Cisco Certified Specialist Security Core Quick Facts (2025)

Exam Domain Breakdown

Domain 1: Security Concepts (25% of the exam)

Security Concepts

• Explain common threats against on-premises, hybrid, and cloud environments — On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, cross-site scripting, malware
• Explain common threats against on-premises, hybrid, and cloud environments — Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
• Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, OWASP top ten, missing encryption ciphers, buffer overflow, path traversal, cross-site scripting/forgery
• Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, preshared key, and certificate-based authorization
• Compare site-to-site and remote access VPN deployment types and components such as virtual tunnel interfaces, standards-based IPsec, DMVPN, FlexVPN, and Cisco Secure Client including high availability considerations
• Describe security intelligence authoring, sharing, and consumption
• Describe the controls used to protect against phishing and social engineering attacks
• Explain North Bound and South Bound APIs in the SDN architecture
• Explain Cisco DNA Center APIs for network provisioning, optimization, monitoring, and troubleshooting
• Interpret basic Python scripts used to call Cisco Security appliances APIs

Security Concepts summary:
This section builds a solid foundation in understanding threats, vulnerabilities, cryptography, and secure connectivity. You will explore how to identify attack vectors across on-premises, hybrid, and cloud systems, and see how security intelligence and automation connect the dots for faster, smarter defense. Understanding cryptography components such as PKI and SSL provides the base for encryption and authentication strategies crucial to every secure network.

Additionally, the section emphasizes Cisco’s integrated approach through APIs and automation. You will learn how programmable interfaces in Cisco DNA Center and Python scripting simplify provisioning, enhance monitoring, and extend automation for greater security agility. The knowledge gained here ensures you can balance strong theoretical understanding with practical control using Cisco’s modern tools and secure architecture principles.

Domain 2: Network Security (20% of the exam)

Network Security

• Compare network security solutions that provide intrusion prevention and firewall capabilities
• Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
• Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
• Configure and verify network infrastructure security methods — Layer 2 methods (network segmentation using VLANs; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks)
• Configure and verify network infrastructure security methods — Device hardening of network infrastructure security devices (control plane, data plane, and management plane)
• Implement segmentation, access control policies, AVC, URL filtering, malware protection, and intrusion policies
• Implement management options for network security solutions (single vs. multidevice manager, in-band vs. out-of-band, cloud vs. on-premises)
• Configure AAA for device and network access such as TACACS+ and RADIUS
• Configure secure network management of perimeter security and infrastructure devices such as SNMPv3, NetConf, RestConf, APIs, secure syslog, and NTP with authentication
• Configure and verify site-to-site and remote access VPN — Site-to-site VPN using Cisco routers and IOS
• Configure and verify site-to-site and remote access VPN — Remote access VPN using Cisco AnyConnect Secure Mobility client
• Configure and verify site-to-site and remote access VPN — Debug commands to view IPsec tunnel establishment and troubleshooting

Network Security summary:
This section dives into the applied components of network protection, covering firewalls, intrusion prevention, and traffic security at every layer. You’ll explore how architectures leverage NetFlow analytics to maintain visibility and how Cisco solutions ensure segmentation and access are properly enforced. By mastering device hardening and Layer 2 protections, you enhance your ability to defend against network-level threats and unauthorized activity with confidence.

The second part focuses on secure connectivity and management. You will configure and validate VPN solutions, AAA services, and secure communication protocols that safeguard infrastructure and endpoints. Through practical tasks, you develop the skills to maintain reliable, efficient, and secure network operations in multi-layered environments powered by Cisco’s technologies.

Domain 3: Securing the Cloud (15% of the exam)

Securing the Cloud

• Identify security solutions for cloud environments — Public, private, hybrid, and community clouds
• Identify security solutions for cloud environments — Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
• Compare security responsibility for the different cloud service models — Patch management in the cloud
• Compare security responsibility for the different cloud service models — Security assessment in the cloud
• Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and secure software development)
• Implement application and data security in cloud environments
• Identify security capabilities, deployment models, and policy management to secure the cloud
• Configure cloud logging and monitoring methodologies
• Describe application and workload security concepts

Securing the Cloud summary:
This section highlights how to extend security architectures across cloud models and service types. You’ll review the responsibilities within SaaS, PaaS, and IaaS offerings and learn to apply appropriate security practices for each. Mastering visibility, patching, and configuration consistency becomes central as you adapt traditional controls to the shared responsibility of the cloud environment.

