The Cisco Certified CyberOps Associate certification is the first designation on the CyberOps track within the Cisco Certification Program. It helps you to build a career in cybersecurity operations. Thus, it proves that you possess solid skills and knowledge in dealing with security concepts and monitoring, host-based and network intrusion analysis, security procedures and policies. This Cisco certification can be obtained by passing one exam coded 200-201.
Exam Understanding Cisco Cybersecurity Operations Fundamentals simply known by code 200-201 (CBROPS) is a 2-hour test that will cost you $300. The exam contains 5 topics that check specific skills in each topic. The first domain validates how proficient you are in security concepts. In this part, you should be ready to define the CIA triad, differentiate security deployments, explain security terms, and be competent in security concepts. You should be able to recognize the principles that refer to the defense-in-depth strategy, distinguish access control models, interpret terms as stated in CVSS. This domain also requires you to prove that you are able to detect the challenges of data visibility and potential data loss, along with implementing the 5-tuple approach.
The second topic is devoted to security monitoring. This implies that you are able to define attack surface and vulnerability and are knowledgeable of their distinctive characteristics. You are also competent in using the types of data provided by a variety of technologies. Next, you will be tested on your ability to demonstrate how the technologies given in the task influence data visibility. This topic will also measure your skills to utilize the offered data types in security monitoring, interpret network attacks, web app attacks, social engineering attacks, as well as attacks based on endpoints. To add more, your ability to define the parts of the certificate in a given task will also be assessed.
The third topic deals with host-based analysis. Here, you will be asked to explain the functionality of the offered endpoint technologies regarding security monitoring, define the elements of an operating system in the given task, and show the purpose of the attribution usage. In addition, this topic will evaluate your ability to use logs to define the type of evidence, to show the difference between tampered and untampered disk image. Finally, in this domain, you will explain how to use the malware analysis tool for making the output report as well as how to define an event through explaining the app, operating system, and command line logs.
The fourth topic is centered on network intrusion analysis. It involves the ability to compare the provided events with the source technologies, impact & no impact for the given elements, and deep packet inspection & stateful firewall operation. Your knowledge of the traffic monitoring and ability to define its features will also be assessed. In this section, you should be ready to demonstrate your skills to inspect the PCAP file and find the core elements in an intrusion. In this topic, you will be asked to explain the fields in protocol headers and fundamental regular expressions.
The fifth domain refers to security policies and procedures. This topic is built around the skills to use management concepts, explain parts of an incident in accordance with the NIST.SP800-61 guide, and implement the incident handling process. Besides, you should be competent in the steps of analysis stated in the NIST.SP800-61 guide. Your knowledge of the components used for the network profiling and components utilized for server profiling will also be tested. Additionally, you should know how to define the secured data in a network as well as explain how SOC metrics and scope analysis are interrelated.
If you are concerned about the annual salary you are eligible for having the Cisco Certified CyberOps Associate accreditation, know that it is stated as $69,975, according to the ZipRecruiter website.