Special Offers | My Account | Log In
  0 items in your cart

Search: Boson Sites | Products
Cisco > Cisco Cybersecurity Specialist > SCYBER Training

Upcoming Dates:

Don’t see the date you want? Contact us.
Price: $4295

Call 813-925-0700 (opt 2) to request this class.

SCYBER Training

Class Delivery Methods
Request a private class

Contact Us:

813-925-0700 (opt 2)
877-333-EXAM (opt 2)
FAX: 813-925-3957
EMAIL: Boson Training

Full Course List

Request More Information

SCYBER Training

About This IT Training:

Exam Number: 600-199 SCYBER
Exam Name: SCYBER (Securing Cisco Networks with Threat Detection and Analysis)
Certifications: Cisco Cybersecurity Specialist
Single-User License  

SCYBER 600-199 Training

This five-day, lab-intensive training course prepares you to take the Cybersecurity Specialist Certification exam and to hit the ground running as a security analyst team member. The course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand cyber security concepts and to recognize specific threats and attacks on your network. This course is designed to teach you how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.

What's Included

  • Comprehensive study materials

Boson Training Class Guarantee

All of our Cisco and Microsoft courses come with our Boson Training Class Guarantee, which means if you don't pass, you can attend the class again for no charge. Learn more.

SCYBER 600-199 Training Prerequisites

The knowledge and skills that a student must have before attending this course are as follows:
  • CCNA equivalent knowledge is preferred
  • Basic understanding of Cisco security product features
  • Basic understanding of open-source and commercial network security tools
  • Basic understanding of Microsoft Windows and UNIX/Linux operating systems, desktops, and servers
  • Basic understanding of the Open Systems Interconnection (OSI) model and TCP/IP

Course Objectives

After completing this course, you will be able to:
  • Describe the tools, techniques, and thought processes of an attacker.
  • Describe the features, functions, and benefits of an SOC.
  • Identify the common sources used to detect an incident, as well as the actions that should be considered in response.
  • Perform basic packet capture and packet analysis.
  • Enable syslog on Cisco devices and to perform basic network log analysis.
  • Discuss the relevance of baselining and some of the most useful steps to be used when deploying a system.
  • Discuss the policies and roles in the typical SOC, as well as some of the common tools used by SOC members.
  • Discuss techniques used to identify anomalies and correlate log entries.
  • Understand techniques used to scope, document, and analyze investigations.
  • Discuss the methodology behind mitigations.
  • Discuss documentation and communication during an incident.
  • Discuss post-incident considerations.

SCYBER 600-199 Training Course Outline

Module 1: Attacker Methodology
  • Lesson 1: Defining the Attacker Methodology
  • Lesson 2: Identifying Malware and Attacker Tools
  • Lesson 3: Understanding Attacks

Module 2: Defender Methodology
  • Lesson 1: Enumerating Threats, Vulnerabilities, and Exploits
  • Lesson 2: Defining SOC Services
  • Lesson 3: Defining SOC Procedures
  • Lesson 4: Defining the Role of a Network Security Analyst
  • Lesson 5: Identifying a Security Incident

Module 3: Defender Tools
  • Lesson 1: Collecting Network Data
  • Lesson 2: Understanding Correlation and Baselines
  • Lesson 3: Assessing Sources of Data
  • Lesson 4: Understanding Events
  • Lesson 5: Examining User Reports
  • Lesson 6: Introducing Risk Analysis and Mitigation

Module 4: Packet Analysis
  • Lesson 1: Identifying Packet Data
  • Lesson 2: Analyzing Packets Using Cisco IOS Software
  • Lesson 3: Accessing Packets in Cisco IOS Software
  • Lesson 4: Acquiring Network Traces
  • Lesson 5: Establishing a Packet Baseline
  • Lesson 6: Analyzing Packet Traces

Module 5: Network Log Analysis
  • Lesson 1: Using Log Analysis Protocols and Tools
  • Lesson 2: Exploring Log Mechanics
  • Lesson 3: Retrieving Syslog Data
  • Lesson 4: Retrieving DNS Events and Proxy Logs
  • Lesson 5: Correlating Log Files

Module 6: Baseline Network Operations
  • Lesson 1: Baselining Business Processes
  • Lesson 2: Mapping the Network Topology
  • Lesson 3: Managing Network Devices
  • Lesson 4: Baselining Monitored Networks
  • Lesson 5: Monitoring Network Health

Module 7: Incident Response Preparation
  • Lesson 1: Defining the Role of the SOC
  • Lesson 2: Establishing Effective Security Controls
  • Lesson 3: Establishing an Effective Monitoring System

Module 8: Security Incident Detection
  • Lesson 1: Correlating Events Manually
  • Lesson 2: Correlating Events Automatically
  • Lesson 3: Assessing Incidents
  • Lesson 4: Classifying Incidents
  • Lesson 5: Attributing the Incident Source

Module 9: Investigations
  • Lesson 1: Scoping the Investigation
  • Lesson 2: Investigating Through Data Correlation
  • Lesson 3: Understanding NetFlow
  • Lesson 4: Investigating Connections Using NetFlow

Module 10: Mitigations and Best Practices
  • Lesson 1: Mitigating Incidents
  • Lesson 2: Using ACLs
  • Lesson 3: Implementing Network-Layer Mitigations and Best Practices
  • Lesson 4: Implementing Link-Layer Best Practices

Module 11: Communication
  • Lesson 1: Documenting Communication
  • Lesson 2: Documenting Incident Details

Module 12: Post-Event Activity
  • Lesson 1: Conducting an Incident Post-Mortem
  • Lesson 2: Improving Security of Monitored Networks


  • Lab 1: Assessing Your Understanding of Network and Security Operations
  • Lab 2: Exploring the Remote Lab Environment
  • Lab 3: Enabling Netflow Export and Syslog
  • Lab 4: Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
  • Lab 5: Capturing Packets using TCPDUMP
  • Lab 6: Examining Logs Manually
  • Lab 7: Enabling AAA for Router SSH Management Access
  • Lab 8: Enabling SMNPv3 on the Pod Router and Pod Switch
  • Lab 9: Performing NMAP Scans and Using Netcat to Connect to Open Ports
  • Lab 10: Analyzing PCAP File with Suspicious Activities Using Wireshark
  • Lab 11: Examining Event Logs Manually
  • Lab 12: Examining Event Logs Using Splunk
  • Lab 13: Analyzing NetFlow Data with Lancope StealthWatch
  • Lab 14: Implementing IOS Zone-Based Firewall
  • Lab 15: Incident Response

Be the first to review this product. If you have used this product, you can review it on your account page. You must be logged in to review products.