Book Image

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

By : Andrew Chu

5 (1)

Book Image

CCNA Cyber Ops SECOPS ‚àö¬¢‚Äö√á¬®‚Äö√Ñ√∫ Certification Guide 210-255

5 (1)

By: Andrew Chu

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Section 1: Endpoint Threat Analysis and Forensics

Section 1: Endpoint Threat Analysis and Forensics

Classifying Threats

Classifying Threats

Categorizing and communicating threats

Exploitability metrics

Further reading

Operating System Families

Operating System Families

Starting the operating system

Making, finding, accessing, and editing data

Further reading

Computer Forensics and Evidence Handling

Computer Forensics and Evidence Handling

Types of evidence

Maintaining evidential value

Further reading

Section 2: Intrusion Analysis

Section 2: Intrusion Analysis

Identifying Rogue Data from a Dataset

Identifying Rogue Data from a Dataset

Using regexes to find normal characters

Using regexes to find characters in a set

Using regexes to extract groups of characters

Using regex logical operators

Further reading

Warning Signs from Network Data

Warning Signs from Network Data

Physical and data link layer (Ethernet) frame headers

Network layer (IPv4, IPv6, and ICMP) packet headers

Transport layer (TCP and UDP) segment and datagram headers

Application layer (HTTP) headers

Further reading

Network Security Data Analysis

Network Security Data Analysis

PCAP files and Wireshark

Alert identification

Security technologies and their reports

Evaluating alerts

Decisions and errors

Further reading

Section 3: Incident Response

Section 3: Incident Response

Roles and Responsibilities During an Incident

Roles and Responsibilities During an Incident

The incident response plan

The stages of an incident

Incident response teams

Further reading

Network and Server Profiling

Network and Server Profiling

Network profiling

Server profiling

Further reading

Compliance Frameworks

Compliance Frameworks

Payment Card Industry Data Security Standard

Health Insurance Portability and Accountability Act, 1996

Sarbanes Oxley Act, 2002

Further reading

Section 4: Data and Event Analysis

Section 4: Data and Event Analysis

Data Normalization and Exploitation

Data Normalization and Exploitation

Creating commonality

Pinpointing threats and victims

Further reading

Drawing Conclusions from the Data

Drawing Conclusions from the Data

Finding a threat actor

Deterministic and probabilistic analysis

Distinguishing and prioritizing significant alerts

Further reading

Section 5: Incident Handling

Section 5: Incident Handling

The Cyber Kill Chain Model

The Cyber Kill Chain Model

Further reading

Incident-Handling Activities

Incident-Handling Activities

The phases of incident handling

Conducting an investigation

Further reading

Section 6: Mock Exams

Section 6: Mock Exams

Mock Exam 1

Mock Exam 2

Assessments

Chapter 1: Classifying Threats

Chapter 2: Operating System Families

Chapter 3: Computer Forensics and Evidence Handling

Chapter 4: Identifying Rogue Data from a Dataset

Chapter 5: Warning Signs from Network Data

Chapter 6: Network Security Data Analysis

Chapter 7: Roles and Responsibilities During an Incident

Chapter 8: Network and Server Profiling

Chapter 9: Compliance Frameworks

Chapter 10: Data Normalization and Exploitation

Chapter 11: Drawing Conclusions from the Data

Chapter 12: The Cyber Kill Chain Model

Chapter 13: Incident-Handling Activities

Chapter 14 – Mock Exam 1

Chapter 15 – Mock Exam 2

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 (1)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 4: Identifying Rogue Data from a Dataset

More details on the grep command can be found at http://man7.org/linux/man-pages/man1/grep.1p.html.

More details on the cat command can be found at http://man7.org/linux/man-pages/man1/cat.1.html.

(2)
The 10\.114\.115\.\d{0,3} search string would match all of the addresses in the network. The /24 prefix means that the first three octets (10.114.115.) must be the same for every address in the network. The final octet can be any number that's up to three digits long (actually, only up to 255; this regex string doesn't specify the top limit).
10.114.115.55 would only match the IP address stated, although it would also match longer strings as the lack of an escape character before the period sign means that this would match any character, not just the literal period sign.
10\.114\.d{0.3}\.\d{0,3} would match the 10.114.0...