CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By : Andrew Chu

5 (1)

Buy this Book

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

5 (1)

By: Andrew Chu

Buy this Book

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Section 1: Endpoint Threat Analysis and Forensics

Classifying Threats

Categorizing and communicating threats

Exploitability metrics

Impact metrics

Scope

Summary

Questions

Further reading

Operating System Families

Starting the operating system

Filesystems

Making, finding, accessing, and editing data

Summary

Questions

Further reading

Computer Forensics and Evidence Handling

Types of evidence

Maintaining evidential value

Attribution

Summary

Questions

Further reading

Section 2: Intrusion Analysis

Identifying Rogue Data from a Dataset

Using regexes to find normal characters

Using regexes to find characters in a set

Using regexes to extract groups of characters

Using regex logical operators

Summary

Questions

Further reading

Warning Signs from Network Data

Physical and data link layer (Ethernet) frame headers

Network layer (IPv4, IPv6, and ICMP) packet headers

Transport layer (TCP and UDP) segment and datagram headers

Application layer (HTTP) headers

Summary

Questions

Further reading

Network Security Data Analysis

PCAP files and Wireshark

Alert identification

Security technologies and their reports

Summary

Section 3: Incident Response

Roles and Responsibilities During an Incident

The incident response plan

The stages of an incident

Incident response teams

Summary

Questions

Further reading

Network and Server Profiling

Summary

Compliance Frameworks

Payment Card Industry Data Security Standard

Health Insurance Portability and Accountability Act, 1996

Sarbanes Oxley Act, 2002

Summary

Questions

Further reading

Section 4: Data and Event Analysis

Data Normalization and Exploitation

Creating commonality

The IP 5-tuple

Pinpointing threats and victims

Summary

Questions

Further reading

Drawing Conclusions from the Data

Finding a threat actor

Deterministic and probabilistic analysis

Distinguishing and prioritizing significant alerts

Summary

Questions

Further reading

Section 5: Incident Handling

The Cyber Kill Chain Model

Summary

Incident-Handling Activities

VERIS

The phases of incident handling

Conducting an investigation

Summary

Questions

Further reading

Section 6: Mock Exams

Mock Exam 1

Mock Exam 2

Assessments

Chapter 1: Classifying Threats

Chapter 2: Operating System Families

Chapter 3: Computer Forensics and Evidence Handling

Chapter 4: Identifying Rogue Data from a Dataset

Chapter 5: Warning Signs from Network Data

Chapter 6: Network Security Data Analysis

Chapter 7: Roles and Responsibilities During an Incident

Chapter 8: Network and Server Profiling

Chapter 9: Compliance Frameworks

Chapter 10: Data Normalization and Exploitation

Chapter 11: Drawing Conclusions from the Data

Chapter 12: The Cyber Kill Chain Model

Chapter 13: Incident-Handling Activities

Chapter 14 – Mock Exam 1

Chapter 15 – Mock Exam 2

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 (1)

5 star

100%

4 star

3 star

2 star

1 star

Server profiling

Server profiling is, again, used to create a picture of normal operation. While it is still broadly expected that server performance and operations will evolve over time, server profiles tend not to vary as rapidly or as markedly as network profiles.

In this section, we will look at five elements that are important to server profiling. Ports, related to the protocols connecting to them, is an obvious cross over between network and server metrics, but the other elements are more similar to those investigated in endpoint threat analyses.

Under the next five headings, we will look at each of these five elements independently. We will look at the technologies and processes that can be used to collect and monitor each data set, and some things that can be inferred from the elements, either in isolation or in combination.

...

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By : Andrew Chu

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By: Andrew Chu

Overview of this book

Related Content you might be interested in

Current Title:

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

Cisco Certified CyberOps Associate 200-201 Certification Guide

Digital Forensics and Incident Response

CompTIA CASP+ CAS-004 Certification Guide