CCNP and CCIE Security Core SCOR 350-701

CCNP and CCIE Security Core SCOR 350-701

by Omar Santos / Ron Taylor
Released June 2020
Publisher(s): Pearson
ISBN: 0136583415

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

12+ Hours of Video Instruction

More than 12 hours of video instruction and remediation organized to prepare users to take the CCNP Security Core SCOR 350-701 exam and prepare for their CCIE Security studies.

Overview

The CCNP and CCIE Security Core SCOR 350-701 Complete Video Course is designed to provide you with more than 12 hours of instruction with the goal of fully preparing you for all aspects of the exam. Security professionals who already hold the CCNP Security certification and are currently preparing to advance to the CCIE Security certification will also find the contents of this course extremely beneficial in their studies. The course walks through the vast array of security topics through dynamic presentations, demos, and illustrated techniques to help you attain a better grasp of how all of these security threats, preventative measures, and mitigation methods coalesce. The end result of this understanding is to help you perform confidently on the exam as well as in your professional life. The course instructor, Omar Santos, is a Principal Engineer of the Cisco Product Security Incident Response Team (PSIRT). Omar is very active and a well-known subject matter expert in the security arena.

Through detailed exploration, configuration demos, and troubleshooting implementations, this course methodically guides you through the topics of general security concepts; network security; cloud security; content security; endpoint protection and detection; and network access, visibility, and enforcement. Not coincidentally, these are the six main domains outlined in the SCOR 350-701 exam blueprint.

Topics include:

Module 1: Cybersecurity Fundamentals
Module 2: Software Defined Networking Security and Network Programmability
Module 3: AAA, Identity Management, Network Visibility, and Segmentation
Module 4: Infrastructure Security, Firewalls, and Intrusion Prevention Systems
Module 5: Virtual Private Networks (VPNs)
Module 6: Securing the Cloud and Content Security
Module 7: Endpoint Security and Cisco Threat Response

About the Instructor

Omar Santos is the author of more than 20 books and video courses; numerous white papers, articles, and security configuration guidelines and best practices. Omar is a Principal Engineer of the Cisco PSIRT where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar is an active member of the security community, where he leads several industry-wide initiatives and standard bodies.

Skill Level

Intermediate to Advanced

Learn How To
  • Identify, mitigate, and prevent common cybersecurity threats
  • Understand and implement various cryptography methods
  • Apply Software-Defined Networking (SDN) and network programmability to streamline your network’s security
  • Manage network access, authentication, and user identity through proven tools and techniques
  • Maintain the integrity of network infrastructure security through network tools, firewalls, and intrusion prevention systems
  • Implement site-to-site and remote access virtual private networks (VPNs)
  • Secure your network content in on-premise and in the Cloud
  • Implement Endpoint Threat Detection and Response (ETDR) and Endpoint Detection and Response (EDR)
  • Pass the CCNP Security Core SCOR 350-701 exam
  • Prepare for the CCIE Security certification
Who Should Take This Course
  • CCNP Security certification candidates
  • CCIE Security certification candidates
  • Network designers, administrators, and engineers
  • Network security professionals
Course Requirements
  • Skills and knowledge equivalent to those holding a CCNA certification
  • Basic understanding of core security technologies
Lesson Descriptions

Module 1, “Cybersecurity Fundamentals,” provides an understanding of the wide-ranging cybersecurity threats against on-premise and cloud environments. You will also learn the fundamentals of cryptography that are covered in the exam.

Module 2, “Software Defined Networking Security and Network Programmability,” explores the tools, architecture, and security benefits and threats associated with Software-Defined Networking (SDN). Additionally, the lessons in this module explore the different methods and tools associated with network programmability. From the content in these lessons, you will learn why and how SDN and network programmability are extremely useful in today’s environments.

Module 3, “AAA, Identity Management, Network Visibility, and Segmentation,” begins with Lesson 5, which is an introduction to authentication, authorization, and accounting (AAA). Lesson 6 takes this a step further with a detailed look at identity management, Secure network access, visibility, and segmentation.

In Module 4, “Infrastructure Security, Firewalls, and Intrusion Prevention Systems,” details several of the attacks made against infrastructure devices (including routers, switches, and firewalls) and the best practices and solutions to help prevent or mitigate these attacks. The latter lessons in this module cover Cisco Next-Generation Firewalls and Cisco Next-Generation Intrusion Prevention Systems.

Module 5, “Virtual Private Networks (VPNs),” examines the process of how to deploy site-to-site and remote access VPN solutions to protect your data and your users.

Module 6, “Securing the Cloud and Content Security” starts with an introduction to the different cloud deployment and service models. You will learn about different technologies to protect and secure different cloud environments. You will also learn about the different Cisco Content Security solutions such as Cisco Web Security and Email Security Appliances.

Module 7, “Endpoint Security and Cisco Threat Response” covers Endpoint Protection & Detection, as well as the Cisco Threat Response solution.

