Categories

« Remote Labs with CML 2.0 | Main | 99% of malware is sent by either web server or email »

Friday, 26 June 2020

New CyberOps Associate Course

CyberOpsAssocaiteCert

During the summer a new CyberOps Course will be released focussing on the new CyberOps Associate certification. BiASC is ready to support all Cisco Academies and instructors interested in CyberSecurity Operations.

The CyberOps Associate Course aligns with the new CBROPS 200-201 Certification Exam. The major difference between the previous CCNA CyberOps and the CyberOps Associate certification is the shift in the requirement for two exams to certify to one exam. The new, consolidated CyberOps Associate has been updated to cover the latest fundamentals for entry-level cybersecurity operations job roles (SOC analyst).

The course covers: Security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. This includes some new topics such as: access control models for digital assets, malware analysis and interpretation, identifying protected data, and understanding key SOC metrics to expedite detection and containment of breaches. Networking fundamentals have been removed and are part of the CCNA certification.

Hands-on Labs in this Course

As always a Cisco NetAcad course has hands-on exercises. Here are a few of the many examples of hands-on labs in this course. For quite a number of labs you will need to virtual images provided with the course:

  • Installing the CyberOps Workstation Virtual Machine
  • Learning the Details of Attacks
  • Exploring Processes, Threads and Handles
  • Exploring  the Windows Registry
  • Monitor and Manage System Resources
  • Linux Servers
  • Locating and Examining Log Files
  • Using Wireshark to Examine Protocols and Encryption
  • Anatomy of Malware
  • Certificate Authority Stores
  • Regular Expression Tutorial
  • Extract an Executable from a PCAP
  • Investigating a Malware Exploit
  • Incident Handling

VMs in this Course

There are two VMs in this course.

CyberOps Workstation VM
The CyberOps Workstation is a custom-built VM based on Arch Linux. This VM is used in most of the labs in this course. CyberOps Workstation VM contains both a Mininet (simulated network) and several applications. Mininet is installed in the CyberOps Workstation VM to support the labs in this course. Mininet is a network emulator that creates a network of virtual hosts, switches, controllers, and links.

The Security Onion VM
The Security Onion VM is used in later labs to review pre-populated alerts and log messages generated during the exploits. The Security Onion VM is used for network security monitoring, intrusion detection, and log management.

This VM has been updated to simplify the number of VMs needed in the course to complete the labs. Security Onion also has a new log analysis tool called ELK which replaces ELSA. The Security Onion VM is primarily used in labs in Module 27.

Click here  to learn more about Security Onion.

New Topics

Examples of topics that have been added to increase focus on CyberSecurity operations

  • Malware analysis and interpretation
  • Identifying protected data
  • Access control models for digital assets
  • Understanding key SOC metrics to expedite detection and containment of breaches

Examples of updates:

  • Types of network attacks, e.g. denial of service, distributed denial of service, man-in-the-middle
  • Types of endpoint-based attacks
  • Terminology updates such as altered disk image, unaltered disk image vs. tampered disk, and untampered disk

Assessment Approach

In this new course, we have included different types of assessments in the new course structure. A module exam group will cover multiple assessments.
Quizzes are embedded in the new curriculum interface and are self-assessments for the learner.

Exams
When the course releases, the course will include:
Several Check Your Understanding Topical Self-Assessments
28 Embedded Self-Activated Student Quizzes
9 Instructor-Activated Module Group Exams
1 Instructor-Activated Practice Final Exam
1 Secured, Dynamic Instructor-Activated Final Exam
1 Instructor-Activated Certification Practice Exam

The 9 Module Group Exams that will be available for instructors to activate in the course include:
Modules 1 - 2: Threat Actors and Defenders Exam
Modules 3 - 4: Operating System Overview Exam
Modules 5 - 10: Network Fundamentals Exam
Modules 11 - 12: Network Infrastructure Security Exam
Modules 13 - 17: Threats and Attacks Exam
Modules 18 - 20: Network Defense Exam
Modules 21 - 23: Cryptography and Endpoint Protection Exam
Modules 24 - 25: Protocols and Log Files Exam
Modules 26 - 28: Analyzing Security Data Exam

Posted at 10:18 AM in ASC, CyberSecurity, Members, News, Security |

| | | Pin It! |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)