Way back July of this year, I took my Cisco CCNA SECOPS (210-255) examination as part of the Cisco CyberOps course offered by Cisco. I was part of the Cohort 1 back then. However, cybersecurity and Linux are not my forte, as I have really focused on network matters. Since Cisco offered the course free of charge, I have to grab the opportunity.
As part of my exam preparation, I joined several Facebook groups (Manila-based and international-based). These are just a few of the Facebook study groups where you could learn the latest updates about the exams:
As a general impression, the exam is fairly easy as long as you understand the concepts discussed on the study materials. I got a higher score on SECOPS as compared with the SECFND. However, you should be careful when dealing with the wordings. Many questions have vague wordings. This would be a bit difficult for questions that require classifications.
Cisco SECOPS Exam Preparation Materials
Unlike the Cisco SECFND materials, the stuffs for the SECOPS are just few and not so technical. It deals mainly with forensics, chain of custody, and other SOC-related matters. Moreover, the lab parts are focused on the security tools that are usually used in SOC to gather and analyze data.
The CCNA Cyber Ops SECOPS #210-255 Official Cert Guide details most of the topics covered by the Lumi Cybersecurity course. It extends the knowledge of the reader by providing additional information which may be helpful for understanding the SOC operations. There are questions at the beginning of each chapters known as “Do I Know This Already?” Quiz. Also, at the end of each chapter, there is a Q&A section.
The SECOPS Study Material from Cisco itself provides link to resources and additional information. These could possibly be included on the exam.
This official document from National Institute of Standards and Technology (NIST) is one of the key study materials to pass the Cisco SECOPS exam. This publication serves as an official computer security incident handling guide for determining the appropriate response to each incident.
Cisco CCNA SECOPS Possible Topics (210-255)
The following topics could be possibly included in your Cisco CCNA SECOPS exam. Also, please note that I took the SECFND and SECOPS at the same date. Hence, I’m not 100% sure of the overlap.
- Types of data and the devices that contains this data
- Log analysis and formats (HTTP)
- Analyzing PCAP and Wireshark files and data
- Netflow (format, anaysis)
- VirusTotal analysis
- IPS/IDS logs
- Cisco AMP
- HTTP header fields
- CVSSv3 metrics
- Chain of custody details (phases, in-charge)
- Incident report
- Compliance frameworks (PCI DSS, etc.)
- False positive, True positive, False negative, False positive
- Incident response plan
- Diamond model scenarios (I’ve seen a couple of this)
- Incident handling (responsibilities, phases, in-charge)
- NIST SP800-61 Rev 2
- Basic regular expressions patterns
Here’s the study material from Lumicybersecurity for the CCNA SECOPS 210-255.SECOPS_LUMICYBERSECURITY
These are just the topics that I could remember when I got my exam last July 2017. Cisco updates the questions regularly. Hence, it is very important to check the Cisco website for the exam updates. Finally, if you have questions, feel free to leave comments here.
Good luck on your cybersecurity journey!