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. CCNP and CCIE Security Core SCOR 350-701: Introduction
  2. Module 1: Cybersecurity Fundamentals
    1. Module introduction
  3. Lesson 1: Understanding Common Cybersecurity Threats Against On-premise and Cloud Environments
    1. Learning objectives
    2. 1.1 Understanding Malware, Viruses, Trojans, and Rootkits
    3. 1.2 Keyloggers and Spyware
    4. 1.3 Malware Analysis Techniques
    5. 1.4 Surveying Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks
    6. 1.5 Surveying Common Application-based Vulnerabilities
    7. 1.6 Exploiting Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF) Vulnerabilities
    8. 1.7 Exploiting Authentication and Authorization-based Vulnerabilities
    9. 1.8 Understanding SQL Injection and Path Traversal Vulnerabilities
    10. 1.9 Understanding Buffer Overflows
    11. 1.10 Surveying Unsecure Code Practices and Insecure APIs
    12. 1.11 Understanding Security Threats in Cloud Environments
    13. 1.12 Understanding IoT Security Threats
  4. Lesson 2: Cryptography
    1. Learning objectives
    2. 2.1 Introducing Cryptography and Cryptanalysis
    3. 2.2 Understanding Encryption Protocols
    4. 2.3 Describing Hashing Algorithms
    5. 2.4 Introducing Public Key Infrastructure (PKI)
    6. 2.5 Introducing Certificate Authorities (CAs) and Certificate Enrollment
    7. 2.6 Surveying SSL and TLS Implementations
    8. 2.7 Surveying IPsec Implementations
  5. Module 2: Software-Defined Networking Security and Network Programmability
    1. Module introduction
  6. Lesson 3: Software-Defined Networking Security
    1. Learning objectives
    2. 3.1 Introducing SDN
    3. 3.2 Explaining North Bound and South Bound APIs in the SDN Architecture
    4. 3.3 Introducing Cisco ACI
    5. 3.4 Introducing Cisco DNA and Cisco DNA Center
    6. 3.5 Understanding VXLAN and Network Overlays
    7. 3.6 Understanding Microsegmentation
    8. 3.7 Surveying Open Source SDN Solutions
    9. 3.8 Understanding the Threats Against SDN Solutions
    10. 3.9 Understanding the Security Benefits in SDN Solutions
  7. Lesson 4: Network Programmability
    1. Learning objectives
    2. 4.1 Introducing Network Programmability
    3. 4.2 Exploring DevNet and DevNet Resources for Security Automation
    4. 4.3 Introducing APIs, NETCONF, RESTCONF, and YANG
    5. 4.4 A Brief Introduction to Git
    6. 4.5 Exploring pxGrid
    7. 4.6 Integrating and Automating Security Operations with Cisco Products
  8. Module 3: AAA, Identity Management, Network Visibility, and Segmentation
    1. Module introduction
  9. Lesson 5: Introducing AAA and Identity Management
    1. Learning objectives
    2. 5.1 Understanding Authentication
    3. 5.2 Exploring the RADIUS Protocol
    4. 5.3 Surveying the TACACS+ Protocol
    5. 5.4 Understanding Authorization
    6. 5.5 Surveying Authorization Models
    7. 5.6 Defining Accounting
    8. 5.7 Exploring Multifactor Authentication and Single Sign-On
    9. 5.8 Exploring Examples of Multifactor and Single Sign-On
    10. 5.9 Understanding Cisco DUO
    11. 5.10 Introducing Cisco ISE
    12. 5.11 Understanding Cisco ISE Profiling Services
    13. 5.12 Understanding ISE Identity Services
    14. 5.13 Describing ISE Authorization Rules
  10. Lesson 6: Secure Network Access, Visibility, and Segmentation
    1. Learning objectives
    2. 6.1 Defining Network Visibility and Segmentation
    3. 6.2 Introducing NetFlow and IPFIX
    4. 6.3 Describing Flexible NetFlow Records
    5. 6.4 Understanding NetFlow Deployment
    6. 6.5 Exploring Cisco Stealthwatch
    7. 6.6 Deploying Cisco Stealthwatch Cloud
    8. 6.7 On-Premise Monitoring with Stealthwatch Cloud
    9. 6.8 Exploring the Cisco TrustSec Solution
    10. 6.9 Describing the Benefits of Device Compliance and Application Control
    11. 6.10 Introducing Network Segmentation
    12. 6.11 Exploring Application-based Segmentation
    13. 6.12 Understanding Cisco ACI
    14. 6.13 Describing Network Access with CoA
    15. 6.14 Integrating Different Security Systems Using pxGrid
    16. 6.15 Exploring Cisco Encrypted Traffic Analytics (ETA), Cisco Cognitive Threat Analytics (CTA), and Cisco Threat Grid
  11. Module 4: Infrastructure Security, Firewalls, and Intrusion Prevention Systems
    1. Module introduction
  12. Lesson 7: Infrastructure Security
    1. Learning objectives
    2. 7.1 Configuring and Verifying Network Segmentation Using VLANs and VRF-lite
    3. 7.2 Configuring and Verifying Port Security
