CCNA Automation vs CCNA Cybersecurity: Which Cisco CCNA Track Should You Take in 2026?

CCNA Automation (200-901) is for network programmers ($95K-$130K). CCNA Cybersecurity (200-201) is for SOC analysts ($80K-$122K) with DoD 8570 compliance. Both rebranded Feb 3, 2026. Full comparison of domains, career paths, and which to take.
CCNA Automation vs CCNA Cybersecurity

CCNA Automation (exam code 200-901 CCNAAUTO) is the right choice if your career target involves network programmability, infrastructure automation, Python scripting, APIs, and building the tools that make networks run themselves. CCNA Cybersecurity (exam code 200-201 CCNACBR v1.2) is the right choice if your career target is security operations, SOC analysis, incident response, and defending organizations from cyber threats. Both cost $300, take 120 minutes, and launched their current forms on February 3, 2026 — but they open completely different career tracks, require different foundational skills, and lead to different CCNP paths.

Quick Comparison Table

FactorCCNA AutomationCCNA Cybersecurity
Exam code200-901 CCNAAUTO200-201 CCNACBR v1.2
Previous nameDevNet Associate (DEVASC)CyberOps Associate (CBROPS)
Renamed onFebruary 3, 2026February 3, 2026
Cost$300 USD$300 USD
Duration120 minutes120 minutes
Questions~100~95
Passing scoreNot publishedNot published
Prerequisites enforcedNoneNone
Validity3 years3 years
CCNP trackCCNP Automation (AUTOCOR 350-901)CCNP Cybersecurity (CBRCOR 350-201)
CCIE pathCCIE AutomationCCIE Cybersecurity
DoD 8570 complianceNo direct mappingYes — Cyber Defense Analyst, Cyber Defense Infrastructure Support
US salary range$85,000-$130,000$80,000-$122,000
Primary toolsPython, REST APIs, Ansible, Cisco platformsSIEM, Wireshark, PCAP analysis, incident response tools

The February 2026 Rebrand: What Actually Changed

Both CCNA Automation and CCNA Cybersecurity launched in their current form on February 3, 2026, as part of Cisco’s largest certification restructuring in over a decade. Understanding what changed versus what stayed the same is essential — many study materials available online still use the old exam names.

CCNA Automation (formerly DevNet Associate DEVASC)

The name change from DevNet Associate to CCNA Automation was not cosmetic. Cisco’s engineering team confirmed the exam content was substantially updated alongside the rebrand. The core shift: DevNet Associate was designed to turn network engineers into application developers. CCNA Automation is designed to turn network engineers into automation specialists.

Specific content changes:

  • Python emphasis shifted from application development (Flask, Django) to operational automation scripts
  • Cisco platform scope expanded to test automation across all eight major Cisco platforms simultaneously
  • Infrastructure as Code content added: Ansible, Terraform, and GitOps workflows
  • AI in automation content added: Catalyst Center AI analytics, AIOps concepts
  • Exam code 200-901 stayed the same

All active DevNet Associate holders had their credentials automatically migrated to CCNA Automation on February 3, 2026. No retesting required.

CCNA Cybersecurity (formerly CyberOps Associate CBROPS)

The name change from CyberOps Associate to CCNA Cybersecurity was primarily a branding decision. Employers understood “CCNA” instantly but were often unsure where “CyberOps Associate” fit in the Cisco hierarchy.

Content changes (v1.2 update):

  • AI applications in SOC monitoring added: AI-generated threat intelligence, automated detection and response, ML-powered anomaly detection
  • Exam code 200-201 stayed the same
  • All v1.1 content remains fully valid

All active CyberOps Associate holders were automatically migrated to CCNA Cybersecurity. No retesting required.

CCNA Automation: Full Domain Breakdown

Topic Area 1: Software Development and Design

  • Python fundamentals: data types, control flow, functions, error handling
  • Python for network automation: requests library, paramiko/netmiko for SSH, ncclient for NETCONF
  • Data formats: JSON, XML, YAML — parsing and constructing each for Cisco APIs
  • Version control: Git fundamentals, branching strategies, GitHub/GitLab for infrastructure-as-code
  • Testing: unit testing automation scripts, test-driven development for infrastructure changes
  • Linux fundamentals: file system, command line, shell scripting for automation environments

Topic Area 2: Understanding and Using APIs

  • REST API fundamentals: HTTP methods (GET, POST, PUT, DELETE, PATCH), status codes, authentication (basic auth, token auth, OAuth 2.0)
  • Cisco DNA Center / Catalyst Center API: intent API, device management, network hierarchy
  • Cisco ACI APIC REST API: managed object model, querying and modifying ACI objects programmatically
  • Cisco Meraki Dashboard API: organization, network, and device management through REST
  • Cisco IOS XE RESTCONF: YANG model querying, configuration management, operational data
  • WebSocket and streaming APIs: event-driven automation using webhooks

Topic Area 3: Cisco Platform Programmability

All eight Cisco platforms are tested. Candidates must know the API style, authentication method, and key automation use case for each.

