Written Exam Blueprint v1.0

The Security written exam (350-018) has 100 multiple-choice questions and is two hours in duration. The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please note, however, that other relevant or related topic areas may also appear.


  1. Security Protocols
    1. Remote Authentication Dial In User Service (RADIUS)
    2. Terminal Access Controller Access Control System Plus (TACACS+)
    3. AES
    4. EAP peap tkip tls
    5. Data Encryption Standard (DES)
    6. Triple DES (3DES)
    7. IP Secure (IPSec)
    8. Internet Key Exchange (IKE)
    9. Certificate Enrollment Protocol (CEP)
    10. Point to Point Tunneling Protocol (PPTP)
    11. Layer 2 Tunneling Protocol (L2TP)

  2. Application Protocols
    1. Domain Name System (DNS)
    2. Trivial File Transfer Protocol (TFTP)
    3. File Transfer Protocol (FTP)
    4. Hypertext Transfer Protocol (HTTP)
    5. Secure Socket Layer (SSL)
    6. Simple Mail Transfer Protocol (SMTP)
    7. Network Time Protocol (NTP)
    8. IOS SSH
    9. Lightweight Directory Access Protocol (LDAP)
    10. Active Directory
    11. RDEP Remote Data Exchange Protocol

  3. General Networking
    1. Networking Basics
    2. TCP/IP
    3. Switching and Bridging (including: VLANs, Spanning Tree, etc.)
    4. Routed Protocols
    5. Routing Protocols (including: RIP, EIGRP, OSPF, BGP)
    6. Point to Point Protocol (PPP)
    7. IP Multicast
    8. Integrated Services Digital Network (ISDN)
    9. Async
    10. Access Devices (for example: Cisco AS 5300 series)
    11. Telephony best practices
    12. Wireless best practices

  4. Security Technologies
    1. Concepts - Security Policy Best Practices
    2. Packet Filtering
    3. PIX and IOS authentication proxies
    4. Port Address Translation (PAT)
    5. Network Address Translation (NAT)
    6. Firewalls
    7. Content Filters
    8. Public Key Infrastructure (PKI)
    9. Authentication Technologies
    10. Authorization technologies
    11. Virtual Private Networks (VPN)
    12. Network IDS anomaly, signature, passive, inline
    13. Host Intrusion Prevention
    14. Cisco Threat Response

  5. Cisco Security Applications
    1. Cisco Secure NT
    2. Cisco Secure PIX Firewall
    3. VMS
    4. Cisco Secure Intrusion Detection System (formerly NetRanger)
    5. IOS® Firewall Feature Set
    6. VPN 3000
    7. Client side VPN
    8. CAT Service Modules
    9. IOS IDS (in line)
    10. Cisco Secure ACS
    11. Security Information Monitoring System (event correlation, basic forensics)

  6. Security General
    1. Policies - Security Policy Best Practices
    2. Standards Bodies - IETF
    3. Vulnerability discussions
    4. Attacks and Common Exploits - recon, priv escalation, penetration, cleanup, backdoor

  7. Cisco General
    1. IOS Specifics
    2. Routing and switching security features: IE mac address controls, port security, dhcp snoop
    3. Security Policy best practices

Preparation Materials

  • The materials listed below can be helpful in preparing for exams. The list is only suggested, however, and other books or resources may also cover the same topics.