New CCNP Security v1.1 Release Notes
New CCNP Security v1.1 Release Notes
CCNP Security
Blueprint Revisions
Products and technologies are evolving faster than ever before. To keep up with the fast pace, we are
introducing a new agile process that will allow us to align our exams faster with these changes: minor
revisions. Minor revisions will provide us with the agility and speed that are necessary to adjust our
programs to match industry changes and the evolution of technologies. Minor revisions will allow us to
update track details (exam blueprint, equipment list, and software) more frequently while keeping overall
changes to a minimum (up to 20%). These revisions allow us to ensure our content stays relevant, and
they minimize learning curves between revisions.
• Further scope out the exam blueprint by ensuring exam objectives are clear.
• Introduce new blueprint tasks to ensure exams stay relevant.
• Phase out old(er) products and/or technology solutions that are less relevant today.
• Update equipment and/or software.
Visit www.cisco.com/go/certroadmap to review the holistic roadmap across all Cisco Certifications.
The CCNP Security exam portfolio is going through a minor revision. Although the overall domains within
the exam blueprints have not changed, with this minor revision, we added and removed technology
solutions to ensure exam relevancy.
Refer to www.cisco.com/go/CertRoadmap for the list of exam topics covered in the updated CCNP
Security exams portfolio and for more information about the CCNP Security certification program.
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 1
Cisco Certifications
CCNP Security
CCNP Security – Executive Summary
The new minor revision for CCNP Security allows us to keep the domain closely aligned with today’s
commonly adopted Cisco Security technologies and solutions. To modernize the blueprint, relevant
technologies that enterprise engineers regularly use in the field were added, and outdated topics were
removed.
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 2
Cisco Certifications
CCNP Security
Implementing and Operating Cisco Security Core Technologies v1.1
350-701 SCOR
Compared to v1.0, all domains (Security Concepts, Network Security, Securing the Cloud, Content
Security, Endpoint Protection and Detection, and Secure Network Access, Visibility, and Enforcement)
remain identical. Several tasks were expanded to include hybrid and cloud solutions; NetConf, RestConf,
and APIs were added to network management, and endpoint antimalware was expanded.
1.4 Compare site-to-site and remote access VPN deployment 1.4 Compare site-to-site and remote access VPN deployment
types such as sVTI, IPsec, Cryptomap, DMVPN, FlexVPN, types and components such as virtual tunnel interfaces,
including high availability considerations and AnyConnect standards-based IPsec, DMVPN, FlexVPN, and Cisco
Secure Client including high availability considerations
2.5 Implement segmentation, access control policies, AVC, 2.5 Implement segmentation, access control policies, AVC,
URL filtering, malware protection URL filtering, malware protection, and intrusion policies
2.6 Implement management options for network security 2.6 Implement management options for network security
solutions such as intrusion prevention and perimeter solutions (single vs. multidevice manager, in-band vs.
security (Single vs. multidevice manager, in-band vs. out- out-of-band, cloud vs. on-premises)
of-band, CDP, DNS, SCP, SFTP, and DHCP security and
risks)
2.8 Configure secure network management of perimeter 2.8 Configure secure network management of perimeter
security and infrastructure devices (secure device security and infrastructure devices such as SNMPv3,
management, SNMPv3, views, groups, users, NetConf, RestConf, APIs, secure syslog, and NTP with
authentication, and encryption, secure logging, and NTP authentication
with authentication)
5.2 Explain anti-malware retrospective security, Indication of 5.2 Configure endpoint antimalware protection using Cisco
Compromise (IOC), antivirus, dynamic file analysis, and Secure Endpoint
endpoint-sourced telemetry
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 3
Cisco Certifications
CCNP Security
Securing Networks with Cisco Firewalls v1.1
300-710 SNCF
Compared to v1.0, all domains (Deployment, Configuration, Management and Troubleshooting, and
Integration) remain identical. The exam name was modified to reflect Cisco’s renaming of Cisco
Firepower to Cisco Secure Firewall. Cisco Security Analytics and Logging, Snort within Secure Firewall
Threat Defense, on premises and cloud deployments of virtual appliances, and new device management
tools were added.
1.4 Describe IRB configurations 1.4 Describe virtual appliance on-premises and cloud
deployment
2.3 Configure these features using Firepower Management 2.3 Configure these features using Secure Firewall
Center Management Center
2.3.a Network discovery 2.3.a Network discovery
2.3.b Application detectors (Open AppID) 2.3.b Application detectors
2.3.c Correlation 2.3.c Correlation
2.3.d Actions 2.3.d Encrypted visibility engine
4.4 Describe using Cisco Threat Response for security 4.4 Describe using SecureX for security investigations
investigations
4.7 Describe Cisco Security Analytics and Logging
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 4
Cisco Certifications
CCNP Security
Implementing and Configuring Cisco Identity Services Engine v1.1
300-715 SISE
Compared to v1.0, all domains (Architecture and Deployment, Policy Enforcement, Web Auth and Guest
Services, Profiler, BYOD, Endpoint Compliance, and Network Access Device Administration) remain
identical. The technologies added to the blueprint are zero-touch provisioning, SAML IDP, Rest ID, and
IBNS.
