Why This Cheat Sheet Matters for CYBEROPS
This cheat sheet covers the most important SOC Monitoring Tools & Techniques concepts tested on the CYBEROPS (CyberOps Associate) certification exam. It contains 2 sections with 10 key points that you should memorize before exam day. Use this as a quick-reference guide during your final review sessions.
2Sections
10Key Points
Monitoring Tools
- Wireshark: packet capture and deep protocol analysis.
- NetFlow: IP traffic flow data (source, dest, bytes, packets).
- SNMP: polls devices for status; traps for unsolicited alerts (v3 adds encryption).
- Syslog: centralized log collection (UDP 514). Severity 0–7.
- SIEM: correlates logs from multiple sources; alerts on patterns.
Key Protocols to Monitor
- DNS (port 53): watch for tunneling (long subdomain names), cache poisoning.
- HTTP/HTTPS (80/443): watch for unusual POST sizes, beaconing.
- SMTP (25): watch for outbound email exfiltration.
- SSH (22): watch for brute-force attempts (many failed logins).
- ICMP: watch for ping sweeps and large ICMP payloads (tunnel).
Practice SOC Monitoring Tools & Techniques Questions
Put your knowledge to the test with practice questions.
Cisco Command Quick Reference
Cisco IOS commands follow a hierarchical structure: User EXEC mode (>), Privileged EXEC mode (#), Global Configuration mode (config)#, and Interface Configuration mode (config-if)#. Master the transitions between these modes and the key "show" commands for each technology area — they are heavily tested on every Cisco exam.