Cisco CCNA CyberOps Certification Training – Formerly Cisco CCNA Security
Video training course for the brand new Cisco Certified CyberOps Associate exam (200-201 CBROPS). Achieving the Cisco Certified CyberOps Associate certification is a great start to your career in cybersecurity operations. This replaces the Cisco CCNA Security exam which has been retired.
Cisco Cyberops Associate Exam Pass

Noah Hirahara
Noah took us up on a recent CCNA CyberOps exam challenge. He was one of many students who took and passed his cyber ops certification using our program.
Due to many recent high profile hacks and network attacks, cyberops jobs are in very high demand. The CCNA CyberOps certification prepares you for a role as a network security engineer or cyberops desk engineer helping advise and protect network managers on possible or active threats.
The Cisco Certified CyberOps Associate certification validates your skills and knowledge in security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. We cover many of the topics with optional, follow-along labs where you can configure security devices using free online or downloadable software and tools.
The new Cisco Certified CyberOps Associate certification program prepares you for today’s associate-level job roles in security operations centers (SOCs). The certification is passed with one exam that covers the foundational skills, processes, and knowledge you need to prevent, detect, analyze, and respond to cybersecurity incidents as part of a SOC team.
This course teaches you security concepts, common network and application operations and attacks, and the types of data needed to investigate security incidents. You learn how to monitor alerts and breaches, and how to understand and follow established procedures for response to alerts converted to incidents. Through a combination of lecture, hands-on labs, and practice exams, you will learn the essential skills, concepts, and technologies to be a contributing member of a cybersecurity operations center (SOC) including understanding the IT infrastructure, operations, and vulnerabilities.
This course helps you prepare for the role of a Junior or Entry-level cybersecurity operations analyst in a SOC.
- 200-201 CBROPS Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS).
Your Instructor
Jay Ocampo
Jay is CCIE 59340, is a seasoned Solution Network Architect/Engineer with 15 years of total experience in IT service management, operations, system integration , network engineering and enterprise architecture. He obtained a Cisco CCIE Data Center certification and holds a Bachelor's degree in Electronics and Communications Engineering.
He currently lives in the Philippines.
Module 1 | Security Concepts |
---|---|
Unit 1 | IT Security Overview and CIA Triad |
Unit 2 | Compare Security Deployments - Security Deployment Overview |
Unit 3 | Compare Security Deployments - Network, Endpoint, and Application Security Systems |
Unit 4 | Compare Security Deployments - Agentless and Agent-Based Protections |
Unit 5 | Compare Security Deployments - Legacy Antivirus and Antimalware |
Unit 6 | Compare Security Deployments - SIEM, SOAR and Log Management |
Unit 7 | Describe Security Terms - Threat Intelligence |
Unit 8 | Describe Security Terms - Threat Intelligence Platforms |
Unit 9 | Describe Security Terms - Threat Hunting |
Unit 10 | Describe Security Terms - Malware Analysis |
Unit 11 | Describe Security Terms - Threat Actor |
Unit 12 | Describe Security Terms - Run Book Automation (RBA) |
Unit 13 | Describe Security Terms - Reverse Engineering |
Unit 14 | Describe Security Terms - Sliding Window Anomaly Detection |
Unit 15 | Describe Security Terms - Principle of Least Privilege |
Unit 16 | Describe Security Terms - Zero Trust |
Unit 17 | Compare Security Concepts - Risk , Threat, Vulnerability and Exploit |
Unit 18 | Describe the Principles of the Defense-in-Depth Strategy - Defense-in-Depth Strategy |
Unit 19 | Compare Access Control Models - Access Control Modes |
Unit 20 | Describe terms as defined in CVSS - CVSS Metrics and Calculation |
Unit 21 | Identify the Challenges of Data Visibility (network, host, and cloud) in Detection - Cloud Data Visibility |