PlatformAPI typeKey automation use case
Cisco IOS XENETCONF/YANG, RESTCONF, gNMIConfiguration and operational state management
Cisco NX-OSNX-API REST, NX-API CLIData center fabric automation
Cisco ACIAPIC REST APIPolicy-driven data center automation
Cisco MerakiDashboard REST APICloud-managed branch and campus automation
Cisco Catalyst CenterIntent REST APIEnterprise campus network automation
Cisco SD-WAN (vManage)vManage REST APISD-WAN policy and device management
Cisco ISEERS API, pxGridIdentity and access policy automation
WebexREST APICollaboration integration and ChatOps

Topic Area 4: Application Deployment and Security

  • CI/CD pipeline concepts: how network automation changes are validated and deployed automatically
  • Container basics: Docker fundamentals, containerizing automation tools
  • Infrastructure as Code: Ansible for network automation — playbooks, roles, Cisco modules. Terraform for network resources.
  • Automation security: securing API credentials, secrets management, principle of least privilege for service accounts
  • Application hosting: IOx on IOS XE, Docker on Catalyst Center

Topic Area 5: Network Fundamentals for Automation

  • OSI model and TCP/IP: context for what you are automating
  • Networking protocols: OSPF, BGP at conceptual level for programmatic configuration
  • Network management protocols: SNMP, NETCONF, RESTCONF, gNMI, model-driven telemetry
  • SD-WAN and SDN concepts: software-defined networking principles driving modern automation architecture

CCNA Cybersecurity: Full Domain Breakdown

Cisco publishes approximate domain weights for CCNACBR 200-201.

DomainWeightWhat it covers
1. Security Concepts22%CIA triad, cryptography basics, vulnerability types, MITRE ATT&CK, AI in security ops
2. Security Monitoring25%SIEM, log analysis, NetFlow, DNS analysis, alert correlation, AI-assisted monitoring
3. Host-Based Analysis20%Windows/Linux artifacts, memory analysis, EDR telemetry, malware indicators
4. Network Intrusion Analysis26%Wireshark PCAP analysis, IDS/IPS alerts, protocol-level attack recognition
5. Security Policies and Procedures7%NIST incident response lifecycle, CSIRT structure, SOC operations, compliance basics

Domain 1: Security Concepts (22%)

  • CIA Triad and how security controls address each pillar
  • Access control types: DAC, MAC, RBAC, ABAC with real examples
  • Cryptography: symmetric vs asymmetric, hash functions, digital signatures, PKI
  • Common vulnerability types: buffer overflow, SQL injection, XSS, race conditions
  • Defense-in-depth: layered security architecture
  • MITRE ATT&CK framework: mapping TTPs to the ATT&CK matrix for threat intelligence
  • AI in security operations (v1.2 addition): UEBA, ML-based anomaly detection, AI-powered threat detection in SOC workflows

Domain 2: Security Monitoring (25%)

The heaviest domain and the most directly tied to real SOC analyst daily work.

  • SIEM tools: Splunk, Microsoft Sentinel, QRadar — how they collect, correlate, and alert on security events
  • Log analysis: Windows event logs, Linux syslog, application logs, firewall logs, IDS/IPS logs
  • NetFlow and IPFIX: flow data analysis for lateral movement, data exfiltration, C2 detection
  • DNS log analysis: DGA detection, DNS tunneling identification, malicious DNS query patterns
  • HTTP/HTTPS traffic analysis: C2 beaconing patterns, user agent anomalies, data exfiltration via HTTP
  • Alert correlation: how multiple low-severity events combine to indicate high-severity incidents
  • AI-assisted monitoring (v1.2 addition): ML model behavior and how it complements rule-based detection

Critical Windows Event IDs for security monitoring:

