Cybercops Associate

The whole process of cybersecurity mainly revolves around the practice of technologies, tools, and problem-solving skills to build, manage, or safeguard systems, networks, or any type of data from intruders.

This cybersecurity certification course will introduce you to the core cybersecurity concepts and cybersecurity tools for an in-depth understanding of data security, ethical hacking, and digital forensics. 

Cybersecurity Operations cover the knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a Security Operations Center (SOC). Upon completion of the Cybersecurity Operations course, students will be able to perform the following tasks:

• Explain the role of the Cybersecurity Operations Analyst in the enterprise.
• Install virtual machines to create a safe environment for implementing and analyzing cybersecurity threat events.
• Explain the Windows Operating System features and characteristics needed to support cybersecurity analyses.
• Explain the features and characteristics of the Linux Operating System.
• Analyze the operation of network protocols and services.
• Explain the operation of the network infrastructure.
• Classify the various types of network attacks.
• Use network monitoring tools to identify attacks against network protocols and services.
• Use various methods to prevent malicious access to computer networks, hosts, and data.
• Explain the impacts of cryptography on network security monitoring.
• Explain how to investigate endpoint vulnerabilities and attacks.
• Evaluate network security alerts.
• Analyse network intrusion data to identify compromised hosts and vulnerabilities.
• Apply incident response models to manage network security incidents.

1.0 Security Concepts

• 1.1 Describe the CIA triad
• 1.2 Compare security deployments
• 1.3 Describe security terms
• 1.4 Compare security concepts
• 1.5 Describe the principles of the defense-in-depth strategy
• 1.6 Compare access control models
• 1.7 Describe terms as defined in CVSS
• 1.8 Identify the challenges of data visibility (network, host, and cloud) in detention
• 1.9 Identify potential data loss from provided traffic profiles
• 1.10 Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
• 1.11 Compare rule-based detection vs. behavioral and statistical detection

 2.0 Security Monitoring

• 2.1 Compare attack surface and vulnerability
• 2.2 Identify the types of data provided by these technologies
• 2.3 Describe the impact of these technologies on data visibility
• 2.4 Describe the uses of these data types in security monitoring
• 2.5 Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
• 2.6 Describe web application attacks, such as SQL injection, command injections, and microsite scripting
• 2.7 Describe social engineering attacks
• 2.8 Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
• 2.9 Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies
• 2.10 Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
• 2.11 Identify the certificate components in a given scenario

 3.0 Host-Based Analysis

• 3.1 Describe the functionality of these endpoint technologies in regard to security monitoring
• 3.2 Identify components of an operating system (such as Windows and Linux) in a given scenario
• 3.3 Describe the role of attribution in an investigation:
• 3.4 Identify type of evidence used based on provided logs
• 3.5 Compare tampered and untampered disk image
• 3.6 Interpret operating system, application, or command line logs to identify an event
• 3.7 Interpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)4.0 Network Intrusion Analysis

4.0 network intrusion analysis

• 4.1 Map the provided events to source technologies
• 4.2 Compare impact and no impact for these items
• 4.3 Compare deep packet inspection with packet filtering and stateful firewall operation
• 4.4 Compare inline traffic interrogation and taps or traffic monitoring
• 4.5 Compare the characteristics of data obtained from taps or traffic monitoring and transactional data  (NetFlow) in the analysis of network traffic
• 4.6 Extract files from a TCP stream when given a PCAP file and Wireshark
• 4.7 Identify key elements in an intrusion from a given PCAP file
• 4.8 Interpret the fields in protocol headers as related to intrusion analysis
• 4.9 Interpret common artifact elements from an event to identify an alert
• 4.10 Interpret basic regular expressions

5.0 Security Policies and Procedures

• 5.1 Describe management concepts
• 5.2 Describe the elements in an incident response plan as stated in NIST.SP800-61
• 5.3 Apply the incident handling process (such as NIST.SP800-61) to an event
• 5.4 Map elements to these steps of analysis based on the NIST.SP800-61
• 5.5 Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
• 5.6 Describe concepts as documented in NIST.SP800-86
• 5.7 Identify these elements used for network profiling
• 5.8 Identify these elements used for server profiling
• 5.9 Identify protected data in a network
• 5.10 Classify intrusion events as defined by security models, such as the Cyber Kill  Chain Model and Diamond Model of Intrusion
• 5.11 Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)

• Launch your career in cybersecurity operations with the Cisco® Certified CyberOps Associate certification
• Master the essentials to prevent, detect, and respond to cybersecurity threats and breaches
• Rev up your resume with training and certification on cybersecurity operations knowledge and skills
• Boost your confidence by gaining real-world knowledge

• IT professionals aiming to specialize in cybersecurity
• Network engineers seeking to enhance their security skills
• Security analysts and operations staff
• Incident response team members
• SOC (Security Operations Center) personnel
• Systems administrators interested in security technologies
• Aspiring cybersecurity specialists
• IT managers looking to understand cybersecurity operations
• Cybersecurity consultants and advisors
• Compliance and risk assessment officers
• Military or government personnel responsible for network security
• Technical support engineers focusing on security
• Professionals preparing for the Cisco CBROPS certification

No formal prerequisites

You should understand the exam topics before taking the exam—and develop a strategy for how you’re going to master them.

A CyberOps Associate certification is proof that you’ve mastered the essentials to build your IT career in cybersecurity. You’ll also be more competitive in a field where the overwhelming majority of professionals are certified.

These concepts will train you for roles such as Network Administrator, System Administrator, Security Analyst, Security Engineer, Pen Tester, and more. At the end of the course, you'll be awarded a certificate to validate your expertise and credibility which will help you when searching for a job.

• Required core exam: 200-201 CBROPS v1.1
• Understanding Cisco Cybersecurity Operations Fundamentals
• This exam certifies your knowledge and skills of security concepts and monitoring, host-based and network intrusion analysis, and security policies and procedures.
• Duration: 120 minutes
• Languages: English