Cisco Cybersecurity Specialist

The Securing Cisco Networks with Threat Detection and Analysis (SCYBER) exam is the exam associated with the Cisco Cybersecurity Specialist certification. Designed for professional security analysts, the exam covers essential areas of competency including event monitoring, security event/alarm/traffic analysis, and incident response.

Syllabus:

• 1.0 Information Gathering and Security Foundations
• 1.1 Describe basic network topologies, application architecture, and host configuration standards
• 1.2 Identify the services a network and security operations center offers to an organization
• 1.3 Describe traditional hacking techniques
• 1.4 Describe basic operational procedures and incident response processes of a security operations center
• 1.5 Describe basic network security events
• 1.6 Describe mission-critical network traffic and functions, applications, services, and device behaviors
• 1.7 Describe corporate security policies
• 1.8 Describe the role of a network security analyst
• 1.9 Describe the primary sources of data on vendor vulnerabilities, current threats, exploits, and active attacks
• 1.10 Describe how vulnerability, attack, and threat data impact operations
• 1.11 Describe the baseline of a network profile
• 1.12 Describe correlation baselines (use NetFlow output to validate normal traffic vs. non-normal)
• 1.13 Describe security around local business process and infrastructure and applications
• 1.14 Describe risk analysis mitigation
• 2.0 Event Monitoring
• 2.1 Describe the various sources of data and how they relate to network security issues
• 2.2 Monitor the collection of network data as it relates to network security issues
• 2.3 Monitor and validate health state and availability of devices
• 2. Monitor DNS query log output (monitor telemetry data to validate devices)
• 2.5 Identify a security incident (single or recurrent)
• 2.6 Describe the best practices for evidence collection and forensic analysis
• 2.7 Describe the different types and severity of alarms and events
• 3.0 Security Events and Alarms
• 3.1 Identify and dismiss false positive indicators correctly
• 3.2 Describe event correlation within the context of the various alarms and corporate infrastructure architecture
• 3.3 Assess traffic and events in relation to stated policies
• 3.4 Identify actionable events
• 3.5 Identify basic incident types
• 3.6 Describe event metrics and diagnostic procedures
• 4.0 Traffic Analysis, Collection, and Correlation
• 4.1 Describe IP packet structures
• 4.2 Describe TCP and UDP header information
• 4.3 Analyze network traces or TCP dumps and trace back to actual activities
• 4.4 Describe packet analysis in IOS
• 4.5 Describe access packets in IOS
• 4.6 Acquire network traces
• 4.7 Configure packet capture
• 5.0 Incident Response
• 5.1 Describe standard corporate incident response procedure and escalation policies
• 5.2 Identify necessary changes to enhance the existing procedure, policy, and decision tree
• 5.3 Describe the basic emergency mitigation of high-level threats, exploits, and vulnerabilities
• 5.4 Evaluate and recommend responses to vulnerabilities to ensure adequate monitoring response and mitigation
• 5.5 Assist level 2 incident response team to mitigate issues
• 5.6 Describe best practices for post-event investigation
• 5.7 Describe common legal and compliance issues in security event handling
• 6.0 Operational Communications