Book Image

CCNA Cyber Ops SECOPS – Certification Guide 210-255

By : Andrew Chu
5 (1)
Book Image

CCNA Cyber Ops SECOPS – Certification Guide 210-255

5 (1)
By: Andrew Chu

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.

Related Content you might be interested in

Current Title:

Small book image
CCNA Cyber Ops SECOPS – Certification Guide 210-255
Andrew Chu
Jul, 2019 | 352 pages
Small book image
Cisco Certified CyberOps Associate 200-201 Certification Guide
Glen D Singh
Jun, 2021 | 660 pages
Small book image
Digital Forensics and Incident Response
Gerard Johansen
Dec, 2022 | 532 pages
Small book image
CompTIA CASP+ CAS-004 Certification Guide
Mark Birch
Mar, 2022 | 654 pages
Table of Contents (24 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Section 1: Endpoint Threat Analysis and Forensics
Section 1: Endpoint Threat Analysis and Forensics
2
Classifying Threats
Classifying Threats
Categorizing and communicating threats
Exploitability metrics
Impact metrics
Scope
Summary
Questions
Further reading
3
Operating System Families
Operating System Families
Starting the operating system
Filesystems
Making, finding, accessing, and editing data
Summary
Questions
Further reading
4
Computer Forensics and Evidence Handling
Computer Forensics and Evidence Handling
Types of evidence
Maintaining evidential value
Attribution
Summary
Questions
Further reading
5
Section 2: Intrusion Analysis
Section 2: Intrusion Analysis
6
Identifying Rogue Data from a Dataset
Identifying Rogue Data from a Dataset
Using regexes to find normal characters
Using regexes to find characters in a set
Using regexes to extract groups of characters
Using regex logical operators
Summary
Questions
Further reading
7
Warning Signs from Network Data
Warning Signs from Network Data
Physical and data link layer (Ethernet) frame headers
Network layer (IPv4, IPv6, and ICMP) packet headers
Transport layer (TCP and UDP) segment and datagram headers
Application layer (HTTP) headers
Summary
Questions
Further reading
8
Network Security Data Analysis
Network Security Data Analysis
PCAP files and Wireshark
Alert identification
Security technologies and their reports
Evaluating alerts
Decisions and errors
Summary
Questions
Further reading
9
Section 3: Incident Response
Section 3: Incident Response
10
Roles and Responsibilities During an Incident
Roles and Responsibilities During an Incident
The incident response plan
The stages of an incident
Incident response teams
Summary
Questions
Further reading
11
Network and Server Profiling
Network and Server Profiling
Network profiling
Server profiling
Summary
Questions
Further reading
12
Compliance Frameworks
Compliance Frameworks
Payment Card Industry Data Security Standard
Health Insurance Portability and Accountability Act, 1996
Sarbanes Oxley Act, 2002
Summary
Questions
Further reading
13
Section 4: Data and Event Analysis
Section 4: Data and Event Analysis
14
Data Normalization and Exploitation
Data Normalization and Exploitation
Creating commonality
The IP 5-tuple
Pinpointing threats and victims
Summary
Questions
Further reading
15
Drawing Conclusions from the Data
Drawing Conclusions from the Data
Finding a threat actor
Deterministic and probabilistic analysis
Distinguishing and prioritizing significant alerts
Summary
Questions
Further reading
16
Section 5: Incident Handling
Section 5: Incident Handling
17
The Cyber Kill Chain Model
The Cyber Kill Chain Model
Planning
Preparation
Execution
Summary
Questions
Further reading
18
Incident-Handling Activities
Incident-Handling Activities
VERIS
The phases of incident handling
Conducting an investigation
Summary
Questions
Further reading
19
Section 6: Mock Exams
Section 6: Mock Exams
20
Mock Exam 1
Mock Exam 1
21
Mock Exam 2
Mock Exam 2
22
Assessments
Assessments
Chapter 1: Classifying Threats
Chapter 2: Operating System Families
Chapter 3: Computer Forensics and Evidence Handling
Chapter 4: Identifying Rogue Data from a Dataset
Chapter 5: Warning Signs from Network Data
Chapter 6: Network Security Data Analysis
Chapter 7: Roles and Responsibilities During an Incident
Chapter 8: Network and Server Profiling
Chapter 9: Compliance Frameworks
Chapter 10: Data Normalization and Exploitation
Chapter 11: Drawing Conclusions from the Data
Chapter 12: The Cyber Kill Chain Model
Chapter 13: Incident-Handling Activities
Chapter 14 – Mock Exam 1
Chapter 15 – Mock Exam 2
23
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

The IP 5-tuple

The IP 5-tuple is a collection of five features (protocol plus source and destination IP addresses and ports) that identify a TCP/IP connection. A tuple is immutable, which means that it's structure and its values cannot change (as opposed to a variable, even if the value doesn't change). The IP 5-tuple is unchanged throughout its journey from the source device to the destination device. This means that it can be tracked as it moves around the system. Where there are multiple network devices producing NetFlow data, for example, a packet can be seen traversing the network.

In this section, we will identify how the IP 5-tuple can be used to group events by host devices, and how we can isolate a compromised host in a grouped set of logs using this 5-tuple. This section relates to topics 4.3 and 4.4 of the 210–255 specification:

Implementing Cisco Cybersecurity...
Previous Section
End of Section 3
Next Section