How I passed the 200-201 (CBROPS) Cisco Cyberops Associate Exam

Exam Information

I recently studied for and passed the 200-201 CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals exam, which grants the Cisco Certified CyberOps Associate certification. This certification was formerly known as the CCNA CyberOps, which was a two-part exam. Cisco went ahead and combined the SECOPS and SECFND of the CCNA CyberOps exam into a single exam (CBROPS 200-201) on May 29, 2020. The CBROPS exam focuses on the knowledge and skills related to five cybersecurity domains. Each domain has its own weight.

• Security Concepts - 20%

• Security Monitoring - 25%

• Host-Based Analysis - 20%

• Network Intrusion Analysis - 20%

• Security Policies and Procedures - 15%

Exam blueprint: Understanding Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS)

The exam itself costs $300 and is a 120-minute assessment taken online or through one of the Pearson Vue testing centers. A passing score of 825/1000 is required to clear the exam. 

Studying & Exam Overview

I studied full-time while working a full-time job from May 15, 2021, to my exam day on June 15, 2021. I studied for about 5 hours or so each day, not consecutively. It's essential to take breaks every so often and allow your brain to form connections between concepts and soak up the information. My study breaks consisted of going on walks and playing Chivalry II (A medieval sword fighting game, excellent for releasing frustration). 

My exam day was June 15, 2021, at 11:00 am. I opted to take the in-person exam at my local Pearson VUE testing center. Arriving 20 minutes early is a good idea. It saved me since I initially went to the wrong building. I completed the exam with about 30 min to spare. It’s important to read each question carefully, which I learned from taking my CCNA exam. In the end, it paid off, and I scored 912/1000 on the first attempt. In addition, I scored the following in each domain:

• Security Concepts - 95% score

• Security Monitoring - 80% score

• Host-Based Analysis - 85% score

• Network Intrusion Analysis - 90% score

• Security Policies and Procedures - 80% score

I'm not surprised I scored higher on Security Concepts & Network Intrusion Analysis since my job focuses on studying network-based vulnerabilities.

Study Materials

My primary source of studying was the Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide by Omar Santos. You can get the Book + eBook for $58 + tax. This guide comes with practice exams and references key topics and terms throughout the book.

For note-taking, I use Notion and MindMeister for mind mapping. I find this is a powerful note-taking system.

You will need to get familiar with a few NIST Special Publications. The following helped me immensely, especially NIST SP 800-61r2 & NIST SP 800-86, which are critical to the exam.

• NIST SP 800-61r2 - Computer Security Incident Handling Guide

• NIST SP 800-86 - Guide to Integrating Forensic Techniques into Incident Response

• NIST SP 800-40r3 - Guide to Enterprise Patch Management Technologies

• NIST SP 800-37r2 - Risk Management Framework for Information Systems and Organization

If you’re not familiar with the following tools, you’ll need to practice & gain some familiarity.

• Packet Analysis with Wireshark. Omar Santos has a great list of some sample packet captures in his GitHub repo to play with.

• Learn some regex basics using a free tool such as Regex101. In addition, you can find some great regex help at regular-expressions.info.

• Practice some of the monitoring tools available on the Security Onion.

A big part of security monitoring and analysis is leveraging log files. If you’re not familiar with Syslog, here are some great references to gain an understanding.

• Syslog Tutorial: How It Works, Examples, Best Practices, and More

• What are Syslog Facilities and Levels?

Some other references that helped me as well include the following:

• The-Art-of-Hacking-Repo the author’s repo which includes a treasure trove of information.

• A Guide to Cyber Attribution

My Study Method

The first thing I did before opening the certification guide was to read through the official cisco exam blueprint. Reading the blueprint will prepare your mind for reading the certification guide since Cisco is testing you directly on these topics. It’s a great idea to go back through the exam blueprint

After going over the exam blueprint, schedule your exam. This will burn your bridge behind you, so to speak, forcing you to move forward and study since you have a hard deadline. Also, this will combat procrastination if that’s an issue for you. I like to add a section in my Notion notes for schedules where I’ll keep track of when I start studying and my exam date so I can reference it as needed.

After you’ve scheduled your exam, I read the official certification guide from front to back. It may seem daunting but don’t focus too much on the size. Just take it one page at a time! Sitting back, relaxing with a hot beverage, and listening to some baroque music while you study is one of the joys in life. While reading don’t worry about remembering everything; instead, get a feel for the content while focusing on the chapter titles, sections, bold and italicized text.

Once I’ve read the entire book, I go through the key topics and terms found in the certification guide. This is where I take notes. I like to use tables in Notion and add each chapter as a row. Notion creates a page for each, which you can use for chapter notes, I have each chapter under the Title column in my notion table.

On each page, I add my notes, especially the end of chapter content like the key concepts and terms. I like to add the Element such as section, list, paragraph as well as the page number in my tables so I can quickly go back and re-read the content if I needed to.

A great thing about Notion is that it allows you to export your tables as PDF to print them and quiz yourself or have someone quiz you. I then mind-mapped each chapter according to those concepts. Here is an example of a massive mind map I created for Chapter 1 - Cybersecurity fundamentals. I actually ran out of time before my exam and decided to stop mind-mapping since they can take quite a bit of time.

After I’ve gone through each chapter repeatedly and taken my notes, and mind-mapped, I quizzed myself using the tables I’ve created. In addition, I went through all the review questions and “Do I know this already?” quizzes. If I haven’t really grasped a concept, I’ll continue to refine my notes based on those review questions. I did this up to my exam day on June 15th, 2021.

Summary

This Cisco CBROPS course material is s great foundational exam for topics related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. I would highly recommend it if this is something you’re interested in.

Here is my Github repo with my notes and references to help with your studies.

200-201-CBROPS-Cisco-Certified-CyberOps-Associate-Study-Guide

I hope you found this informative, and if you have any questions, feel free to reach out to me. I’m going after some cloud certifications next. Happy Cert Hunting!