Book Image

Cisco Certified CyberOps Associate 200-201 Certification Guide

By : Glen D. Singh
Book Image

Cisco Certified CyberOps Associate 200-201 Certification Guide

By: Glen D. Singh

Overview of this book

Achieving the Cisco Certified CyberOps Associate 200-201 certification helps you to kickstart your career in cybersecurity operations. This book offers up-to-date coverage of 200-201 exam resources to fully equip you to pass on your first attempt. The book covers the essentials of network security concepts and shows you how to perform security threat monitoring. You'll begin by gaining an in-depth understanding of cryptography and exploring the methodology for performing both host and network-based intrusion analysis. Next, you'll learn about the importance of implementing security management and incident response strategies in an enterprise organization. As you advance, you'll see why implementing defenses is necessary by taking an in-depth approach, and then perform security monitoring and packet analysis on a network. You'll also discover the need for computer forensics and get to grips with the components used to identify network intrusions. Finally, the book will not only help you to learn the theory but also enable you to gain much-needed practical experience for the cybersecurity industry. By the end of this Cisco cybersecurity book, you'll have covered everything you need to pass the Cisco Certified CyberOps Associate 200-201 certification exam, and have a handy, on-the-job desktop reference guide.

Related Content you might be interested in

Current Title:

Small book image
Cisco Certified CyberOps Associate 200-201 Certification Guide
Glen D. Singh
Jun, 2021 | 660 pages
Small book image
Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide
Glen D Singh
Nov, 2020 | 764 pages
Small book image
CompTIA Network+ N10-008 Certification Guide
Glen D Singh
Nov, 2022 | 692 pages
Small book image
CCNA Security 210-260 Certification Guide
Glen D Singh | Vijay Anandh | Michael Vinod
Jun, 2018 | 518 pages
Table of Contents (25 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Network and Security Concepts
Section 1: Network and Security Concepts
Free Chapter
2
Chapter 1: Exploring Networking Concepts
Chapter 1: Exploring Networking Concepts
Technical requirements
The functions of the network layers
Understanding the purpose of various network protocols
Summary
Questions
Further reading
3
Chapter 2: Exploring Network Components and Security Systems
Chapter 2: Exploring Network Components and Security Systems
Technical requirements
Exploring various network services
Discovering the role and operations of network devices
Describing the functions of Cisco network security systems
Summary
Questions
Further reading
4
Chapter 3: Discovering Security Concepts
Chapter 3: Discovering Security Concepts
Introducing the principles of defense in depth
Exploring security terminologies
Exploring access control models
Understanding security deployment
Summary
Questions
5
Section 2: Principles of Security Monitoring
Section 2: Principles of Security Monitoring
6
Chapter 4: Understanding Security Principles
Chapter 4: Understanding Security Principles
Technical requirements
Understanding a security operation center
Understanding the security tools used to inspect data types on a network
Understanding the impact of data visibility through networking technologies
Understanding how threat actors transport malicious code
Delving into data types used during security monitoring
Summary
Questions
Further reading
7
Chapter 5: Identifying Attack Methods
Chapter 5: Identifying Attack Methods
Understanding network-based attacks
Exploring web application attacks
Delving into social engineering attacks
Understanding endpoint-based attacks
Interpreting evasion and obfuscation techniques
Summary
Questions
Further reading
8
Chapter 6: Working with Cryptography and PKI
Chapter 6: Working with Cryptography and PKI
Technical requirements
Understanding the need for cryptography
Types of ciphers
Understanding cryptanalysis
Understanding the hashing process
Exploring symmetric encryption algorithms
Delving into asymmetric encryption algorithms
Understanding PKI
Using cryptography in wireless security
Summary
Questions
Further reading
9
Section 3: Host and Network-Based Analysis
Section 3: Host and Network-Based Analysis
10
Chapter 7: Delving into Endpoint Threat Analysis
Chapter 7: Delving into Endpoint Threat Analysis
Technical requirements
