Security Architecture for Systems Engineer (500-651)

Exam Description: The Security Architecture for Systems Engineer (SASE) exam (500-651) is a 90-
minute assessment with 55–65 questions. This exam tests the Systems Engineer for the required
knowledge of the basic Cisco Security portfolio for a registered partner organization to acquire the
Express Security specialization in the required SE role.

The following topics are general guidelines for the content likely to be included on the exam. However,
other related topics may also appear on any specific delivery of the exam. In order to better reflect the
contents of the exam and for clarity purposes, the guidelines below may change at any time without
notice.

15% 1.0 Cisco Security and Threat Landscape

1.1 Identify the key drivers of the security threat landscape
1.2 Identify the problem caused by solution fragmentation
1.3 Regular expressions in a Cisco Expressway environment
1.4 Components of Cisco Expressway security
1.4.a Identify the seven attack vectors of the threat-centric defense
1.4.b Identify the attack vectors protected by DNS Layer Security
1.4.c Identify the attack vectors protected by NGFW
1.4.d Identify the attack vectors protected by NGIPS
1.4.e Identify the attack vectors protected by Web Security
1.4.f Identify the attack vectors protected by Email Security
1.4.g Identify the attack vectors protected by Identity and Access Control
1.4.h Identify the attack vectors protected by Remote Access VPN
1.4.i Identify the attack vectors protected by Cyber Threat Defense and Network
Analytics
1.4.j Identify the attack vectors protected by Cloud App security
1.4.k Identify the attack vectors protected by Malware Protection
1.4.l Identify the value Talos provides customers

1.5 Identify how Cisco solutions provide customers “visibility and control”

1.6 Identify how Cisco solutions provide customers “enabled business”

1.7 Identify the five main areas of the Cisco Security solutions portfolio

1.8 Identify the key takeaways of the Cisco Security and Threat Landscape module

2017 Cisco Systems, Inc. This document is Cisco Public. Page 1

15% 2.0 Web and Email Security
2.1 Identify the of the main challenges of securing web and email
2.2 Identify how Cisco drives customer business outcomes for Web and Email Security
2.3 Identify the main solutions for Web and Email Security
2.4 Identify the main elements of Web Security
2.4.a Identify the main elements of URL Filtering and Dynamic Content Analysis
2.4.b Identify the main elements of Reputation Filtering
2.4.c Identify the main elements of Application Visibility and Control
2.4.d Identify the main elements of Malware Scanning
2.4.e Identify the main elements of Layer 4 Monitoring
2.4.f Identify the main elements of Data Loss Prevention
2.4.g Identify the main elements of Real-time Sandboxing
2.4.h Identify the main elements of Advanced Malware Protection
2.4.i Identify deployment considerations for Web Security

2.5 Identify the main elements of DNS-Layer Security

2.5.a Identify the main elements of Umbrella
2.5.b Identify the main elements of Investigate

2.6 Identify the main elements of Email Security

2.6.a Identify the main elements of Antispam Defense
2.6.b Identify the main elements of Outbreak Filters
2.6.c Identify the main elements of Antivirus Defense
2.6.d Identify the main elements of Advanced Malware Protection for Email Security
2.6.e Identify the main elements of Data Loss Prevention
2.6.f Identify the main elements of Encryption
2.6.g Identify deployment considerations for Email Security

2.7 Identify the key takeaways of the Web and Email Security module

15% 3.0 Cloud Security

3.1 Identify the main challenges of securing cloud environments
3.2 Identify how Cisco drives customer business outcomes for Cloud Security
3.3 Identify the main solutions for Cloud Security
3.4 Identify the main elements of Cloud App Security
3.4.a Identify the main elements of User and Entity Behavior Analytics
3.4.b Identify the main elements of Cloud Data Loss Prevention
3.4.c Identify the main elements of Apps Firewall
3.4.d Identify the main elements of Cloudlock Enablement and Implementation
3.4.e Identify the main elements of Umbrella
3.4.f Identify the main elements of Investigate

3.5 Identify the main elements of Cloud-Delivered Security

3.5.a Identify the main elements of AMP for Endpoints
3.5.b Identify the main elements of Defense Orchestrator
3.4.c Identify the main elements of Meraki

2017 Cisco Systems, Inc. This document is Cisco Public. Page 2

 3.6 Identify the key takeaways of the Cloud Security module

15% 4.0 NGFW and NGIPS

4.1 Identify the main challenges of securing networks
4.2 Identify how Cisco drives customer business outcomes for network security
4.3 Identify the main solutions for NGFW and NGIPS
4.3.a Identify how Cisco helps customers gain more insight
4.3.b Identify how Cisco helps customers detect earlier, act faster
4.3.c Identify how Cisco helps customers reduce complexity
4.3.d Identify how Cisco helps customers get more out of their network

4.4 Identify features of Cisco Firepower NGFW

4.4.a Identify the main elements of Stateful Firewalling
4.4.b Identify the main elements of Application Visibility and Control
4.4.c Identify the main elements of Advanced Malware Protection
4.4.d Identify the main elements of URL Filtering
4.4.e Identify the main elements of Identity based Policy Control
4.4.f Identify the main elements of Intrusion Prevention
4.4.g Identify the main elements of DDoS attack prevention

4.5 Identify the main elements of Firepower Threat Defense

4.6 Identify the main elements of ASAv and NGFWv

4.7 Identify the deployment options for NGFW and ISR

4.8 Identify the main elements of NGIPS

4.8.a Identify the deployment options for Firepower NGIPS

4.9 Identify Cisco management solutions

4.9.a Identify the main elements of Firepower Device Manager
4.9.b Identify the main elements of Firepower Management Center
4.9.c Identify the main elements of Cisco Defense Orchestrator