    4. 7.3 Configuring and Verifying DHCP Snooping
    5. 7.4 Configuring and Verifying Dynamic ARP Inspection
    6. 7.5 Exploring and Mitigating Common Layer 2 Threats
    7. 7.6 Understanding and Configuring BPDU Guard and Root Guard
    8. 7.7 Understanding and Configuring CDP/LLDP
    9. 7.8 Understanding the Control Plane, Data Plane, and Management Plane
    10. 7.9 Exploring How to Secure the Management Plane
    11. 7.10 Exploring How to Secure the Control Plane
    12. 7.11 Exploring How to Secure the Data Plane
  13. Lesson 8: Cisco Next-Generation Firewalls
    1. Learning objectives
    2. 8.1 Introducing Cisco Next-Generation Firewalls
    3. 8.2 Surveying the Cisco Firepower Management Center (FMC)
    4. 8.3 Exploring the Cisco Firepower Device Manager (FDM)
    5. 8.4 Implementing Access Control Policies
  14. Lesson 9: Cisco Next-Generation Intrusion Prevention Systems
    1. Learning objectives
    2. 9.1 Introducing Cisco Next-Generation Intrusion Prevention Systems
    3. 9.2 Describing Deployment Models of Network Security Solutions and Architectures That Provide Intrusion Prevention Capabilities
    4. 9.3 Configuring Cisco Next-Generation Intrusion Prevention Systems
  15. Module 5: Virtual Private Networks (VPNs)
    1. Module introduction
  16. Lesson 10: Site-to-site VPN Implementations
    1. Learning objectives
    2. 10.1 Introduction to IPsec Site-to-site and Remote Access VPNs
    3. 10.2 Configuring IPsec Site-to-site VPNs
    4. 10.3 Configuring Traditional Site-to-site VPN Utilizing Cisco Routers
    5. 10.4 Exploring DMVPN
    6. 10.5 Understanding GET VPN
    7. 10.6 Deploying FlexVPN
    8. 10.7 Troubleshooting Site-to-site VPN Implementations
  17. Lesson 11: Remote Access VPN
    1. Learning objectives
    2. 11.1 Introducing Remote Access VPNs
    3. 11.2 Exploring Clientless Remote Access VPNs
    4. 11.3 Surveying Remote Access VPN Implementations Using Cisco AnyConnect Secure Mobility Client
    5. 11.4 Configuring Remote Access VPN in Cisco ASA and in Cisco FTD
    6. 11.5 Troubleshooting Remote Access VPN Implementations
  18. Module 6: Securing the Cloud and Content Security
    1. Module introduction
  19. Lesson 12: Securing the Cloud
    1. Learning objectives
    2. 12.1 Introducing the Different Cloud Deployment and Service Models
    3. 12.2 Surveying Patch Management in the Cloud
    4. 12.3 Performing Security Assessments in Cloud Environments
    5. 12.4 Introducing Agile, DevOps, and CI/CD Pipelines
    6. 12.5 Introducing Serverless Computing
    7. 12.6 Understanding Container Orchestration and an Introduction to Kubernetes
    8. 12.7 Exploring the Concepts of DevSecOps
    9. 12.8 Surveying Cisco Umbrella
    10. 12.9 Exploring Cisco Cloud Email Security
    11. 12.10 Exploring Cisco Cloudlock
  20. Lesson 13: Content Security
    1. Learning objectives
    2. 13.1 Introducing Cisco Content Security Solutions
    3. 13.2 Describing Web Proxy Identity and Authentication Including Transparent User Identification
    4. 13.3 Introduction to Cisco Email Security
    5. 13.4 Exploring the Cisco ESA Deployment Model
    6. 13.5 Understanding Email Security Features
    7. 13.6 Discussing Email Security in the Cloud
    8. 13.7 Introduction to Secure Internet Gateway (SIG)
    9. 13.8 Describing the Components, Capabilities, and Benefits of Cisco Umbrella
    10. 13.9 Exploring Cisco Umbrella Investigate
  21. Module 7: Endpoint Security and Cisco Threat Response
    1. Module introduction
  22. Lesson 14: Endpoint Protection and Detection
    1. Learning objectives
    2. 14.1 Introducing AMP for Endpoints
    3. 14.2 Describing AMP for Endpoints Outbreak Control
    4. 14.3 Comparing Endpoint Threat Detection and Response (ETDR) and Endpoint Detection and Response (EDR) Solutions
    5. 14.4 Understanding AMP IP Blacklists and Whitelists
    6. 14.5 Exploring Application Control in AMP for Endpoints
    7. 14.6 Describing AMP for Endpoints Exclusion Sets
    8. 14.7 Introduction to AMP for Endpoints Policies
    9. 14.8 Describing the Anyconnect AMP Enabler
    10. 14.9 Exploring AMP for Endpoints Engines
    11. 14.10 How to Utilize AMP for Endpoints Reporting Features
    12. 14.11 Introducing the Cisco Threat Response Solution
  23. Summary
    1. CCNP and CCIE Security Core SCOR 350-701: Summary

Product information

  • Title: CCNP and CCIE Security Core SCOR 350-701
  • Author(s): Omar Santos / Ron Taylor
  • Release date: June 2020
  • Publisher(s): Pearson
  • ISBN: 0136583415