2.2 Describe identity store options 2.2 Describe identity store options
2.2.a LDAP 2.2.a LDAP
2.2.b AD 2.2.b AD
2.2.c PKI 2.2.c PKI
2.2.d OTP 2.2.d Multifactor authentication
2.2.e Smart Card 2.2.e Local
2.2.f Local 2.2.f SAML IDP
2.2.g Rest ID
2.3 Configure wired/wireless 802.1X network access 2.3 Configure wireless network access using 802.1X
2.4 Configure 802.1X phasing deployment 2.4 Configure wired network access using 802.1X and IBNS
2.0
2.5 Configure network access devices
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 5
Cisco Certifications
CCNP Security
Securing Email with Cisco Secure Email Gateway v1.1
300-720 SESA
Compared to v1.0, all domains (Administration, Spam Control with Talos SenderBase and Antispam,
Content and Message Filters, LDAP and SMTP Sessions, Email Authentication and Encryption, and System
Quarantines and Delivery Methods) remain identical. The exam name was modified to reflect Cisco’s
renaming of Cisco Email Security Appliance to Cisco Secure Email Gateway. Virtual machines, certificate
authorities, and logging were added to the blueprint, along with configuring Secure Email Gateway and
Secure Email Threat Defense.
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 6
Cisco Certifications
CCNP Security
Securing the Web with Cisco Secure Web Appliance v1.1
300-725 SWSA
Compared to v1.0, all domains (Features, Configuration, Proxy Services, Authentication, Decryption
Policies to Control HTTPS Traffic, Differentiated Traffic Access Policies and Identification Profiles,
Acceptable Use Control, Malware Defense, and Reporting and Tracking Web Transactions) remain
identical. The exam name was modified to reflect Cisco’s renaming of Cisco Web Security Appliance to
Cisco Secure Web Appliance. High availability, transparent proxy, the System Health Dashboard, and REST
API support were added to the blueprint and the dynamic content analysis engine was removed.
3.2 Describe tune caching behavior for safety or 3.2 Describe these features:
performance 3.2.a Tune caching
3.2.b IP spoofing
3.2.c Web proxy ports
3.2.d Range requests
4.2 Configure traffic redirection to Cisco Web Security 4.2 Configure traffic redirection to Cisco Secure Web
Appliance using explicit forward proxy mode Appliance using transparent proxy with WCCP, PBR, or an
L4 switch
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 7
Cisco Certifications
CCNP Security
Implementing Secure Solutions with Virtual Private Networks v1.1
300-730 SVPN
Compared to v1.0, all domains (Site-to-Site Private Networks on Routers and Firewalls, Remote Access
VPNs, Troubleshooting Using ASDM and CLI, and Secure Communications Architectures) remain identical.
Implementing DMVPN and FlexVPN were expanded to include all aspects of those technologies.
1.3 Implement FlexVPN (hub-and-spoke on both IPv4 & IPv6) 1.3 Describes uses of FlexVPN
using local AAA
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 8
Cisco Certifications
CCNP Security
Automating and Programming Cisco Security Solutions v1.1
300-735 SAUTO
Compared to v1.0, all domains (Network Programmability Foundation; Network Security; Advanced
Threat & Endpoint Security; and Cloud, Web, and Email Security) remain identical. To modernize the
blueprint, changes were made to reflect an increased presence of Terraform in security automation.
Puppet was replaced with Terraform and the Cisco XDR solution has been added.
3.1 Describe the capabilities and components of these APIs 3.1 Describe the capabilities and components of these APIs
3.1.a Umbrella Investigate APIs 3.1.a Cisco Cloud Security APIs (such as Umbrella
3.1.b AMP for endpoints APIs APIs, Investigate APIs)
3.1.c ThreatGRID API 3.1.b Cisco Secure Endpoint (formerly AMP for
Endpoints) API
3.1.c Cisco Secure Malware Analytics (formerly
ThreatGRID) API
3.1.d Cisco XDR solution APIs (such as SecureX API
and Threat Response API)
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 9
Cisco Certifications
CCNP Security
Designing and Implementing Secure Cloud Access for Users and Endpoints v1.0
300-740 SCAZT
Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 10