4.10 Identify the main use cases for NGFW and NGIPS
4.10.a Identify the value NGFW and NGIPS security provides: Campus NGFW
4.10.b Identify the value NGFW and NGIPS security provides: Internet Edge
4.10.c Identify the value NGFW and NGIPS security provides: Cloud Data Center Edge
4.10.d Identify the value NGFW and NGIPS security provides: Local Data Center Edge
4.10.e Identify the value NGFW and NGIPS security provides: Acceptable Use
4.10.f Identify the value NGFW and NGIPS security provides: Comprehensive Security
4.10.g Identify the value NGFW and NGIPS security provides: Complex Remote Access
4.10.h Identify the value NGFW and NGIPS security provides: Advanced threat
protection

4.11 Identify the key takeaways of the NGFW and NGIPS security module

2017 Cisco Systems, Inc. This document is Cisco Public. Page 3

15% 5.0 Policy and Access
5.1 Identify the need for Policy and Access security
5.2 Identify how Cisco drives customer business outcomes for Policy and Access security
5.3 Identify the main solutions for Policy and Access
5.4 Identify the main elements of AnyConnect
5.4.a Identify the main elements of Trusted Network Detection
5.4.b Identify the main elements of Secure Layer 2 Network Access
5.4.c Identify the main elements of Network Visibility Module
5.4.d Identify the main elements of Differentiated Mobile Access
5.4.e Identify the main elements of Flexible AAA Options
5.4.f Identify the main elements of Web Security
5.4.g Identify the main elements of AMP
5.4.h Identify the main elements of Integrated Posture Assessment
5.4.i Identify the main elements of Umbrella Integration
5.4.j Identify deployment considerations for AnyConnect

5.5 Identify the main elements of ISE

5.5.a Identify the main elements of Centralized Policy Management
5.5.b Identify the main elements of Context-aware Access
5.5.c Identify the main elements of Guest Access Management
5.5.d Identify the main elements of Device Profiling
5.5.e Identify the main elements of Device Administration
5.5.f Identify the main elements of Platform Exchange Grid
5.5.g Identify the main elements of Rapid Threat Containment

5.6 Identify the main elements of TrustSec

5.6.a Identify the main elements of Dynamic Role-based Access
5.6.b Identify the main elements of Traffic Tagging
5.6.c Identify the main elements of Role and Device Segmentation
5.6.d Identify deployment considerations for ISE and TrustSec

5.7 Identify how TrustSec support User to Datacenter Access Control

5.7.a Identify how TrustSec support Data Center Segmentation
5.7.b Identify how TrustSec support Campus and Branch Segmentation

5.8 Identify the key takeaways of the Policy and Access security module

15% 6.0 Advanced Threat

6.1 Identify the need for Advanced Threat security
6.2 Identify the main solutions for Advanced Threat
6.3 Identify how Cisco drives customer business outcomes for Advanced Threat security
6.4 Identify the main elements of Advanced Malware Protection
6.4.a Identify the main elements of Global Threat Intelligence
6.4.b Identify the main elements of File Reputation
6.4.c Identify the main elements of Behavioral Indications of Compromise
6.4.d Identify the main elements of File Retrospection
6.4.e Identify the main elements of File Trajectory
6.4.f Identify the main elements of Device Trajectory

2017 Cisco Systems, Inc. This document is Cisco Public. Page 4

 6.4.g Identify the main elements of Dynamic Malware Analysis

6.5 Identify the main elements of ThreatGrid

6.5.a Identify deployment considerations for Advanced Malware Protection and
ThreatGrid

6.6 Identify the main elements of Cognitive Threat Analytics

6.6.a Identify the main elements of Cisco Cognitive Threat Analytics Anomaly
Detection
6.6.b Identify deployment considerations for Cognitive Threat Analytics

6.7 Identify the main elements of Stealthwatch

6.7.a Identify the main elements of NetFlow Monitoring
6.7.b Identify the main elements of Threat-based Anomaly Detection
6.7.c Identify deployment considerations for Stealthwatch

6.8 Identify the key takeaways of the Advanced Threat security module

10% 7.0 Threat-Centric Solutions

7.1 Identify the three key business outcomes customers are driving to achieve
7.2 Identify the five main areas of the Cisco Security Solutions Portfolio
7.3 Identify the seven key security challenges customers need to overcome
7.4 Identify the key solutions and features of the email threat-centric solution
7.4.a Identify the key products and benefits of the email threat-centric solution

7.5 Identify the key solutions and features of the web threat-centric solution
7.5.a Identify the key products and benefits of the web threat-centric solution

7.6 Identify the key solutions and features of the cloud apps threat-centric solution
7.6.a Identify the key products and benefits of the cloud apps threat-centric
solution

7.7 Identify the key solutions and features of the endpoints threat-centric solution
7.7.a Identify the key products and benefits of the endpoints threat-centric
solution

7.8 Identify the key solutions and features of the mobile threat-centric solution
7.8.a Identify the key products and benefits of the mobile threat-centric solution

7.9 Identify the key solutions and features of the campus and branch threat-centric
solution
7.9.a Identify the key products and benefits of the campus and branch threat-
centric solution

7.10 Identify the key solutions and features of the data center threat-centric solution

2017 Cisco Systems, Inc. This document is Cisco Public. Page 5

 7.10.a Identify the key products and benefits of the data center threat-centric
solution

7.11 Identify the three key takeaways of the Threat-Centric Solutions module

2017 Cisco Systems, Inc. This document is Cisco Public. Page 6