Cisco CyberOps Associate CBROPS (200-201)

(200-201.AP1)/ISBN:9781644592649

This course includes
Lessons
TestPrep
LiveLab
Mentoring (Add-on)

Get certified for the Cisco Certified CyberOps Associate exam with the Cisco CyberOps CBROPS Associate creation (200-201) course and lab. The course and lab cover the 200-201 CBROPS exam objectives and teach you about the concepts such as network, endpoint, and application security systems, agentless and agent-based protection, legacy antivirus, and anti-malware, and more. The study guide is equipped with various comprehensive learning resources to help in understanding security monitoring challenges in the SOC and additional evasion and obfuscation techniques.

Here's what you will get

The Cisco Certified CyberOps Associate certification helps in starting a cybersecurity operations career. Candidates need to pass the 200-201 CRBOPS exam that covers the principles of cybersecurity operations, skills, and procedures to receive the CyberOps Associate certification. The 200-210 CRBOPS certification exam certifies a candidate's skills of working with security principles, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures.

Lessons

16+ Lessons | 210+ Quizzes | 172+ Flashcards | 172+ Glossary of terms

TestPrep

90+ Pre Assessment Questions | 2+ Full Length Tests | 90+ Post Assessment Questions | 180+ Practice Test Questions

Hand on lab

45+ LiveLab | 52+ Video tutorials | 01:47+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • The Cisco CyberOps Associate Certification
  • The Exam Objectives (Domains)
  • Steps to Pass the 200-201 CBROPS Exam
  • Signing Up for the Exam
  • Facts About the Exam
  • About the Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

Lessons 2: Cybersecurity Fundamentals

  • Introduction to Cybersecurity
  • Threats, Vulnerabilities, and Exploits
  • Network Security Systems
  • Intrusion Detection Systems and Intrusion Prevention Systems
  • Advanced Malware Protection
  • Web Security Appliance
  • Email Security Appliance
  • Cisco Security Management Appliance
  • Cisco Identity Services Engine
  • Security Cloud-Based Solutions
  • Cisco NetFlow
  • Data Loss Prevention
  • The Principles of the Defense-in-Depth Strategy
  • Confidentiality, Integrity, and Availability: The CIA Triad
  • Risk and Risk Analysis
  • Personally Identifiable Information and Protected Health Information
  • Principle of Least Privilege and Separation of Duties
  • Security Operations Centers
  • Playbooks, Runbooks, and Runbook Automation
  • Digital Forensics
  • Review All Key Topics
  • Review Questions

Lessons 3: Introduction to Cloud Computing and Cloud Security

  • Cloud Computing and the Cloud Service Models
  • Cloud Security Responsibility Models
  • DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps
  • Understanding the Different Cloud Security Threats
  • Review All Key Topics
  • Review Questions

Lessons 4: Access Control Models

  • Information Security Principles
  • Subject and Object Definition
  • Access Control Fundamentals
  • Access Control Process
  • Information Security Roles and Responsibilities
  • Access Control Types
  • Access Control Models
  • Access Control Mechanisms
  • Identity and Access Control Implementation
  • Review All Key Topics
  • Review Questions

Lessons 5: Types of Attacks and Vulnerabilities

  • Types of Attacks
  • Types of Vulnerabilities
  • Review All Key Topics
  • Review Questions

Lessons 6: Fundamentals of Cryptography and Public Key Infrastructure (PKI)

  • Cryptography
  • Block and Stream Ciphers
  • Symmetric and Asymmetric Algorithms
  • Hashes
  • Digital Signatures
  • Next-Generation Encryption Protocols
  • IPsec and SSL/TLS
  • Fundamentals of PKI
  • Root and Identity Certificates
  • Revoking Digital Certificates
  • Using Digital Certificates
  • Review All Key Topics
  • Review Questions

Lessons 7: Introduction to Virtual Private Networks (VPNs)

  • What Are VPNs?
  • Site-to-Site vs. Remote-Access VPNs
  • An Overview of IPsec
  • SSL VPNs
  • Review All Key Topics
  • Review Questions

Lessons 8: Introduction to Security Operations Management

  • Introduction to Identity and Access Management
  • Security Events and Log Management
  • Asset Management
  • Introduction to Enterprise Mobility Management
  • Configuration and Change Management
  • Vulnerability Management
  • Patch Management
  • Review All Key Topics
  • Review Questions

Lessons 9: Fundamentals of Intrusion Analysis

  • Introduction to Incident Response
  • The Incident Response Plan
  • The Incident Response Process
  • Information Sharing and Coordination
  • Incident Response Team Structure
  • Common Artifact Elements and Sources of Security Events
  • Understanding Regular Expressions
  • Protocols, Protocol Headers, and Intrusion Analysis
  • How to Map Security Event Types to Source Technologies
  • Review All Key Topics
  • Review Questions

Lessons 10: Introduction to Digital Forensics

  • Introduction to Digital Forensics
  • The Role of Attribution in a Cybersecurity Investigation
  • The Use of Digital Evidence
  • Evidentiary Chain of Custody
  • Reverse Engineering
  • Fundamentals of Microsoft Windows Forensics
  • Fundamentals of Linux Forensics
  • Review All Key Topics
  • Review Questions

