• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC's) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats.

This exam tests a candidate's understanding of cybersecurity basic principles, foundational knowledge, and core skills needed to grasp the more associate-level materials in the second required exam, Implementing Cisco Cybersecurity Operations (SECOPS).

This exam is the second of the two required exams to achieve the associate-level CCNA Cyber Ops certification and prepares candidates to begin a career within a Security Operations Center (SOC), working with Cybersecurity Analysts at the associate level. The SECOPS exam tests a candidate's knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a SOC.

Learning Objectives

  • Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
  • Interpret basic regular expressions
  • Describe the fields in these protocol headers as they relate to intrusion analysis
  • Identify the elements from a NetFlow v5 record from a security event
  • Identify these key elements in an intrusion from a given PCAP file
  • Extract files from a TCP stream when given a PCAP file and Wireshark
  • Analyze campus network designs
  • Interpret common artifact elements from an event to identify an alert
  • Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
  • Implement inter-VLAN routing in a campus network
  • Implement a highly available network
  • Implement high-availability technologies and techniques using multilayer switches in a campus environment
  • Describe the function of the network layers as specified by the OSI and the TCP/IP network models
  • Describe the functions of these network security systems as deployed on the host, network, or the cloud
  • Describe IP subnets and communication within an IP subnet and between IP subnets
  • Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic 

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.