presentation of SSL

Secure remote access solutions on Cisco ASA and Cisco Firepower NGFW

  • Presentation of the concepts
  • Connection Profiles
  • Group rules
  • Configuration on Cisco ASA
  • Configuration on Cisco Firepower NGFW

Cisco Secure Network Access Solutions

  • Introducing Cisco Secure Network Access
  • Components of Cisco Secure Network Access
  • Use of the AAA
  • Cisco Identity Services Engine
  • Cisco TrustSec

802.1X authentication

  • Overview of 802.1X and EAP authentication
  • Description of EAP methods
  • Role of RADIUS in 802.1X communications
  • Changing permissions on a RADIUS server

Configuring 802.1X authentication

  • Configuring a Cisco Catalyst Switch
  • Configuration on a Cisco WLC
  • Configuration on a Cisco ISE
  • Cisco Central Web Authentication

Secure endpoint solutions

  • Firewalls
  • Anti-Virus
  • Intrusion Prevention System
  • Management of white lists and black lists
  • Malware protection
  • Presentation of the sandbox
  • Checking the completeness of the files

The deployment of Cisco AMP for terminals

  • Architecture of the Cisco AMP
  • Cisco AMP for Endpoints Engines
  • Cisco AMP Device and File Trajectory
  • Manager Cisco AMP for Endpoints

Network infrastructure protection

  • Identification of network device plans
  • Securing plan control
  • Securing the data plan
  • Networked telemetry
  • Layer 2 and Layer 3 data plane control

Data plan security

  • LFA infrastructure
  • Data plan rules
  • Protection of the control plan
  • Secure routing protocols

Layer 2 data plan security

  • Presentation
  • VLAN-based attack management
  • STP-based attack management
  • Port Security
  • Private VLANs
  • DHCP Snooping
  • ARP Inspection
  • Storm Control
  • MACsec Encryption

Layer 3 data plan security

  • Antispoofing ACLs
  • Unicast Reverse Path Forwarding
  • IP Source Guard

Practical work

  • Configuring network settings and NAT on Cisco ASAs
  • Configuring Access Control Policies on Cisco ASAs
  • Configuring NAT on Cisco Firepower NGFWs
  • Configuring access control policies on Cisco Firepower NGFWs
  • Configuring IPS policies on Cisco Firepower NGFWs
  • Configuring policies against Cisco NGFW malware
  • Configuration of listeners, HAT, and RAT on Cisco ESAs
  • Configuring Mail policies
  • Configuring service proxies, authentication, and HTTPS decryption
  • Mail policy configuration
  • Configuring proxy services, HTTPS authentication and decryption
  • Implementation of acceptable use control and malware protection
  • Use of the general dashboard
  • Using the Cisco Umbrella Survey
  • Exploring Cisco Umbrella's Ransom DNS Protection
  • IKEv2 Static VTI point-to-point IPsec tunnel configuration
  • Configuring a point-to-point VPN between Cisco ASA and Cisco Firepower NGFW
  • Configuration of a remote access VPN on the Cisco Firepower NGFW
  • Using Cisco MPA for terminals
  • Performing an endpoint analysis using the AMP for Endpoints console
  • Exploring File Ransom Protection by Cisco AMP for Endpoints Console
  • Exploring Cisco Stealthwatch Enterprise v6.9.3
  • Exploring CTA in Stealthwatch Enterprise v7.0
  • Using the Cisco Cloudlock Dashboard and User Security
  • Discovery of the Cisco Cloudlock application and data security
  • Exploring the Cisco Stealthwatch cloud
  • Discovery of the parameters, watch lists and sensors of the Stealthwatch cloud alert

Prerequisite

  • Knowing the fundamentals of network security
  • Working knowledge of the Windows operating system
H2
H3
H4
3 columns
2 columns
1 column
Join the conversation now
Ecency