Unit 22 | Identify the Challenges of Data Visibility (network, host, and cloud) in Detection - Network Data Visibility |
Unit 23 | Identify the Challenges of Data Visibility (network, host, and cloud) in Detection - Endpoint Data Visibility |
Unit 24 | Identify Potential Data Loss from Provided Traffic Profiles - Data Loss Prevention (DLP) |
Unit 25 | Interpret the 5-Tuple Approach to Isolate a Compromised Host in a Grouped Set of Logs - Identify Compromised Host Using 5-Tuple |
Unit 26 | Compare Rule-based Detection vs. Behavioral and Statistical Detection - Signature-based vs Behavior-based Detection |
Unit 27 | Exam |
Module 2 | Security Monitoring |
Unit 1 | Compare Attack Surface and Vulnerability - Attack Surface |
Unit 2 | Compare Attack Surface and Vulnerability - Vulnerabilities |
Unit 3 | Identify the Types of Data Provided by These Technologies - TCP Dump |
Unit 4 | Identify the Types of Data Provided by These Technologies - Netflow |
Unit 5 | Identify the Types of Data Provided by These Technologies - Next Gen Firewall |
Unit 6 | Identify the Types of Data Provided by These Technologies - Traditional Stateful Firewall |
Unit 7 | Identify the Types of Data Provided by These Technologies - Application Visibility and Control |
Unit 8 | Identify the Types of Data Provided by These Technologies - Web Content Filtering |
Unit 9 | Compare Attack Surface and Vulnerability - Attack Surface Identify the Types of Data Provided by These Technologies - Email Content Filtering |
Unit 10 | Describe the Impact of These Technologies on Data Visibility - Access Control List |
Unit 11 | Describe the Impact of These Technologies on Data Visibility - NAT/PAT |
Unit 12 | Describe the Impact of These Technologies on Data Visibility - Tunneling and Encapsulation |
Unit 13 | Describe the Impact of These Technologies on Data Visibility - TOR |
Unit 14 | Describe the Impact of These Technologies on Data Visibility - Encryption |
Unit 15 | Describe the Impact of These Technologies on Data Visibility - P2P |
Unit 16 | Describe the Impact of These Technologies on Data Visibility - Load Balancing |
Unit 17 | Describe the Uses of These Data Types in Security Monitoring - Full Packet Capture |
Unit 18 | Describe the Uses of These Data Types in Security Monitoring - Session Data |
Unit 19 | Describe the Uses of These Data Types in Security Monitoring - Transaction Data |
Unit 20 | Describe the Uses of These Data Types in Security Monitoring - Statistical Data |
Unit 21 | Describe the Uses of These Data Types in Security Monitoring - Metadata |
Unit 22 | Describe the Uses of These Data Types in Security Monitoring - Alert Data |
Unit 23 | Describe Network Attacks - Denial of Service and Distributed Denial of Service Attack |
Unit 24 | Describe Network Attacks - Man-in-the-Middle |
Unit 25 | Describe Web Application Attacks - SQL Injection |
Unit 26 | Describe Web Application Attacks - Command Injection |
Unit 27 | Describe Web Application Attacks - Cross-site Scripting |
Unit 28 | Describe Social Engineering Attacks - Social Engineering Attacks |
Unit 29 | Describe Endpoint-based Attacks - Buffer Overflow |
Unit 30 | Describe Endpoint-based Attacks - Command and Control |
Unit 31 | Describe Endpoint-based Attacks - Malware |
Unit 32 | Describe Endpoint-based Attacks - Ransomware |
Unit 33 | Describe the Impact of Certificates on Security - Encryption |
Unit 34 | Describe the Impact of Certificates on Security - Cryptanalysis |
Unit 35 | Describe the Impact of Certificates on Security - Symmetric Encryption & Asymmetric Encryption |
Unit 36 | Describe the Impact of Certificates on Security - Public Key Infrastructure (PKI) |
Unit 37 | Identify the Certificate Components in a Given Scenario - Certificate Components |
Unit 38 | Exam |
Module 3 | Host-Based Analysis |
Unit 1 | Host-based Firewall |
Unit 2 | Endpoint Technologies - Host-based Intrusion Prevention System |
Unit 3 | Endpoint Technologies - Host-based Antivirus |
Unit 4 | Endpoint Technologies - Host-based AntiMalware |
Unit 5 | Endpoint Technologies - Application-level Whitelisting/Blacklisting |
Unit 6 | Endpoint Technologies - Systems-based Sandboxing |
