Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC's) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats.
This exam tests a candidate's understanding of cybersecurity basic principles, foundational knowledge, and core skills needed to grasp the more associate-level materials in the second required exam, Implementing Cisco Cybersecurity Operations (SECOPS).
This exam is the second of the two required exams to achieve the associate-level CCNA Cyber Ops certification and prepares candidates to begin a career within a Security Operations Center (SOC), working with Cybersecurity Analysts at the associate level. The SECOPS exam tests a candidate's knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a SOC.
Learning Objectives
- Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
- Interpret basic regular expressions
- Describe the fields in these protocol headers as they relate to intrusion analysis
- Identify the elements from a NetFlow v5 record from a security event
- Identify these key elements in an intrusion from a given PCAP file
- Extract files from a TCP stream when given a PCAP file and Wireshark
- Analyze campus network designs
- Interpret common artifact elements from an event to identify an alert
- Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
- Implement inter-VLAN routing in a campus network
- Implement a highly available network
- Implement high-availability technologies and techniques using multilayer switches in a campus environment
- Describe the function of the network layers as specified by the OSI and the TCP/IP network models
- Describe the functions of these network security systems as deployed on the host, network, or the cloud
- Describe IP subnets and communication within an IP subnet and between IP subnets
- Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic