Are you ready to prepare for the Cisco Certified CyberOps Associate certification exam ?

The Cisco Certified CyberOps Associate program focuses on the latest operational skills and knowledge you need for real-world jobs in security operations centers (SOCs). SOC analysts serve as the front line of defense against cybersecurity threats – preventing and detecting threats to defend your organization.

The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam (200-201) is a 120-minute assessment that is associated with the Cisco Certified CyberOps Associate certification. The CBROPS exam tests a candidate’s knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. The course, Understanding Cisco Cybersecurity Operations Fundamentals, helps candidates to prepare for this exam.

Cisco 200-201 CBROPS Exam Topics :

1.0 Security Concepts

• Describe the CIA triad

• Compare security deployments

• Describe security terms

• Compare security concepts

• Describe the principles of the defense-in-depth strategy

• Compare access control models

• Describe terms as defined in CVSS

• Identify the challenges of data visibility (network, host, and cloud) in detection

• Identify potential data loss from provided traffic profiles

• Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs

• Compare rule-based detection vs. behavioral and statistical detection

2.0 Security Monitoring

• Compare attack surface and vulnerability

• Identify the types of data provided by these technologies

• Describe the impact of these technologies on data visibility

• Describe the uses of these data types in security monitoring

• Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle

• Describe web application attacks, such as SQL injection, command injections, and crosssite scripting

• Describe social engineering attacks

• Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware

• Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies

• Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)

3.0 Host-Based Analysis

• Describe the functionality of these endpoint technologies in regard to security monitoring

• Identify components of an operating system (such as Windows and Linux)

• Describe the role of attribution in an investigation

• Identify type of evidence used based on provided logs

• Compare tampered and untampered disk image

• Interpret operating system, application, or command line logs to identify an event

• Interpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)

4.0 Network Intrusion Analysis

• Map the provided events to source technologies

• Compare impact and no impact for these items

• Compare deep packet inspection with packet filtering and stateful firewall operation

• Compare inline traffic interrogation and taps or traffic monitoring

• Compare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic

• Extract files from a TCP stream when given a PCAP file and Wireshark

• Interpret the fields in protocol headers as related to intrusion analysis

• Interpret common artifact elements from an event to identify an alert

• Interpret basic regular expressions

5.0 Security Policies and Procedures

• Describe management concepts

• Describe the elements in an incident response plan as stated in NIST.SP800-61

• Apply the incident handling process (such as NIST.SP800-61) to an event

• Map elements to these steps of analysis based on the NIST.SP800-61

• Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800- 61)

• Describe concepts as documented in NIST.SP800-86

• Identify these elements used for network profiling

• Identify these elements used for server profiling

• Identify protected data in a network

• Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion

• Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)

Who this course is for:

• Network Engineer
• Security Admin
• Candidates who are preparing for the Cisco Certified CyberOps Associate Certification exam