If you are studying for CCNP Security, the ground is about to shift under you. Cisco has confirmed the biggest CCNP Security update in years, and the CCNP Security 2026 changes land on a single hard date: 27 August 2026. On that day the 350-701 SCOR core exam moves from v1.1 to v2.0, and three popular concentration exams retire for good.
That leaves you with a real decision. Do you rush to finish on the version you already know, or do you wait and study the refreshed objectives that better reflect where security work is actually heading? This guide breaks down every confirmed change, lays out the timeline, and gives you a clear rule for deciding whether to test now or wait.
Cisco announced these updates on 9 February 2026 (source: Cisco Learning Network). The refreshed program leans hard into AI security, Zero Trust, and cloud-native defence. If your study plan was built around the old VPN-heavy syllabus, you need to read on.
The Key Dates You Cannot Miss
Everything about this update hangs on one cut-off. Cisco is running a clean switchover rather than a phased rollout, so the dates are simple but unforgiving.
- 26 August 2026: Last day to test on 350-701 SCOR v1.1 and the three retiring concentration exams.
- 27 August 2026: First day to test on 350-701 SCOR v2.0 and the updated concentration exams. The three legacy electives retire the same day.
Exam Tip: There is no overlap window. If you book the 350-701 SCOR exam for 26 August 2026 you sit v1.1, and if you book it for 27 August 2026 you sit v2.0. Plan your booking around the version you have actually prepared for, not just the soonest available slot.
This matters most if you are mid-certification. CCNP Security requires you to pass two exams: the SCOR 350-701 core exam plus one concentration exam of your choice. If you have already passed one half on the current track, you want to finish the second half cleanly before the syllabus moves.
How CCNP Security Is Structured (And Why That Matters Here)
Before the changes make sense, you need the structure clear in your head. CCNP Security is a two-exam certification.
- The core exam: 350-701 SCOR. This is mandatory and shared by every CCNP Security candidate regardless of specialism. It is a 120-minute exam covering core security technologies. The same SCOR exam also counts towards CCIE Security, so it is a high-value qualification on its own.
- One concentration (elective) exam. You choose a specialism, such as firewalls, identity, or secure cloud access, and pass its matching exam.
Because SCOR sits underneath everything, the v1.1 to v2.0 change touches every CCNP Security candidate, not just one track. The concentration changes then determine which specialism path is still open to you after 27 August 2026.
Exam Tip: Cisco does not publish a fixed numeric pass mark for the 350-701 SCOR exam. Scores are scaled and the passing bar is not disclosed, so treat every objective as testable rather than chasing a magic percentage.
What's Changing in the 350-701 SCOR Core Exam (v1.1 to v2.0)
The core exam is where most of the attention should go, because you cannot earn CCNP Security without it. The v2.0 refresh is not a light touch. It adds genuinely new technical territory that did not appear in v1.1 at all.
New and expanded content in 350-701 SCOR v2.0 includes:
- AI and LLM security vulnerabilities, including prompt injection and data poisoning. This is the headline addition and reflects how quickly large language models have entered production environments.
- Post-quantum cryptography, acknowledging the migration away from algorithms that quantum computers will eventually break.
- Secure Service Edge (SSE) and SASE, which increasingly replace traditional site-to-site and remote-access VPNs.
- Advanced telemetry with Splunk, reflecting Cisco's deeper integration of Splunk since the acquisition.
- eBPF-based workload protection for cloud-native and container environments.
- Cisco Secure Access, Cisco's converged SSE offering.
The exam now tests across six domains: security concepts, network security, cloud security, Secure Service Edge, endpoint protection, and identity and access. The arrival of a dedicated Secure Service Edge focus, and the shrinking of classic VPN content, is the clearest signal of where Cisco thinks the job is going.
What This Means for Your Study Plan
If you are preparing on v1.1 material, your notes on legacy VPN configuration and older content security appliances are still valid for the 26 August cut-off. After that date, you will need fresh material covering AI security, post-quantum cryptography, and SSE. Most current study guides and practice tests are still being updated for v2.0, so first-mover study resources will be thin for a while.
The Three Concentration Exams Being Retired
This is the part that catches people out. If your plan was to pair SCOR with one of these three electives, that door closes on 27 August 2026.
Retiring on 27 August 2026 (last test date 26 August 2026):
- 300-720 SESA: Securing Email with Cisco Email Security Appliance.
- 300-725 SWSA: Securing Web with Cisco Secure Web Appliance.
- 300-730 SVPN: Implementing Secure Solutions with Virtual Private Networks.
The common thread is appliance-era and VPN-era technology. Cisco is steering candidates towards cloud-delivered security (SSE and SASE) and away from standalone email, web, and VPN appliances. If you have already started studying SVPN, in particular, you have a decision to make, because there is no direct one-to-one replacement exam.
