Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT)

In this Designing and Implementing Secure Cloud Access for Users and Endpoints course delivers a comprehensive, end-to-end view of modern enterprise and cloud security architecture using Cisco’s security portfolio and industry-aligned frameworks. The curriculum begins with industry security frameworks and Cisco Security Reference Architectures, including Cisco SAFE, to establish a structured, repeatable approach to designing security across users, devices, networks, applications, and cloud environments. Learners gain a clear understanding of common enterprise and cloud security use cases and how architectural decisions map to real-world operational and risk requirements.

The course then focuses on identity-first and access-based security, covering certificate-based authentication, single sign-on using SAML and OpenID Connect, Cisco Duo multifactor authentication, Cisco ISE endpoint compliance, and secure remote access with AnyConnect. Students learn how identity, posture, and context are enforced consistently across VPNs, applications, and cloud services. Web, DNS, and SaaS security topics are explored in depth through Cisco Umbrella Secure Internet Gateway, content filtering, reverse proxy architectures, and SaaS optimization and monitoring using Cisco ThousandEyes.

Advanced modules address on-premises and cloud threat prevention, including Cisco Secure Firewall, web application firewalls, Cisco Secure Workload for workload segmentation and policy enforcement, and multicloud security policies. Learners gain visibility into cloud threats, attack surface management, cloud assurance, and analytics using Cisco Secure Network Analytics, logging, and Cisco XDR. The course concludes with automation and response, demonstrating how cloud policies, threat detection, and incident response can be automated to reduce risk and response time. A robust lab program reinforces all concepts through hands-on configuration, integration, monitoring, and incident response exercises, preparing learners to design, deploy, and operate secure, zero-trust, cloud-enabled enterprise environments.

This training prepares you for the 300-740 SCAZT v1.0 exam. If passed, you earn the Cisco Certified Specialist – Security Secure Cloud Access certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Security certification. This training also earns you 40 Continuing Education (CE) credits toward recertification. 

How You'll Benefit

This training will help you: 

• Attain skills for designing and implementing cloud security architecture, user and device security, network and cloud security, cloud application and data security, cloud visibility and assurance, and responding to cloud threats
• Gain knowledge for protocols, solutions, and designs to acquire professional-level and expert-level cloud design and implementation roles
• Prepare for the 300-740 SCAZT v1.0 exam
• Earn 40 CE credits toward recertification

• Compare and contrast the National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA), and Defense Information Systems Agency (DISA) security frameworks, and understand the importance of adopting standardized frameworks for cybersecurity in enhancing an organization's security posture
• Describe the Cisco Security Reference Architecture and its five main components
• Describe commonly deployed use cases and recommend the necessary capabilities within an integrated security architecture to address them effectively
• Describe the Cisco Secure Architecture for Everyone (SAFE) architecture
• Review the benefits, components, and process of certificate-based authentication for both users and devices
• Enable Duo multi-factor authentication (MFA) to protect an application from the Duo Administration Portal, and then configure the application to use Duo MFA for user login authentication
• Install Cisco Duo and implement its multifactor authentication on remote access virtual private network (VPN)
• Configure endpoint compliance
• Review and demonstrate the ability to understand Stateful Switchover (SSO) using security assertion markup language (SAML) or OpenID Connect together with Cisco Duo
• Describe Cisco software-defined wide-area network (SD-WAN) on-box and integrated threat prevention security services
• Describe SD-WAN on-box and integrated content filtering security services
• Describe the features and capabilities of Cisco Umbrella Secure Internet Gateway (SIG), such as DNS Security, Cloud-Delivered Firewall (CDFW), intrusion prevention systems (IPS), and interaction with Cisco SD-WAN
• Introduce the reverse proxy for internet-facing applications protections
• Explore the Cisco Umbrella SIG use case to secure cloud application access, the limitations and benefits of the solution, and the features available to discover and control access to cloud delivered applications
• Explore the Cisco ThousandEyes capabilities for monitoring the Cisco SD-WAN deployment
• Describe the challenges of accessing SaaS applications in modern business environments and explore the Cisco SD-WAN Cloud OnRamp for SaaS solution with direct or centralized internet access
• Introduce the Cisco Secure Firewall platforms, use cases, and security capabilities
• Demonstrate a comprehesive understanding of web application firewalls
• Demonstrate a comprehensive understanding of Cisco Secure Workload capabilities, deployment options, agents, and connectors
• Demonstrate a comprehensive understanding of Cisco Secure Workload application dependency mapping and policy discovery
• Demonstrate a comprehensive understanding of common cloud attack tactics and mitigation strategies
• Demonstrate a comprehensive understanding of multicloud security requirements and policy capabilities
• Introduce the security issues with the adoption of public clouds and common capabilities of cloud visibility and assurance tools to mitigate these issues
• Introduce Cisco Secure Network Analytics and Cisco Security Analytics and Logging
• Describe Cisco Attack Surface Management
• Describe how Application Program Interfaces (APIs) and automation can help in troubleshooting cloud policy, especially in the context of misconfigurations
• Demonstrate a comprehensive knowledge of the appropriate responses to cloud threats in specific scenarios
• Demonstrate the comprehensive knowledge required to use automation for cloud threat detection and response

