CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By : Andrew Chu

5 (1)

Buy this Book

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

5 (1)

By: Andrew Chu

Buy this Book

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Section 1: Endpoint Threat Analysis and Forensics

Classifying Threats

Categorizing and communicating threats

Exploitability metrics

Impact metrics

Scope

Summary

Questions

Further reading

Operating System Families

Starting the operating system

Filesystems

Making, finding, accessing, and editing data

Summary

Questions

Further reading

Computer Forensics and Evidence Handling

Types of evidence

Maintaining evidential value

Attribution

Summary

Questions

Further reading

Section 2: Intrusion Analysis

Identifying Rogue Data from a Dataset

Using regexes to find normal characters

Using regexes to find characters in a set

Using regexes to extract groups of characters

Using regex logical operators

Summary

Questions

Further reading

Warning Signs from Network Data

Physical and data link layer (Ethernet) frame headers

Network layer (IPv4, IPv6, and ICMP) packet headers

Transport layer (TCP and UDP) segment and datagram headers

Application layer (HTTP) headers

Summary

Questions

Further reading

Network Security Data Analysis

PCAP files and Wireshark

Alert identification

Security technologies and their reports

Summary

Section 3: Incident Response

Roles and Responsibilities During an Incident

The incident response plan

The stages of an incident

Incident response teams

Summary

Questions

Further reading

Network and Server Profiling

Summary

Compliance Frameworks

Payment Card Industry Data Security Standard

Health Insurance Portability and Accountability Act, 1996

Sarbanes Oxley Act, 2002

Summary

Questions

Further reading

Section 4: Data and Event Analysis

Data Normalization and Exploitation

Creating commonality

The IP 5-tuple

Pinpointing threats and victims

Summary

Questions

Further reading

Drawing Conclusions from the Data

Finding a threat actor

Deterministic and probabilistic analysis

Distinguishing and prioritizing significant alerts

Summary

Questions

Further reading

Section 5: Incident Handling

The Cyber Kill Chain Model

Summary

Incident-Handling Activities

VERIS

The phases of incident handling

Conducting an investigation

Summary

Questions

Further reading

Section 6: Mock Exams

Mock Exam 1

Mock Exam 2

Assessments

Chapter 1: Classifying Threats

Chapter 2: Operating System Families

Chapter 3: Computer Forensics and Evidence Handling

Chapter 4: Identifying Rogue Data from a Dataset

Chapter 5: Warning Signs from Network Data

Chapter 6: Network Security Data Analysis

Chapter 7: Roles and Responsibilities During an Incident

Chapter 8: Network and Server Profiling

Chapter 9: Compliance Frameworks

Chapter 10: Data Normalization and Exploitation

Chapter 11: Drawing Conclusions from the Data

Chapter 12: The Cyber Kill Chain Model

Chapter 13: Incident-Handling Activities

Chapter 14 – Mock Exam 1

Chapter 15 – Mock Exam 2

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 (1)

5 star

100%

4 star

3 star

2 star

1 star

Classifying Threats

This chapter looks at the Common Vulnerability Scoring System v3.0 (CVSS v3.0) in order to introduce common terminology, as well as to split the large topic of cyber-threat into three areas of impact, and five areas of vulnerability. Candidates for 210-255 must be able to define these terms.

CVSS 3.0 terms and definitions are 5% of the 210-255 certification exam, and they are marks which only require memory; no analysis is required. This will ease you into the book and provides a baseline that you can work from. CVSS 3.0 is also important because part of your future role in a SOC may involve briefing non-technical staff about CVSS reports.

The following topics will be covered in this chapter:

Categorizing and communicating threats
Exploitability metrics
Impact metrics
Scope

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By : Andrew Chu

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By: Andrew Chu

Overview of this book

Related Content you might be interested in

Current Title:

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

Cisco Certified CyberOps Associate 200-201 Certification Guide

Digital Forensics and Incident Response

CompTIA CASP+ CAS-004 Certification Guide