Designing and Implementing Secure Cloud Access for Users and Endpoints (SCATZ) – Digital Learning

What you’ll learn
The Designing and Implementing Secure Cloud Access for Users and Endpoints (SCATZ) course provides instruction on crafting and deploying cloud security frameworks, securing users and devices, protecting networks and cloud environments, ensuring the security of cloud applications and data, maintaining visibility and assurance in the cloud, and addressing cloud-related threats.

What to expect in the exam

The 300-740 SCAZT exam, titled “Designing and Implementing Secure Cloud Access for Users and Endpoints,” is a 90-minute assessment linked with the Cisco Certified Specialist – Secure Cloud Access certification. It also fulfills the concentration exam criterion for the CCNP Security certification.

This exam evaluates your proficiency in designing and implementing the following areas:

• • Cloud security architecture
  • Security measures for users and devices
  • Security protocols for networks and cloud environments
  • Strategies for securing applications and data in the cloud
  • Ensuring visibility and assurance within cloud infrastructures
  • Response tactics to counteract cloud-related threats

Prerequisites

Prior to participating in this training, it is assumed that you possess the following knowledge and abilities:

• • • Fundamental comprehension of enterprise routing
    • Basic grasp of wide area network (WAN) networking
    • Basic understanding of Cisco SD-WAN
    • Basic familiarity with public cloud services

You can acquire these skills through the following Cisco Learning Offerings:

• • • Implementing and Administering Cisco Solutions (CCNA)
    • Implementing Cisco SD-WAN Solutions (ENSDWI)
    • Cisco SD-WAN Operation and Deployment (SDWFND)

Who should enroll

• • • Network Engineers
    • Network Security Engineers
    • Network Architects
    • Sales/Presales Engineers

Technology areas

Security

Training overview

This training is designed to equip you with the skills needed to create and implement robust cloud security architecture, ensuring the safety of users, devices, networks, applications, and data. Additionally, it provides knowledge on various protocols, solutions, and designs essential for pursuing professional and expert-level roles in cloud design and implementation.

Objectives

The course aims to achieve the following objectives:

• • • Analyze and compare the security frameworks provided by the National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA), and Defense Information Systems Agency (DISA), emphasizing the importance of standardized frameworks in enhancing organizational security.
    • Explain the Cisco Security Reference Architecture, outlining its five primary components.
    • Outline commonly deployed use cases and recommend essential capabilities within an integrated security architecture to effectively address them.
    • Explain the Cisco Secure Architecture for Everyone (SAFE) framework.
    • Examine the benefits, components, and process of certificate-based authentication for users and devices.
    • Implement Duo multi-factor authentication (MFA) to protect applications, configure applications for Duo MFA for user login authentication, and set up Cisco Duo for multifactor authentication on remote access VPN.
    • Configure endpoint compliance and understand Stateful Switchover (SSO) using security assertion markup language (SAML) or OpenID Connect alongside Cisco Duo.
    • Describe Cisco’s software-defined wide-area network (SD-WAN) on-box and integrated threat prevention and content filtering security services.
    • Explore the features and capabilities of Cisco Umbrella Secure Internet Gateway (SIG), including DNS Security, Cloud-Delivered Firewall (CDFW), intrusion prevention systems (IPS), and its interaction with Cisco SD-WAN.
    • Introduce reverse proxy for protecting internet-facing applications.
    • Discuss the use case of Cisco Umbrella SIG for securing cloud application access, along with its limitations, benefits, and features for controlling access to cloud-delivered applications.
    • Explore Cisco ThousandEyes capabilities for monitoring Cisco SD-WAN deployments.
    • Address challenges in accessing SaaS applications in modern business environments through the Cisco SD-WAN Cloud OnRamp for SaaS solution.
    • Introduce Cisco Secure Firewall platforms, their use cases, and security capabilities.
    • Demonstrate a thorough understanding of web application firewalls.
    • Explain Cisco Secure Workload capabilities, deployment options, agents, connectors, application dependency mapping, and policy discovery.
    • Discuss common cloud attack tactics and mitigation strategies.
    • Address multicloud security requirements and policy capabilities.
    • Introduce security issues associated with public cloud adoption and common capabilities of cloud visibility and assurance tools for mitigating these issues.
    • Discuss Cisco Secure Network Analytics, Cisco Security Analytics and Logging, and Cisco Attack Surface Management.
    • Explain how Application Program Interfaces (APIs) and automation aid in troubleshooting cloud policy, especially regarding misconfigurations.
    • Demonstrate comprehensive knowledge of appropriate responses to cloud threats in specific scenarios.
    • Demonstrate comprehensive knowledge required for using automation in cloud threat detection and response.

    Course Outline

    • Industry Security Frameworks
    • Cisco Security Reference Architecture Fundamentals
    • Cisco Security Reference Architecture Common Use Cases
    • Cisco SAFE Architecture
    • Certificate-Based User and Device Authentication
    • Cisco Duo Multifactor Authentication for Application Protection
    • Cisco Duo with AnyConnect VPN for Remote Access
    • Introducing Cisco ISE Endpoint Compliance Services
    • SSO using SAML or OpenID Connect
    • Deploying On-Premises Threat Prevention
    • Examining Content Filtering
    • Exploring Cisco Umbrella SIG
    • Reverse Proxy
    • Securing Cloud Application with Cisco Umbrella SIG
    • Exploring Cisco SD-WAN ThousandEyes
    • Optimizing SaaS Applications
    • Security Policies for Remote Access VPN
    • Cisco Secure Access
    • Cisco Secure Firewall
    • Web Application Firewall
    • Cisco Secure Workload Deployments, Agents, and Connectors
    • Cisco Secure Workload Structure and Policy
    • Cloud Security Attacks and Mitigations
    • Multicloud Security Policies
    • Cloud Visibility and Assurance
    • Cisco Secure Network Analytics and Cisco Secure Analytics and Logging
    • Cisco XDR
    • Cisco Attack Surface Management
    • Cloud Applications and Data Access Verifications
    • Automation of Cloud Policy
    • Response to Cloud Threats
    • Automation of Cloud Threat Detection and Response

    Lab Outline

    • Explore Cisco SecureX
    • Windows Client BYOD Onboarding Interactive Activity
    • Use Cisco Duo MFA to Protect the Splunk Application
    • Integrate the Cisco Duo Authentication Proxy to Implement MFA for Cisco Security Secure Firewall AnyConnect Remote Access VPN
    • Configure Cisco ISE Compliance Services
    • Configure Threat Prevention
    • Implement Web Security
    • Deploy DIA Security with Unified Security Policy
    • Configure Cisco Umbrella DNS Policies
    • Deploy Cisco Umbrella Secure Internet Gateway
    • Implement CASB Security
    • Microsoft 365 SaaS Testing by Using Cisco ThousandEyes
    • Configure Remote Access VPN on the Cisco Secure Firewall Threat Defense
    • Configure Cisco Secure Firewall Policies
    • Explore Cisco Secure Workload
    • Explore the ATT&CK Matrix Cloud-Based Techniques
    • Explore Cisco Secure Network Analytics
    • Explore Cisco XDR Incident Response Tasks