Cisco CyberOps glossary of threats, monitoring, response terms, traps, and decision cues.
Use this glossary when Cisco Cybersecurity Associate (CyberOps) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| IOC | Indicator of compromise such as hash, IP, domain, or artifact. |
| SIEM | Platform that aggregates and analyzes security logs. |
| TTP | Tactics, techniques, and procedures used by attackers. |
| Containment | Action that limits attacker movement or impact. |
| Packet capture | Recorded network packets used for analysis. |
| Vulnerability | Weakness that may be exploited to affect confidentiality, integrity, or availability. |
| Pair | How to separate them |
|---|---|
| Security monitoring vs Network intrusion analysis | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.