What to Expect in the Exam

300-740 SCAZT v1.0: Designing and Implementing Secure Cloud Access for Users and Endpoints is a 90-minute exam associated with the Cisco Certified Specialist – Secure Cloud Access certification and satisfies the concentration exam requirement for the CCNP Security certification. 

The exam tests your knowledge of designing and implementing: 

• Cloud security architecture
• User and device security
• Network and cloud security
• Application and data security
• Visibility and assurance
• Threat response

Who Should Enroll

• Network Engineers
• Network Security Engineers
• Network Architects
• Sales/Presales Engineers

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: 

• Good understanding of enterprise routing and switching
• Good understanding of WAN networking
• Good understanding of Cisco SD-WAN
• Good understanding of Public Cloud services
• Good understanding of VPN technologies
• Good understanding of Cisco security solutions

These skills can be found in the following Cisco Learning Offerings:     

• Implementing and Administering Cisco Solutions (CCNA)
• Cisco SD-WAN Operation and Deployment (SDWFND)
• Implementing and Operating Cisco Security Core Technologies (SCOR)

Course Outline

Module 1: Certificate-Based User and Device Authentication 

Module 2: Cisco Duo Multifactor Authentication for Application Protection 

Module 3: Cisco Duo with AnyConnect VPN for Remote Access 

Module 4:  Cisco ISE Endpoint Compliance Services 

Module 5: SSO using SAML or OpenID Connect 

Module 6: Reverse Proxy 

Module 7: Cisco SD-WAN Security Content Filtering 

Module 8: Cisco SD-WAN to Cisco Umbrella SIG Integration 

Module 9: Cisco Umbrella Cloud Access Security Broker 

Module 10: Security Policies for Remote Access VPN 

Module 11: Cisco Secure Access 

Module 12: Cisco Secure Firewall 

Module 13: Web Application Firewall 

Module 14: Cisco Secure Workload Deployments, Agents, and Connectors 

Module 15: Cisco Secure Workload Structure and Policy 

Module 16: Multicloud Security Policies 

Module 17: Cloud Security Attacks and Mitigations 

Module 18: Cloud Visibility and Assurance 

Module 19: Cisco Secure Network Analytics and Cisco Secure Analytics and Logging 

Module 20: Cisco XDR 

Module 21: Cisco Attack Surface Management 

Module 22: Cloud Applications and Data Access Verifications 

Module 23: Industry Security Frameworks 

Module 24: Cisco Security Reference Architecture Fundamentals 

Module 25: Cisco Security Reference Architecture Common Use Cases 

Module 26: Cisco SAFE Architecture 

Module 27: Cisco SD-WAN with ThousandEyes 

Module 28: Automation of Cloud Policy 

Module 29: Response to Cloud Threats 

Module 30: Automation of Cloud Threat Detection and Response 

LAB OUTLINE

• Windows Client BYOD Onboarding Interactive Activity
• Use Cisco Duo MFA to Protect the Splunk Application
• Implement Cisco Duo Authentication Proxy MFA for Cisco Remote Access
• Compliance-Based Access
• Implement Web Security
• Deploy DIA Security with Unified Security Policy
• Configure Cisco Umbrella DNS Policies
• Deploy Cisco Umbrella Secure Internet Gateway
• Implement CASB Security
• Configure Remote Access VPN on the Cisco Secure Firewall Threat Defense
• Configure Cisco Secure Firewall Policies
• Explore Cisco Secure Workload
• Explore the ATTACK Matrix Cloud-Based Techniques
• Explore Cisco Secure Network Analytics
• Explore Cisco XDR Incident Response Tasks