Book Image

CCNA Cyber Ops SECOPS – Certification Guide 210-255

By : Andrew Chu
5 (1)
Book Image

CCNA Cyber Ops SECOPS – Certification Guide 210-255

5 (1)
By: Andrew Chu

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.
Table of Contents (24 chapters)
Free Chapter
1
Section 1: Endpoint Threat Analysis and Forensics
5
Section 2: Intrusion Analysis
9
Section 3: Incident Response
13
Section 4: Data and Event Analysis
16
Section 5: Incident Handling
19
Section 6: Mock Exams
20
Mock Exam 1
21
Mock Exam 2

Section 1: Endpoint Threat Analysis and Forensics

In this section, readers will learn how a single machine can be compromised and how to investigate it. In this section, which comprises 15% of the 210-255 exam, readers will learn how to categorize and communicate threats and vulnerabilities, understand how and why different vulnerabilities can affect different operating systems more or less severely, and explain the principles of computer forensics, evidence handling, and how to use that information.

This section builds heavily on prior knowledge, particularly from the 210-250 (SECFNDS) course, but will underpin the actions of cyber security operators as they carry out routine tasks, as well as responsive tasks. Evidence may be required from before the threat is identified.

The following chapters are included in this section: