Where I Am Right Now
I am currently deep in preparation for the Cisco CCNP Security SCOR 350-701 exam — the core exam required for the CCNP Security certification. This page is a live document. I’ll be updating it as I progress through topics, complete labs, and get closer to exam day.
The SCOR exam covers five major domains: network security, cloud security, content security, endpoint protection and detection, and secure network access with visibility and automation. It’s significantly broader than the CCNA — less about how networks work, more about how to defend them.
Why CCNP Security
The CCNA gave me the networking foundation. The CCNP Security is where that knowledge becomes offensive and defensive capability. For the infrastructure and DevOps work I do — hardening servers, securing CI/CD pipelines, managing network perimeters — understanding security at the CCNP level means I stop applying configurations I found on the internet and start designing them from first principles.
It also directly supports the network defense writing I do on this site.
Exam Blueprint
The 350-701 SCOR exam is weighted across these domains:
| Domain | Weight |
|---|---|
| Security Concepts | 25% |
| Network Security | 20% |
| Securing the Cloud | 15% |
| Content Security | 15% |
| Endpoint Protection & Detection | 10% |
| Secure Network Access, Visibility & Enforcement | 15% |
The heaviest domain is Security Concepts — threat landscape, cryptography, PKI, VPN types, and security models. You cannot cram this. It requires real understanding.
Study Resources I’m Using
- Cisco U. / dCloud — Cisco’s official learning platform. The SCOR learning path is thorough and the dCloud labs let you work with real Cisco security products (FTD, ISE, Umbrella) without owning the hardware.
- Yusuf Bhaiji — CCNP Security SCOR Official Cert Guide — The official book. Dense and sometimes dry but authoritative. I use it to verify concepts after watching video content.
- David Bombal & Nick Russo (YouTube) — Practical walkthroughs of Firepower, ISE, and VPN configurations. Seeing the GUI and CLI side by side is helpful.
- Boson ExSim — Same as CCNA prep. I’ll start running practice exams once I’ve covered all domains.
- Cisco Modeling Labs (CML) — For building security topologies locally. Site-to-site IKEv2 VPNs, ZBF policies, and 802.1X configurations need hands-on time.
Topics Covered So Far
✅ Security Concepts
Threat actors and their motivations, attack vectors, vulnerability vs. exploit vs. risk, the CIA triad, and defence-in-depth models. Cryptography fundamentals: symmetric vs. asymmetric, hashing (MD5, SHA), and why MD5 is no longer acceptable for integrity checking. PKI infrastructure, certificate chains, and how TLS 1.3 actually works during a handshake.
✅ Network Security — Firewalls
Stateful vs. stateless inspection, Cisco ASA vs. Firepower Threat Defense (FTD), and the architectural difference between them. FTD managed via FMC (Firepower Management Center) vs. FDM (local manager). Access Control Policies, Security Intelligence feeds, and the basics of Snort 3 IPS rule tuning.
🔄 Network Security — VPNs
Currently working through this. Site-to-site IKEv2/IPsec configuration on FTD, the IKE phase 1 and phase 2 negotiation process, and FlexVPN. Remote access VPN with AnyConnect — split tunneling, always-on VPN, and certificate-based authentication.
! IKEv2 proposal — what I'm currently labbing
crypto ikev2 proposal SCOR-PROPOSAL
encryption aes-cbc-256
integrity sha256
group 14
!
crypto ikev2 policy SCOR-POLICY
proposal SCOR-PROPOSAL⏳ Cisco Secure Access (ISE)
Up next. 802.1X architecture, RADIUS, TACACS+, profiling, posture assessment, and TrustSec with Security Group Tags. ISE is complex enough that I’m allocating significant lab time here.
⏳ Cloud Security
Shared responsibility model, cloud security posture management, and Cisco Umbrella as a DNS-layer security solution. This domain should move faster given my infrastructure background.
⏳ Content Security
Cisco Secure Web Appliance (SWA), Cisco Secure Email Gateway (SEG), anti-spam, anti-malware, and URL filtering policies.
⏳ Endpoint Protection
Cisco Secure Endpoint (formerly AMP), EDR vs. EPP, behavioral analysis, and integration with SecureX.
⏳ Automation & Visibility
Cisco pxGrid, Cisco Stealthwatch (Secure Network Analytics), NetFlow, and using Python with Cisco security APIs. This section should be natural given my existing automation experience.
Lab Notes
One thing that immediately separates CCNP Security from CCNA is the sheer amount of GUI work. Firepower, ISE, and Umbrella are all managed through dashboards — not just the CLI. You need to know both.
My current lab setup:
- CML Personal running on a local VM with FTDv and ISEv instances
- Cisco dCloud for labs that require full licensed Cisco products
- A dedicated VLAN on my home network for testing actual traffic through the FTD
Timeline
I’m targeting the exam for mid-2026. The goal is thorough preparation, not speed — this is a hard exam and I’d rather pass it once than rush and sit it twice.
I’ll update this post as I progress through remaining topics and get into full exam simulation mode.
Status: In Progress — Started May 2026