A key focus is on DevSecOps and continuous security integration. Through practical examples and conceptual understanding, you’ll see how secure coding, container orchestration, and automated policy enforcement help protect evolving applications. You also gain clarity on monitoring, policy management, and workload protection techniques that bring secure design from the data center into dynamic cloud topologies.

Domain 4: Content Security (15% of the exam)

Content Security

• Implement traffic redirection and capture methods for web proxy
• Describe web proxy identity and authentication including transparent user identification
• Compare the components, capabilities, and benefits of on-premises, hybrid, and cloudbased email and web solutions (Cisco Secure Email Gateway, Cisco Secure Email Cloud Gateway, and Cisco Secure Web Appliance)
• Configure and verify web and email security deployment methods to protect onpremises, hybrid, and remote users
• Configure and verify email security features such as SPAM filtering, antimalware filtering, DLP, blocklisting, and email encryption
• Configure and verify Cisco Umbrella Secure Internet Gateway and web security features such as blocklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
• Describe the components, capabilities, and benefits of Cisco Umbrella
• Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)

Content Security summary:
This section develops mastery over web and email protection mechanisms, teaching how Cisco’s platforms work collectively to secure content across all user environments. You’ll explore deployment designs from on-premises to cloud, applying Cisco Secure Email and Web Appliance features to intercept and disinfect threats before they reach the endpoint.

The domain extends into proactive defense with Cisco Umbrella, emphasizing content filtering, category-based controls, and encrypted traffic analysis. You’ll apply configuration and verification best practices to align access and identity policies, ensuring that every layer of content exchange remains trusted, authenticated, and monitored for potential compromise.

Domain 5: Endpoint Protection and Detection (10% of the exam)

Endpoint Protection and Detection

• Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
• Configure endpoint antimalware protection using Cisco Secure Endpoint
• Configure and verify outbreak control and quarantines to limit infection
• Describe justifications for endpoint-based security
• Describe the value of endpoint device management and asset inventory systems such as MDM
• Describe the uses and importance of a multifactor authentication (MFA) strategy
• Describe endpoint posture assessment solutions to ensure endpoint security
• Explain the importance of an endpoint patching strategy

Endpoint Protection and Detection summary:
This section focuses on securing the last line of defense: the endpoint. You’ll compare EPP and EDR strategies and configure Cisco Secure Endpoint to identify and stop suspicious activity in real time. The section also covers outbreak control and quarantine techniques that contain infections, supporting strong incident containment processes.

Equally important is the emphasis on policy and posture. You will see how mobile device management and MFA solutions strengthen identity assurance and compliance. By integrating patching, posture assessment, and rapid remediation, you can create an environment where each device contributes to the wider security posture of the network.

Domain 6: Secure Network Access, Visibility, and Enforcement (15% of the exam)

Secure Network Access, Visibility, and Enforcement

• Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
• Configure and verify network access control mechanisms such as 802.1X, MAB, WebAuth
• Describe network access with CoA
• Describe the benefits of device compliance and application control
• Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
• Describe the benefits of network telemetry
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco Secure Network Analytics
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco Secure Cloud Analytics
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco pxGrid
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco Umbrella Investigate
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco Cognitive Intelligence
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco Encrypted Traffic Analytics
• Describe the components, capabilities, and benefits of these security products and solutions — Cisco Secure Client Network Visibility Module (NVM)

Secure Network Access, Visibility, and Enforcement summary:
This section ties together identity management, access control, and telemetry into one cohesive view of secure network operations. You’ll configure methods such as 802.1X and MAB to authenticate users and maintain secure access while leveraging policies that adapt based on posture and compliance. The goal is to ensure every user and device entering the network meets established security standards.

Furthermore, the focus on analytics solutions reinforces total visibility. You’ll explore Cisco Secure Network Analytics, pxGrid, and related telemetry platforms to track activity, detect anomalies, and improve network enforcement. Understanding exfiltration patterns and integrating Cisco’s analytics solutions enable you to anticipate risks and act decisively, ensuring that your network not only stays protected but grows more intelligent with each interaction.