Kirkian Computing

Month: March 2023

  • Cisco Certified CyberOps Associate

    Overview

    In November 2016, Cisco introduced “CCNA CyberOps”. This consisted of 2 exams:

    • 210-250 Understanding Cisco Cybersecurity Fundamentals (SECFND)
    • 210-255 Implementing Cisco Cybersecurity Operations (SECOPS)

    At this point, there were 10 associate level certifications: 9 versions of CCNA (Cisco Certified Network Associate), and also CCDA (Cisco Certified Design Associate).

    In February 2020, most of the associate exams were merged together into the new CCNA (200-301). The only exception was CCNA CyberOps, which got rebranded as Cisco Certified CyberOps Associate.

    In May 2020, the 2 exams above were replaced with a single exam:

    • 200-201 CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals

    NB There was no overlap period between the old/new exams; the last date to take the old exams was 28th May, and the first date to take the new exam was 29th May.

    I interleaved the CyberOps exams with the CCNA R&S:

    • In Mar 2016 I did ICND1.
    • In Mar 2019, I did SECFND.
    • In Nov 2019, I did ICND2.
    • In May 2020, I did SECOPS.

    The main reason I did it this way was to stop the CCENT from expiring before I was ready for ICND2.

    For training material, I used the Cisco Press books and Matt Carey’s Udemy course.

    Looking at the 2 books:

    • The SECFND book had 15 chapters (taking up 550 pages) along with appendixes.
    • The SECOPS book had 11 chapters (taking up 280 pages) along with an appendix.

    So, the combined length (830 pages) was equivalent to one of the CCNA textbooks (800-900 pages each). I’m glad to see that the CBROPS study guide is a single book, with 16 chapters (575 pages) plus appendixes.

    The Udemy course has been updated for the CBROPS exam, so anyone who paid for the old course will automatically get access to the new material.

    NB This blog post applies to the original 2 exams.

    (more…)

  • Server+ (SK0-004)

    In May 2020, I took CompTIA’s Server+ exam. This certification is “good for life”, i.e. it’s not part of the CE program and I don’t have to recertify.

    As with all of CompTIA’s exams, there are no formal prerequisites, but they advise you to have A+ first (or at least know the material that’s covered by the A+ certification) along with 18 months of IT experience. I found that there was quite a bit of overlap with the Network+ and Security+ syllabus, so I’d prefer to see it aimed at people who’ve already done those exams. That would reduce duplication in the training material, and allow for more depth on the topics that are server/storage specific. (This certification has absorbed the old Storage+.)

    NB I did the SK0-004 syllabus, and the current syllabus is SK0-005. Based on the exam objectives, SK0-005 seems like an improvement, e.g. it goes into more detail about high availability clusters. However, I think that most of the information in this blog post will still be relevant.

    (more…)

  • eLearnSecurity Junior Penetration Tester (eJPT)

    In April 2020, I took the eJPT exam from eLearnSecurity. As the “Junior” part of the name suggests, this is an entry level exam, and I think it acts as a good stepping stone towards the eCPPT or the OSCP.

    All of eLearnSecurity’s certifications are good for life, as opposed to Cisco/CompTIA certifications which have to be renewed every 3 years; however, they update the syllabus every so often, so eJPTv2 has now replaced the original eJPT (which I did).

    This was my third penetration testing exam, and it took an interesting approach. PenTest+ is a traditional theory based exam, where you answer multiple choice questions and then a computer instantly gives you the result when you finish. OSWP is a practical exam, where I had to submit a written report and wait for a human to review it. In the eJPT exam, you are given VPN access to a network, and then you have to answer multiple choice questions based on that network. For instance, they might ask you “How many Windows services are configured for automatic startup on SERVER1?” The only way to find out is to gain access to that server, i.e. you have to actually use the skills that you’ve learnt rather than regurgitating trivia points from memory. I think this approach gives the best of both worlds, i.e. a practical test with instant results, although reports are an important skill for real-life penetration tests.

    (more…)