The Updated Concentration Exams (Still Available After August)
The good news is that the most popular concentrations survive and get refreshed for 2026. If you have not started on a retiring elective yet, pick one of these instead.
- 300-710 SNCF (v1.2): Securing Networks with Cisco Firewalls. Now focuses on Cisco Security Cloud Control, Splunk integration, AI-driven threat intelligence, and deeper troubleshooting.
- 300-715 SISE (v1.2): Implementing and Configuring Cisco Identity Services Engine. Stronger emphasis on identity-driven security, BYOD lifecycle management, and posture operations.
- 300-740 SCAZT (v2.0): Designing and Implementing Cisco Secure Cloud Access for Users and Endpoints. This sees the biggest overhaul, adding cloud security frameworks, MITRE ATT&CK, MFA, endpoint posture, encryption, AI defence, SSE, SD-WAN, secure private access, and Zero Trust.
The SCAZT elective is the clearest expression of Cisco's new direction. If you want a CCNP Security path that maps to modern cloud and Zero Trust roles, that is the one to watch.
CCNP Security 350-701 v1.1 vs v2.0: Side by Side
Here is the comparison at a glance so you can see the shift in priorities.
| Aspect | 350-701 SCOR v1.1 | 350-701 SCOR v2.0 |
|---|---|---|
| Available until | 26 August 2026 | First test 27 August 2026 |
| AI and LLM security | Not covered | Added (prompt injection, data poisoning) |
| Post-quantum cryptography | Not covered | Added |
| Secure Service Edge / SASE | Light coverage | Dedicated domain focus |
| Remote-access VPN | Significant coverage | Reduced in favour of SSE |
| Telemetry | General | Splunk-focused |
| Workload protection | Traditional | eBPF-based, cloud-native |
| Exam length | 120 minutes | 120 minutes |
The exam length and two-exam structure stay the same. What changes is the content weighting, and it moves decisively towards AI, cloud, and Zero Trust.
Should You Take the Exam Now or Wait?
This is the question everyone actually came for. Use the simple rule below rather than guessing.
Take the current version now (before 27 August 2026) if:
- You are already mid-certification and have passed one of the two exams on the current track. Finish what you started on the version you know.
- You have been studying v1.1 material for weeks and you are close to exam-ready. Do not throw away revision that is already in your head.
- Your chosen elective is one of the three retiring exams (SESA, SWSA, or SVPN) and you are nearly ready. After 26 August it is gone.
- You can realistically book and pass before the 26 August cut-off without rushing into a fail.
Wait for v2.0 (27 August 2026 onwards) if:
- You have not started studying yet, or you are only in the early stages. There is no value in learning soon-to-be-retired VPN appliance content.
- Your day job already involves AI security, SSE, SASE, or Zero Trust. The new objectives will play to your strengths.
- You want the certification to reflect current skills to employers. A v2.0 pass signals up-to-date knowledge.
- Your target elective is SCAZT or another updated concentration rather than a retiring one.
Exam Tip: The worst outcome is panic-booking v1.1 in August, failing on rushed preparation, then having to restart on v2.0 anyway. If you cannot be genuinely ready by 26 August, plan for v2.0 from the start.
Is CCNP Security Still Worth It in 2026?
Yes, and arguably more so after this update. CCNP Security holders command some of the highest salaries in the Cisco ecosystem, with average US figures around $152,773 per year and top earners in cloud and enterprise security roles going well beyond $200,000 (source: CBT Nuggets). The v2.0 refresh aligns the certification with AI security and Zero Trust, the exact areas where hiring demand is growing fastest.
If you are weighing CCNP Security against other paths, it sits at the professional level, a step above associate certifications like CCNA. If you have not yet passed CCNA, that is the logical first stop, and our CCNA 200-301 study plan walks you through it in twelve weeks.
How to Prepare for the New CCNP Security Objectives
Whichever version you sit, the preparation principles are the same.
- Map the official exam topics first. Download the current blueprint for your version and treat every listed objective as testable.
- Build hands-on practice. SCOR rewards configuration and troubleshooting skill, not memorisation. Use labs for firewall, ISE, and secure access tasks.
- Drill with realistic practice questions. Applied, scenario-based questions expose the gaps that reading alone hides.
- Prioritise the new domains if you sit v2.0. AI security, post-quantum cryptography, and SSE are unfamiliar to most candidates, so give them extra time.
Practising under timed, exam-style conditions is the single best predictor of passing. You can build that exam stamina with realistic question banks on our courses, and broaden your security knowledge with the rest of the CertCrush blog.
Ready to Start Practising?
The 27 August 2026 deadline is closer than it looks, and the smartest candidates are deciding their version strategy now rather than in a last-minute scramble. Whether you target v1.1 before the cut-off or build your plan around v2.0, the path to a pass is the same: structured study plus relentless practice on exam-style questions.
CertCrush gives you the realistic practice that turns revision into a confident pass. Create your free account and start practising for CCNP Security and your next Cisco certification today.