Book Image

CCNA Cyber Ops SECOPS – Certification Guide 210-255

By : Andrew Chu
5 (1)
Book Image

CCNA Cyber Ops SECOPS – Certification Guide 210-255

5 (1)
By: Andrew Chu

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.

Related Content you might be interested in

Current Title:

Small book image
CCNA Cyber Ops SECOPS – Certification Guide 210-255
Andrew Chu
Jul, 2019 | 352 pages
Small book image
Cisco Certified CyberOps Associate 200-201 Certification Guide
Glen D Singh
Jun, 2021 | 660 pages
Small book image
Digital Forensics and Incident Response
Gerard Johansen
Dec, 2022 | 532 pages
Small book image
CompTIA CASP+ CAS-004 Certification Guide
Mark Birch
Mar, 2022 | 654 pages
Table of Contents (24 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Section 1: Endpoint Threat Analysis and Forensics
Section 1: Endpoint Threat Analysis and Forensics
2
Classifying Threats
Classifying Threats
Categorizing and communicating threats
Exploitability metrics
Impact metrics
Scope
Summary
Questions
Further reading
3
Operating System Families
Operating System Families
Starting the operating system
Filesystems
Making, finding, accessing, and editing data
Summary
Questions
Further reading
4
Computer Forensics and Evidence Handling
Computer Forensics and Evidence Handling
Types of evidence
Maintaining evidential value
Attribution
Summary
Questions
Further reading
5
Section 2: Intrusion Analysis
Section 2: Intrusion Analysis
6
Identifying Rogue Data from a Dataset
Identifying Rogue Data from a Dataset
Using regexes to find normal characters
Using regexes to find characters in a set
Using regexes to extract groups of characters
Using regex logical operators
Summary
Questions
Further reading
7
Warning Signs from Network Data
Warning Signs from Network Data
Physical and data link layer (Ethernet) frame headers
Network layer (IPv4, IPv6, and ICMP) packet headers
Transport layer (TCP and UDP) segment and datagram headers
Application layer (HTTP) headers
Summary
Questions
Further reading
8
Network Security Data Analysis
Network Security Data Analysis
PCAP files and Wireshark
Alert identification
Security technologies and their reports
Evaluating alerts
Decisions and errors
Summary
Questions
Further reading
9
Section 3: Incident Response
Section 3: Incident Response
10
Roles and Responsibilities During an Incident
Roles and Responsibilities During an Incident
The incident response plan
The stages of an incident
Incident response teams
Summary
Questions
Further reading
11
Network and Server Profiling
Network and Server Profiling
Network profiling
Server profiling
Summary
Questions
Further reading
12
Compliance Frameworks
Compliance Frameworks
Payment Card Industry Data Security Standard
Health Insurance Portability and Accountability Act, 1996
Sarbanes Oxley Act, 2002
Summary
Questions
Further reading
13
Section 4: Data and Event Analysis
Section 4: Data and Event Analysis
14
Data Normalization and Exploitation
Data Normalization and Exploitation
Creating commonality
The IP 5-tuple
Pinpointing threats and victims
Summary
Questions
Further reading
15
Drawing Conclusions from the Data
Drawing Conclusions from the Data
Finding a threat actor
Deterministic and probabilistic analysis
Distinguishing and prioritizing significant alerts
Summary
Questions
Further reading
16
Section 5: Incident Handling
Section 5: Incident Handling
17
The Cyber Kill Chain Model
The Cyber Kill Chain Model
Planning
Preparation
Execution
Summary
Questions
Further reading
18
Incident-Handling Activities
Incident-Handling Activities
VERIS
The phases of incident handling
Conducting an investigation
Summary
Questions
Further reading
19
Section 6: Mock Exams
Section 6: Mock Exams
20
Mock Exam 1
Mock Exam 1
21
Mock Exam 2
Mock Exam 2
22
Assessments
Assessments
Chapter 1: Classifying Threats
Chapter 2: Operating System Families
Chapter 3: Computer Forensics and Evidence Handling
Chapter 4: Identifying Rogue Data from a Dataset
Chapter 5: Warning Signs from Network Data
Chapter 6: Network Security Data Analysis
Chapter 7: Roles and Responsibilities During an Incident
Chapter 8: Network and Server Profiling
Chapter 9: Compliance Frameworks
Chapter 10: Data Normalization and Exploitation
Chapter 11: Drawing Conclusions from the Data
Chapter 12: The Cyber Kill Chain Model
Chapter 13: Incident-Handling Activities
Chapter 14 – Mock Exam 1
Chapter 15 – Mock Exam 2
23
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Finding a threat actor

In Chapter 3, Computer Forensics and Evidence Handling, we looked at the idea of threat actor attribution. In this section, we look more specifically at how we can utilize network (DNS and HTTP logs) and threat intelligence data to find a threat actor. This is specifically referenced in topics 4.7 and 4.8 in the 210-255 specification:

Implementing Cisco Cybersecurity Operations (210-255) Topic List:

4.7 Map DNS logs and HTTP logs together to find a threat actor
4.8 Map DNS, HTTP, and threat intelligence data together

DNS and HTTP services are fundamental to many network applications, particularly those that operate over the internet. This means that they are services that very close to 100% of organizations will have permitted on their networks. For an attacker, this means that the likelihood of data successfully traversing the trusted/untrusted boundary...

Previous Section
End of Section 2
Next Section