Unit 7 | Components of an Operating System - Windows Processes |
Unit 8 | Components of an Operating System - Windows Threads |
Unit 9 | Components of an Operating System - Windows Registry Database |
Unit 10 | Components of an Operating System - Windows Handles |
Unit 11 | Components of an Operating System - Windows Services |
Unit 12 | Components of an Operating System - Windows Users, Group and Permissions |
Unit 13 | Components of an Operating System - Windows Network Activity from the CLI |
Unit 14 | Components of an Operating System - Windows Network Activity from the GUI |
Unit 15 | Components of an Operating System - Linux Bash – Bourne Again Shell |
Unit 16 | Components of an Operating System - Linux Directory Structure |
Unit 17 | Components of an Operating System - Linux Basic File manipulations |
Unit 18 | Components of an Operating System - Linux File system permissions |
Unit 19 | Components of an Operating System - Linux Piping and redirection of standard I/O |
Unit 20 | Components of an Operating System - Linux Grep stream filter |
Unit 21 | Components of an Operating System - Linux processes |
Unit 22 | Components of an Operating System - Linux Netstat command |
Unit 23 | Describe the role of attribution in an investigation - Role of Attribution in an Investigation |
Unit 24 | Identify Type of Evidence Used Based on Provided Logs - Types of Evidence |
Unit 25 | Compare Tampered and Untampered Disk Image |
Unit 26 | Interpret Operating System, Application, or Command Line Logs to Identify an Event - Interpret Logs to Identify an Event |
Unit 27 | Interpret the Output Report of a Malware Analysis Tool |
Unit 28 | Exam |
Module 4 | Network Intrusion Analysis |
Unit 1 | Map the Provided Events to Source Technologies |
Unit 2 | Compare Impact and no Impact for These Items |
Unit 3 | Compare Deep Packet Inspection with Packet Filtering and Stateful Firewall Operation |
Unit 4 | Compare Inline Traffic Interrogation and Taps or Traffic Monitoring |
Unit 5 | Compare the Characteristics of Data obtained from Taps or Traffic Monitoring |
Unit 6 | Extract files from a TCP Stream when Given a PCAP File and Wireshark |
Unit 7 | Identify Key Elements in an Intrusion from a Given PCAP File |
Unit 8 | Interpreting Protocol Header Fields - Ethernet Frame |
Unit 9 | Interpreting Protocol Header Fields - IPv4 |
Unit 10 | Interpreting Protocol header fields - IPv6 |
Unit 11 | Interpreting Protocol Header Fields - TCP |
Unit 12 | Interpreting Protocol Header Fields - UDP |
Unit 13 | Interpreting Protocol Header Fields - ICMP |
Unit 14 | Interpreting Protocol Header Fields - DNS |
Unit 15 | Interpreting Protocol Header Fields - ARP |
Unit 16 | Interpret Common Artifact Elements from an Event to Identify an Alert |
Unit 17 | Interpret Basic Regular Expressions |
Unit 18 | Exam |
Module 5 | Security Policies and Procedures |
Unit 1 | Describe Management Concepts |
Unit 2 | Describe the Elements in an Incident Response Plan as Stated in NIST.SP800-61r2 |
Unit 3 | The Cyber Kill Chain (Incident Response Model) |
Unit 4 | NIST.SP800-61 - Preparation |
Unit 5 | NIST.SP800-61 - Detection and Analysis |
Unit 6 | NIST.SP800-61 - Containment, Eradication, and Recovery |
Unit 7 | NIST.SP800-61 - Post-incident Activity |
Unit 8 | Incident Response Stakeholders |
Unit 9 | Describe concepts as documented in NIST.SP800-86 |
Unit 10 | Identify these elements used for Network profiling - Throughput |
Unit 11 | Identify these elements used for Network profiling - Session Duration |
Unit 12 | Identify these elements used for Network profiling - Ports Used |
Unit 13 | Identify these elements used for Network profiling - Critical Asset Address Space |
Unit 14 | Identify these elements used for Host profiling - Listening Ports |
Unit 15 | Identify these elements used for Host profiling - Logged in Users/Services Accounts |
Unit 16 | Identify these elements used for Host profiling - Running Processes |
Unit 17 | Identify these elements used for Host profiling - Applications |
Unit 18 | Identify Protected Data in a Network |
Unit 19 | The Diamond Model (Incident Response model) |
Unit 20 | SOC Metrics |
Unit 21 | Exam |
Module 6 | Bonus Exams |
Unit 1 | Bonus Exam 1 |
Unit 2 | Bonus Exam 2 |