Understanding Cisco Cybersecurity Operations Fundamentals v1.1 (200-201) Summary
Duration: 120 minutes
Associated Certification: Cisco Certified CyberOps Associate
Recommended Preparation: Understanding Cisco Cybersecurity Operations Fundamentals course
Exam Topics
1.0 Security Concepts (20%)
1.1 CIA triad
1.2 Security deployments comparison
1.3 Security terms
1.4 Security concepts comparison
1.5 Defense-in-depth strategy principles
1.6 Access control models comparison
1.7 CVSS terms
1.8 Data visibility challenges
1.9 Potential data loss from traffic profiles
1.10 5-tuple approach for compromised host isolation
1.11 Rule-based vs. behavioral and statistical detection
2.0 Security Monitoring (25%)
2.1 Attack surface and vulnerability comparison
2.2 Types of data provided by various technologies
2.3 Impact of technologies on data visibility
2.4 Uses of data types in security monitoring
2.5 Network attacks
2.6 Web application attacks
2.7 Social engineering attacks
2.8 Endpoint-based attacks
2.9 Evasion and obfuscation techniques
2.10 Impact of certificates on security
2.11 Certificate components identification
3.0 Host-Based Analysis (20%)
3.1 Endpoint technologies functionality
3.2 Operating system components identification
3.3 Role of attribution in an investigation
3.4 Types of evidence based on logs
3.5 Tampered vs. untampered disk image comparison
3.6 Log interpretation for event identification
3.7 Malware analysis tool output report interpretation
4.0 Network Intrusion Analysis (20%)
4.1 Mapping events to source technologies
4.2 Impact comparison of detection outcomes
4.3 Deep packet inspection vs. packet filtering and stateful firewall
4.4 Inline traffic interrogation vs. taps or traffic monitoring
4.5 Taps/traffic monitoring vs. transactional data in network traffic analysis
4.6 File extraction from TCP stream (PCAP and Wireshark)
4.7 Key elements identification in an intrusion from PCAP
4.8 Protocol header fields interpretation for intrusion analysis
4.9 Artifact elements interpretation for alert identification
4.10 Basic regular expressions interpretation
5.0 Security Policies and Procedures (15%)
5.1 Management concepts
5.2 Incident response plan elements (NIST.SP800-61)
5.3 Incident handling process application
5.4 Analysis steps mapping based on NIST.SP800-61
5.5 Organization stakeholders mapping against NIST IR categories
5.6 NIST.SP800-86 concepts
5.7 Network profiling elements
5.8 Server profiling elements
5.9 Protected data identification in a network
5.10 Intrusion events classification into security model categories
5.11 SOC metrics relationship to scope analysis
