Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC's) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats.
This exam tests a candidate's understanding of cybersecurity basic principles, foundational knowledge, and core skills needed to grasp the more associate-level materials in the second required exam, Implementing Cisco Cybersecurity Operations (SECOPS).
This exam is the second of the two required exams to achieve the associate-level CCNA Cyber Ops certification and prepares candidates to begin a career within a Security Operations Center (SOC), working with Cybersecurity Analysts at the associate level. The SECOPS exam tests a candidate's knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a SOC.
Learning Objectives
- Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
- Interpret basic regular expressions
- Describe the fields in these protocol headers as they relate to intrusion analysis
- Identify the elements from a NetFlow v5 record from a security event
- Identify these key elements in an intrusion from a given PCAP file
- Extract files from a TCP stream when given a PCAP file and Wireshark
- Analyze campus network designs
- Interpret common artifact elements from an event to identify an alert
- Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
- Implement inter-VLAN routing in a campus network
- Implement a highly available network
- Implement high-availability technologies and techniques using multilayer switches in a campus environment
- Describe the function of the network layers as specified by the OSI and the TCP/IP network models
- Describe the functions of these network security systems as deployed on the host, network, or the cloud
- Describe IP subnets and communication within an IP subnet and between IP subnets
- Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Risk Management
- Software Development
- Systems Development
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.