CyberOps Associate (CBROPS) 200-201

*Instructor-led Classroom Training &
*Instructor-led Online / hybrid training

Understanding Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS)

Course Content

Security Concepts

  • Describing the CIA triad
  • Comparing security deployments
  • Describing security terms
  • Comparing security concepts
  • Describing the principles of the defense-in-depth strategy
  • Comparing access control models
  • Describing terms as defined in CVSS
  • Identifying the challenges of data visibility (network, host, and cloud) in detection
  • Identifying potential data loss from provided traffic profiles
  • Interpreting the 5-tuple approach to isolate a compromised host in a grouped set of logs
  • Comparing rule-based detection vs. behavioral and statistical detection

Security Monitoring

  • Comparing attack surface and vulnerability
  • Identifying the types of data provided by these technologies
  • Describing the impact of these technologies on data visibility
  • Describing the uses of these data types in security monitoring
  • Describing network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
  • Describing web application attacks, such as SQL injection, command injections, and cross-site scripting
  • Describing social engineering attacks
  • Describing endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
  • Describing evasion and obfuscation techniques, such as tunneling, encryption, and proxies
  • Describing the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
  • Identifying the certificate components in a given scenario

Host-Based Analysis

  • Describing the functionality of these endpoint technologies in regard to security monitoring
  • Identifying components of an operating system (such as Windows and Linux) in a given scenario
  • Describing the role of attribution in an investigation
  • Identifying type of evidence used based on provided logs
  • Comparing tampered and untampered disk image
  • Interpreting operating system, application, or command line logs to identify an event
  • Interpreting the output report of a malware analysis tool (such as a detonation chamber or sandbox)

Network Intrusion Analysis

  • Mapping the provided events to source technologies
  • Comparing impact and no impact for these items
  • Comparing deep packet inspection with packet filtering and stateful firewall operation
  • Comparing inline traffic interrogation and taps or traffic monitoring
  • Comparing the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
  • Extracting files from a TCP stream when given a PCAP file and Wireshark
  • Identifying key elements in an intrusion from a given PCAP file
  • Interpreting the fields in protocol headers as related to intrusion analysis
  • Interpreting common artifact elements from an event to identify an alert
  • Interpreting basic regular expressions

Security Policies and Procedures

  • Describing management concepts
  • Describing the elements in an incident response plan as stated in NIST.SP800-61
  • Applying the incident handling process (such as NIST.SP800-61) to an event
  • Mapping elements to these steps of analysis based on the NIST.SP800-61
  • Mapping the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
  • Describing concepts as documented in NIST.SP800-86
  • Identifying these elements used for network profiling
  • Identifying these elements used for server profiling
  • Identifying protected data in a network
  • Classifying intrusion events into categories as defined by security models, such as Cyber Kill Chain Modeling and Diamond Model of Intrusion
  • Describing the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)

Event Properties

Event Date 10-01-2022
Event End Date 14-01-2022
Individual Price 3.490,00€
Preis (exkl. MwSt.)
Training Location IPnetON GmbH, Berlin / Onsite
Examen Pearson Vue Examen 200-201
Preis 264,-€ (exkl. MwSt.)
zzgl. Bearbeitungsgebühr 20,-€