Understanding endpoint security technologies
Understanding Microsoft Windows components
Exploring Linux components
Summary
Questions
Further reading
11
Chapter 8: Interpreting Endpoint Security
Chapter 8: Interpreting Endpoint Security
Technical requirements
Exploring the Microsoft Windows filesystem
Delving into the Linux filesystem
Understanding the CVSS
Working with malware analysis tools
Summary
Questions
12
Chapter 9: Exploring Computer Forensics
Chapter 9: Exploring Computer Forensics
Technical requirements
Understanding the need for computer forensics
Understanding types of evidence
Contrasting tampered and untampered disk images
Tools commonly used during a forensics investigation
Understanding the role of attribution in an investigation
Summary
Questions
Further reading
13
Chapter 10: Performing Intrusion Analysis
Chapter 10: Performing Intrusion Analysis
Technical requirements
Identifying intrusion events based on source technologies
Stateful and deep packet firewall operations
Comparing inline traffic interrogation techniques
Understanding impact and no impact on intrusion
Protocol headers in intrusion analysis
Packet analysis using a PCAP file and Wireshark
Summary
Questions
Further reading
14
Section 4: Security Policies and Procedures
Section 4: Security Policies and Procedures
15
Chapter 11: Security Management Techniques
Chapter 11: Security Management Techniques
Technical requirements
Identifying common artifact elements
Interpreting basic regular expressions
Understanding asset management
Delving into configuration and mobile device management
Exploring patch and vulnerability management
Summary
Questions
Further reading
16
Chapter 12: Dealing with Incident Response
Chapter 12: Dealing with Incident Response
Understanding the incident handling process
Exploring CSIRT teams and their responsibilities
Delving into network and server profiling
Comparing compliance frameworks
Summary
Questions
Further reading
17
Chapter 13: Implementing Incident Handling
Chapter 13: Implementing Incident Handling
Understanding the NIST SP 800-86 components
Sharing information using VERIS
Exploring the Cyber Kill Chain
Delving into the Diamond Model of Intrusion Analysis
Identifying protected data in a network
Summary
Questions
Further reading
18
Chapter 14: Implementing Cisco Security Solutions
Chapter 14: Implementing Cisco Security Solutions
Technical requirements
Implementing AAA in a Cisco environment
Deploying a zone-based firewall
Configuring an IPS
Summary
Further reading
19
Chapter 15: Working with Cisco Security Solutions
Chapter 15: Working with Cisco Security Solutions
Technical requirements
Implementing secure protocols on Cisco devices
Deploying Layer 2 security controls
Configuring a Cisco ASA firewall
Summary
20
Chapter 16: Real-World Implementation and Best Practices
Chapter 16: Real-World Implementation and Best Practices
Technical requirements
Implementing an open source SIEM tool
Implementing tools to perform the active scanning of assets
Using open source breach and attack simulation tools
Implementing an open source honeypot platform
Summary
21
Chapter 17: Mock Exam 1
Chapter 17: Mock Exam 1
22
Chapter 18: Mock Exam 2
Questions
23
Assessment
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 17
Chapter 18
Why subscribe?
24
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Chapter 17: Mock Exam 1

  1. A rogue device has been detected on a network. Which of the following can be used to help determine the type or vendor of the device?

    A. IP address

    B. Service port number

    C. MAC address

    D. All of the above

  2. A security professional suspects that the ARP cache of a host system was compromised. Which of the following commands can be used to show the ARP entries?

    A. arp -a

    B. ipconfig

    C. ifconfig

    D. netstat -ano

  3. An attacker was able to perform a man-in-the-middle attack and retrieved a victim's user credentials. Which of the following protocols was the victim most likely using?

    A. S/MIME

    B. HTTPS

    C. SMTP

    D. FTPS

  4. An attacker was able to redirect users to a malware-infected web server whenever they visited the URL http://www.server.local. Which of the following protocols was compromised?

    A. ICMP

    B. IP

    C. ARP

    D. DNS

  5. Which of the following is not a threat identification method that's used by an Intrusion Prevention System (IPS)?

    A. Algorithm-based

    B. Global...

Previous Section
End of Chapter 21
Next Chapter