Event IDMeaningSecurity relevance
4624Successful logonBaseline and anomaly detection
4625Failed logonBrute force detection
4688Process creationExecution monitoring
4698/4702Scheduled task created/modifiedPersistence detection
7045New service installedMalware persistence
4720User account createdUnauthorized account creation
4732User added to security groupPrivilege escalation detection

Domain 3: Host-Based Analysis (20%)

  • Windows forensic artifacts: registry run keys, prefetch files, LNK files, ShellBags
  • Linux forensic artifacts: bash history, /var/log/auth.log, crontab, systemd service files
  • Memory analysis concepts: volatile data, why memory matters for forensics, malware in-memory indicators
  • EDR telemetry: how endpoint detection and response tools generate alerts and what analysts triage
  • Malware indicators: persistence mechanisms, process injection, LOLBins (living-off-the-land binaries), defense evasion

Domain 4: Network Intrusion Analysis (26%)

The second heaviest domain and the most hands-on. PCAP analysis cannot be learned from reading alone.

  • Wireshark proficiency: display filters, TCP stream following, protocol dissection, expert information
  • PCAP analysis scenarios: port scans, brute force, exploit attempts, C2 beaconing, data exfiltration
  • IDS/IPS alert interpretation: Snort/Suricata rule structure, alert severity, false positive assessment
  • Protocol-level attack recognition in packet data: ARP poisoning, DHCP starvation, SYN floods, DNS poisoning
  • Firewall log analysis: ASA/Firepower/iptables log formats, identifying permitted and blocked anomalies
  • Alert triage process: true positive vs false positive determination, escalation criteria, documentation

Domain 5: Security Policies and Procedures (7%)

  • NIST SP 800-61 incident response: Preparation, Detection and Analysis, Containment, Eradication, Recovery, Post-Incident
  • CSIRT structure: roles, responsibilities, escalation paths within a security team
  • SOC Tier model: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting) and escalation criteria
  • Evidence handling: chain of custody, documentation for legal proceedings
  • Regulatory compliance basics: GDPR, HIPAA, PCI-DSS notification requirements after incidents

Career Paths: Where Each Track Leads

CCNA Automation Career Path

StageRolesUS Salary Range
Entry with CCNA AutomationNetwork Automation Engineer I, Junior NetDevOps$70,000-$90,000
Mid-career 2-5 yearsNetwork Automation Engineer, Platform Engineer$95,000-$130,000
Senior with CCNP AutomationSenior Automation Engineer, NetDevOps Lead$120,000-$160,000
Expert with CCIE AutomationPrincipal Automation Architect, Staff Infrastructure Engineer$150,000-$200,000+

CCNA Cybersecurity Career Path

StageRolesUS Salary Range
Entry with CCNA CybersecuritySOC Analyst Tier 1, Security Analyst$60,000-$85,000
Mid-career 2-4 yearsSOC Analyst Tier 2, Incident Responder$85,000-$110,000
Senior with CCNP CybersecurityThreat Hunter, Senior Incident Responder$110,000-$145,000
Advanced rolesSOC Team Lead, Threat Intelligence Analyst$120,000-$160,000

ZipRecruiter April 2026 data: national average SOC analyst salary is $122,108 with entry-level roles typically $80,000 to $100,000. ISC2’s 2024 Workforce Study identified a global cybersecurity staffing shortfall of 4.7 million professionals, creating strong entry-level demand.

DoD 8570 / 8140 Compliance

DoD 8570 roleCCNA AutomationCCNA Cybersecurity
Cyber Defense AnalystNoYes
Cyber Defense Infrastructure Support SpecialistNoYes
IAT Level I, II, IIINoNo (Security+ for IAT)

CCNA Cybersecurity maps to US DoD Cyber Defense Analyst and Cyber Defense Infrastructure Support Specialist roles. This DoD alignment makes it a mandatory or strongly preferred credential for many government and defense contractor security operations positions.

Foundational Skills Required

PrerequisiteCCNA AutomationCCNA Cybersecurity
Networking fundamentalsHelpfulRequired (PCAP analysis demands TCP/IP fluency)
Linux command lineRequiredHelpful
Python programmingRequiredNot required
Security conceptsHelpfulRequired (Domain 1 is foundational)
CCNA 200-301 first?Strongly recommendedStrongly recommended

The CCNP Tracks That Follow

FactorCCNP AutomationCCNP Cybersecurity
Core examAUTOCOR 350-901CBRCOR 350-201
Core exam cost$400$400
Concentration optionsENAUTO, DCNAUTO, SPAUTO, CLAUTOCBRFIR (Forensics and Incident Response)
CCIE pathCCIE AutomationCCIE Cybersecurity
What CCNP validatesAutomation system design, AI in automation, multi-platform orchestrationAdvanced threat hunting, digital forensics, incident response

Which Should You Take: Decision Table

Your situationRight choice
You code Python and want to automate networksCCNA Automation
You work in a SOC or want to work in oneCCNA Cybersecurity
You want to move from network admin into security opsCCNA Cybersecurity
You want to move from network admin into automationCCNA Automation
Targeting DoD/government security operations rolesCCNA Cybersecurity (DoD 8570 aligned)
Interested in building tools, not just using themCCNA Automation
Prefer defensive/blue team workCCNA Cybersecurity
Prefer infrastructure engineering workCCNA Automation
Unsure which to takeCCNA 200-301 first, then decide based on your job

FAQs

What is the difference between CCNA Automation and CCNA Cybersecurity? 

CCNA Automation (200-901) validates network automation skills: Python, REST APIs, Ansible, and programming across 8 Cisco platforms. CCNA Cybersecurity (200-201) validates security operations skills: SIEM monitoring, PCAP analysis, host-based forensics, and incident response. Both cost $300 and take 120 minutes but open completely different career tracks.

What were these certifications called before February 2026? 

CCNA Automation was called DevNet Associate (DEVASC). CCNA Cybersecurity was called CyberOps Associate (CBROPS). Both were rebranded on February 3, 2026. Active holders were automatically migrated — no retesting required.

Is CCNA 200-301 required before CCNA Automation or CCNA Cybersecurity? 

No prerequisites are enforced by Cisco. However, CCNA-level networking knowledge is assumed by both specialization exams. CCNA 200-301 first is strongly recommended by the Cisco community and reduces preparation difficulty significantly.

Which pays more, CCNA Automation or CCNA Cybersecurity? 

CCNA Automation leads to higher salaries at mid and senior levels due to the supply gap for network automation engineers ($95K-$130K entry to mid). CCNA Cybersecurity entry SOC roles average $80K-$100K. Both escalate significantly with CCNP credentials.

Does CCNA Cybersecurity satisfy DoD 8570 requirements? 

Yes. 200-201 CCNACBR is DoD 8570 approved for Cyber Defense Analyst and Cyber Defense Infrastructure Support Specialist roles. CCNA Automation has no DoD 8570 mapping.

What changed in CCNA Cybersecurity v1.2? 

The v1.2 update (February 3, 2026) added AI applications in SOC monitoring: AI-powered threat detection, automated detection and response, ML-based anomaly detection, and UEBA. All v1.1 content remains fully valid.

What is new in CCNA Automation compared to DevNet Associate? 

The rebrand included substantial content changes: Python shifted from application development to operational automation, platform scope expanded to all 8 Cisco platforms simultaneously, Ansible and Terraform for IaC added, and AI in automation content (Catalyst Center AI analytics, AIOps) added throughout.

What jobs does CCNA Automation lead to?

Network Automation Engineer, Platform Engineer, NetDevOps Engineer, Infrastructure Engineer, and eventually Senior Automation Architect. Roles involve building and maintaining the automation systems that configure, monitor, and manage network infrastructure programmatically.

What jobs does CCNA Cybersecurity lead to? 

SOC Analyst (Tier 1 and Tier 2), Incident Responder, Cyber Defense Analyst (DoD), Threat Analyst, and Cyber Defense Infrastructure Support Specialist. Roles involve monitoring networks for threats, analyzing events, and responding to incidents.

Can I take both CCNA Automation and CCNA Cybersecurity? 

Yes. The combination is powerful for engineers building toward NetDevSecOps roles — automation skills make security operations more efficient, and security knowledge makes automation engineers more effective at building secure pipelines. Many senior engineers pursue both over time.

Leave a Replay

Table of Contents

Have You Tried Our Exam Dumps?

Cert Empire is the market leader in providing highly accurate valid exam dumps for certification exams. If you are an aspirant and want to pass your certification exam on the first attempt, CertEmpire is you way to go. 

Scroll to Top

FLASH OFFER

Days
Hours
Minutes
Seconds

avail 10% DISCOUNT on YOUR PURCHASE