IT Certification and Career Paths

600-199 SCYBER

Securing Cisco Networks with Threat Detection and Analysis

Exam Number 600-199 SCYBER
Associated Certifications Cisco Cybersecurity Specialist
Duration 60 minutes (45 - 55 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

The Securing Cisco Networks with Threat Detection and Analysis (SCYBER) exam is the exam associated with the Cisco Cybersecurity Specialist certification. This exam is aimed at testing the knowledge and skills required to proactively detect and mitigate network security threats by leveraging features that exist in Cisco and other industry network security products today. Designed for professional security analysts, the exam covers essential areas of competency, including event monitoring, security event/alarm/traffic analysis, and incident response.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the practical exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

  • 13%     1.0   Information Gathering and Security Foundations
       

      • 1.1   Describe basic network topologies, application architecture, and
                host configuration standards
         
      • 1.2   Identify the services a network and security operation center offers
                offers to an organization
         
      • 1.3   Describe traditional hacking techniques
         
      • 1.4   Describe basic operational procedures and incident response
                processes of a security operations center (SOC)
         
      • 1.5   Describe basic network security events
         
      • 1.6   Describe mission critical network traffic and functions, applications,
                services and device behaviors
         
      • 1.7   Describe corporate security policies
         
      • 1.8   Describe the role of a Network Security Analyst
         
      • 1.9   Describe the primary sources of data on vendor vulnerabilities,
                current threats, exploits and active attacks
         
      • 1.10   Describe how vulnerability, attack and threat data impacts
                  operations
         
      • 1.11   Describe the baseline of a network profile
         
      • 1.12   Describe correlation baselines. (Use netflow output to
                  validate normal traffic vs. non-normal)
         
      • 1.13   Describe security around local business process and infrastructure
                  and applications
         
      • 1.14   Describe risk analysis mitigation
         
  • 16%     2.0   Event Monitoring

      • 2.1   Describe the various sources of data and how they relate to network
                security issues
         
      • 2.2   Monitor the collection of network data as it relates to network security
                issues
         
      • 2.3   Monitor and validate health state and availability of devices
         
      • 2.4   Monitor DNS query log output (Monitor telemetry data to validate
                devices)
         
      • 2.5   Identify a security incident (single or recurrent)
         
      • 2.6   Describe the best practices for evidence collection and forensic
                analysis
  • 16%     3.0   Security Events and Alarms

      • 3.1   Describe the different types and severity of alarms and events
         
      • 3.2   Identify and dismiss false positive indicators correctly
         
      • 3.3   Describe event correlation within the context of the various alarms
                and corporate infrastructure architecture
         
      • 3.4   Assess traffic and events in relation to stated policies
         
      • 3.5   Identify actionable events
         
      • 3.6   Identify basic incident types
         
      • 3.7   Describe event metrics and diagnostic procedures
  • 24%     4.0   Traffic Analysis, Collection, and Correlation
      

      • 4.1   Describe IP packet structures
         
      • 4.2   Describe TCP and UDP header information
         
      • 4.3   Analyze network traces or TCP dumps and trace back to actual
                activities
         
      • 4.4   Describe packet analysis in IOS
         
      • 4.5   Describe access packets in IOS
         
      • 4.6   Acquire network traces
         
      • 4.7   Configure packet capture
  • 16%     5.0   Incident Response

      • 5.1   Describe standard corporate incident response procedure
                and escalation policies
         
      • 5.2   Identify necessary changes to enhance the existing procedure, policy
                and decision tree
         
      • 5.3   Describe the basic emergency mitigation of high-level threats,
                exploits, and vulnerabilities
         
      • 5.4   Evaluate and recommend responses to vulnerabilities to ensure
                adequate monitoring response and mitigations
         
      • 5.5   Assist level 2 incident response team to mitigate issues
         
      • 5.6   Describe best practices for post-event investigation
         
      • 5.7   Describe common legal and compliance issues in security
                event handling
  • 15%     6.0   Operational Communications

      • 6.1   Describe the communication vehicles related to post-threat
                remediation
         
      • 6.2   Generate incident reports and interpret the information to determine
                the direction of the escalation
         
      • 6.3   Describe the different types of available metrics and channel to
                appropriate personnel
         
      • 6.4   Process incident handling communications and provide context
                awareness for stakeholders
         
      • 6.5   Articulate details of problems to remediating teams
                (constituent-based groups)
         
      • 6.6   Maintain awareness regarding vulnerabilities and the recommended
                critical security patches as a result from incident handling
         
      • 6.7   Communicate recurring issues based on incident handling and
                provide recommendations for architectural changes or modifications
                and articulate
         
      • 6.8   Describe the post-mortem process
         
  • The following course is the recommended training for this exam.

    Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you.

    A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

          Register at Pearson VUE      

    Cisco Learning Network

    Get valuable IT training resources for all Cisco certifications. Access study tools, CCNA practice tests, IT salaries, and find IT jobs.

    Go Now

    Cisco Training Tools

    Use the following tools to assist in your certification journey.

    Cisco Learning Locator Self Assessment Tool Certification Tracking System Certifications & Communities Online Support

    Cisco Learning Labs

    Get hands-on routing / switching lab experience using Cisco IOS on UNIX.

    Learn More