Lessons 11: Network Infrastructure Device Telemetry and Analysis

  • Network Infrastructure Logs
  • Traditional Firewall Logs
  • NetFlow Analysis
  • Network Packet Capture
  • Network Profiling
  • Review All Key Topics
  • Review Questions

Lessons 12: Endpoint Telemetry and Analysis

  • Understanding Host Telemetry
  • Host Profiling
  • Analyzing Windows Endpoints
  • Linux and macOS Analysis
  • Endpoint Security Technologies
  • Review All Key Topics
  • Review Questions

Lessons 13: Challenges in the Security Operations Center (SOC)

  • Security Monitoring Challenges in the SOC
  • Additional Evasion and Obfuscation Techniques
  • Review All Key Topics
  • Review Questions

Lessons 14: The Art of Data and Event Analysis

  • Normalizing Data
  • Using the 5-Tuple Correlation to Respond to Security Incidents
  • Using Retrospective Analysis and Identifying Malicious Files
  • Mapping Threat Intelligence with DNS and Other Artifacts
  • Using Deterministic Versus Probabilistic Analysis
  • Review All Key Topics
  • Review Questions

Lessons 15: Classifying Intrusion Events into Categories

  • Diamond Model of Intrusion
  • Cyber Kill Chain Model
  • The Kill Chain vs. MITRE’s ATT&CK
  • Review All Key Topics
  • Review Questions

Lessons 16: Introduction to Threat Hunting

  • What Is Threat Hunting?
  • The Threat-Hunting Process
  • Threat Hunting and MITRE’s ATT&CK
  • Threat-Hunting Case Study
  • Threat Hunting, Honeypots, Honeynets, and Active Defense
  • Review All Key Topics
  • Review Questions

Hands-on LAB Activities

Cybersecurity Fundamentals

  • Exploiting Command Injection Vulnerabilities
  • Using Rainbow Tables
  • Consulting a Vulnerability Database
  • Configuring Dynamic NAT
  • Creating and Applying a Numbered Standard ACL
  • Creating and Applying a Numbered Extended ACL

Introduction to Cloud Computing and Cloud Security

  • Simulating a DoS Attack

Access Control Models

  • Installing Antivirus Software
  • Enabling AAA Services and Working with Method Lists
  • Implementing Port Security

Types of Attacks and Vulnerabilities

  • Configuring a BPDU Guard on a Switch Port
  • Using Maltego
  • Using Shodan
  • Using Nikto
  • Using Social Engineering Techniques to Plan an Attack
  • Simulating the DDoS Attack
  • Using Ettercap for ARP Spoofing
  • Cracking a Linux Password Using John the Ripper
  • Performing Active Reconnaissance
  • Performing a Memory-Based Attack
  • Performing a MITM Attack
  • Defending Against a Buffer Overflow Attack

Fundamentals of Cryptography and Public Key Infrastructure (PKI)

  • Using PGP
  • Generating a Symmetric Key
  • Generating an Asymmetric Key
  • Applying Symmetric Key Encryption
  • Observing an MD5-Generated Hash Value
  • Observing an SHA-Generated Hash Value

Introduction to Virtual Private Networks (VPNs)

  • Implementing IPsec VPNs through CLI
  • Configuring an SSL Cisco AnyConnect Secure Mobility Client VPN
  • Configuring Clientless SSL VPNs on ASA

Introduction to Security Operations Management

  • Viewing Event Logs

Introduction to Digital Forensics

  • Using Reverse Engineering
  • Changing the Startup Type of Service
  • Viewing the Windows File Registry
  • Managing NTFS Permissions
  • Using Linux Commands

Network Infrastructure Device Telemetry and Analysis

  • Configuring the Router to Use NTP Services
  • Simulating an Eavesdropping Attack Using Wireshark
  • Configuring NetFlow and NetFlow Data Export

Endpoint Telemetry and Analysis

  • Showing Logging in to a System
  • Identifying Listening Ports on the Network
  • Using Windows Event Viewer
  • Changing File Permissions
  • Using a Symlink

Introduction to Threat Hunting

  • Setting Up a Honeypot

Exam FAQs

There are no formal prerequisites for CyberOps Associate certification exam.

USD 300

Fill in the blanks, drag and drop, multiple-choice single answer, ,multiple-choice multiple answer

The exam contains 95-105 questions.

120 minutes

Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice.

The policies for retaking exams are as follows:

  • Candidates who fail an Associate, Professional, or Specialist exam must wait a period of five (5) calendar days, beginning the day after the failed attempt, before they may retest for the same exam.
  • Candidates who fail any Cisco Certified Internetwork Experts (CCIE) certification or Cisco Certified Design Expert (CCDE) written exam must wait for a period of 15 calendar days, beginning the day after the failed attempt, before retaking the same exam.
  • Once passed, a candidate must wait a minimum of 180 days before taking the same exam with an identical exam number.
  • Candidates who violate these policies are in violation of the agreement. Such conduct is strictly prohibited as described in the Cisco certification and confidentiality agreement.

Three years