• Monitoring Security Events
• Configuring and Tuning Security Detecting and Alarming
• Analyzing Traffic for Security Threats
• Security Incident Response

This exam measures a student's knowledge and skills for detecting and mitigating network security threats by utilizing Cisco and additional security product features. 

Exam: 600-199 SCYBER

Length - 60 minutes (50-60 questions)

Objectives:

Info Collection and Security Foundations (13%)

• Network Topologies, Application Architecture and Host Configuration Standards
• Identifying Network and Security Operation Center Services for Organizations
• Traditional Hacking Methods
• Typical Operational Procedures and Incident Response Processes with Security Operations Centers (SOCs)
• Mission Critical Network Traffic and Functions, Applications, Device and Services Behavior 
• Corporate Security Policies
• Network Security Analyst Role and Responsibilities
• Data Resources for Vendor Vulnerabilities, Threats, Exploits and Active Attacks
• Influence and Impact of Vulnerabilities, Attacks and Threats on Operations
• Network Profile Baselines
• Correlation Baselines
• Risk Analysis Mitigation

Event Monitoring (16%)

• Source of Data Types and Connection to Network Security
• Monitoring Network Data Collections Pertaining to Network Security
• Monitoring and Validating Health/Performance State and Device Availability
• Monitoring DNS Query Log Output
• Verifying devices by Monitoring Telemetry Data
• Identifying Security Incidents
• Evidence Collection and Forensic Analysis Best Practices

Security Events and Alarms (16%)

• Event and Alarm Types and Severity
• Identifying and Dismissing False Positive Indicators
• Event Correlation with Alarms and Corporate Infrastructure Architecture
• Accessing Events and Traffic Pertaining to Set Policies
• Identifying Actionable Events
• Identifying Incident Types
• Diagnostic Procedures and Event Metrics

Analyzing, Collecting and Correlation of Traffic (24%)

• IP Packet Structures
• TCP and UDP Header Info
• Analyzing Network Traces and TCP Dumps for Tracing Activities
• IOS and Analyzing Packets
• IOS and Accessing Packets
• Collecting Network Traces
• Configuring Packet Capture

Responding to Incidents (16%)

• Standard Incident Response Practices for Corporate Environments
• Escalation Policies in Corporate Environments
• Identifying Enhancements for Procedures, Policies and Decision Trees
• Emergency Mitigation for Vulnerabilities, Exploits and High-Level Threats
• Evaluating and Suggesting Vulnerability Response for Improving Monitor, Response and Mitigation Practices
• Typical Compliance and Legal Problems with Security Event Handling

Operational Communications (15%)

• Communication Vehicles for Post-Threat Remediation
• Creating Incident Reports and Interpreting Data for Determining Escalation
• Metric and Channel Types Pertaining to Select Correct Personnel
• Processing Incident Handling Communication
• Supplying Context Awareness of Incident Reports to Stakeholders
• Communicating Security Problems to Remediation Teams such as Constituent-Based Groups
• Ensuring Security Awareness with Vulnerabilities, Possible Security Patches from Incident Handling
• Addressing Repetitive Problems Evident through Incident Handling and Suggesting Solutions for Architecture Adjustments
• The Post-Mortem Process