During the summer a new CyberOps Course will be released focussing on the new CyberOps Associate certification. BiASC is ready to support all Cisco Academies and instructors interested in CyberSecurity Operations.
The CyberOps Associate Course aligns with the new CBROPS 200-201 Certification Exam. The major difference between the previous CCNA CyberOps and the CyberOps Associate certification is the shift in the requirement for two exams to certify to one exam. The new, consolidated CyberOps Associate has been updated to cover the latest fundamentals for entry-level cybersecurity operations job roles (SOC analyst).
The course covers: Security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. This includes some new topics such as: access control models for digital assets, malware analysis and interpretation, identifying protected data, and understanding key SOC metrics to expedite detection and containment of breaches. Networking fundamentals have been removed and are part of the CCNA certification.
Hands-on Labs in this Course
As always a Cisco NetAcad course has hands-on exercises. Here are a few of the many examples of hands-on labs in this course. For quite a number of labs you will need to virtual images provided with the course:
- Installing the CyberOps Workstation Virtual Machine
- Learning the Details of Attacks
- Exploring Processes, Threads and Handles
- Exploring the Windows Registry
- Monitor and Manage System Resources
- Linux Servers
- Locating and Examining Log Files
- Using Wireshark to Examine Protocols and Encryption
- Anatomy of Malware
- Certificate Authority Stores
- Regular Expression Tutorial
- Extract an Executable from a PCAP
- Investigating a Malware Exploit
- Incident Handling
VMs in this Course
There are two VMs in this course.
CyberOps Workstation VM
The CyberOps Workstation is a custom-built VM based on Arch Linux. This VM is used in most of the labs in this course. CyberOps Workstation VM contains both a Mininet (simulated network) and several applications. Mininet is installed in the CyberOps Workstation VM to support the labs in this course. Mininet is a network emulator that creates a network of virtual hosts, switches, controllers, and links.
The Security Onion VM
The Security Onion VM is used in later labs to review pre-populated alerts and log messages generated during the exploits. The Security Onion VM is used for network security monitoring, intrusion detection, and log management.
This VM has been updated to simplify the number of VMs needed in the course to complete the labs. Security Onion also has a new log analysis tool called ELK which replaces ELSA. The Security Onion VM is primarily used in labs in Module 27.
Click here to learn more about Security Onion.
New Topics
Examples of topics that have been added to increase focus on CyberSecurity operations
- Malware analysis and interpretation
- Identifying protected data
- Access control models for digital assets
- Understanding key SOC metrics to expedite detection and containment of breaches
Examples of updates:
- Types of network attacks, e.g. denial of service, distributed denial of service, man-in-the-middle
- Types of endpoint-based attacks
- Terminology updates such as altered disk image, unaltered disk image vs. tampered disk, and untampered disk
Assessment Approach
In this new course, we have included different types of assessments in the new course structure. A module exam group will cover multiple assessments.
Quizzes are embedded in the new curriculum interface and are self-assessments for the learner.
Exams
When the course releases, the course will include:
Several Check Your Understanding Topical Self-Assessments
28 Embedded Self-Activated Student Quizzes
9 Instructor-Activated Module Group Exams
1 Instructor-Activated Practice Final Exam
1 Secured, Dynamic Instructor-Activated Final Exam
1 Instructor-Activated Certification Practice Exam
The 9 Module Group Exams that will be available for instructors to activate in the course include:
Modules 1 - 2: Threat Actors and Defenders Exam
Modules 3 - 4: Operating System Overview Exam
Modules 5 - 10: Network Fundamentals Exam
Modules 11 - 12: Network Infrastructure Security Exam
Modules 13 - 17: Threats and Attacks Exam
Modules 18 - 20: Network Defense Exam
Modules 21 - 23: Cryptography and Endpoint Protection Exam
Modules 24 - 25: Protocols and Log Files Exam
Modules 26 - 28: Analyzing Security Data Exam
Comments