Book Image

Cisco Certified CyberOps Associate 200-201 Certification Guide

By : Glen D. Singh
Book Image

Cisco Certified CyberOps Associate 200-201 Certification Guide

By: Glen D. Singh

Overview of this book

Achieving the Cisco Certified CyberOps Associate 200-201 certification helps you to kickstart your career in cybersecurity operations. This book offers up-to-date coverage of 200-201 exam resources to fully equip you to pass on your first attempt. The book covers the essentials of network security concepts and shows you how to perform security threat monitoring. You'll begin by gaining an in-depth understanding of cryptography and exploring the methodology for performing both host and network-based intrusion analysis. Next, you'll learn about the importance of implementing security management and incident response strategies in an enterprise organization. As you advance, you'll see why implementing defenses is necessary by taking an in-depth approach, and then perform security monitoring and packet analysis on a network. You'll also discover the need for computer forensics and get to grips with the components used to identify network intrusions. Finally, the book will not only help you to learn the theory but also enable you to gain much-needed practical experience for the cybersecurity industry. By the end of this Cisco cybersecurity book, you'll have covered everything you need to pass the Cisco Certified CyberOps Associate 200-201 certification exam, and have a handy, on-the-job desktop reference guide.
Table of Contents (25 chapters)
1
Section 1: Network and Security Concepts
5
Section 2: Principles of Security Monitoring
9
Section 3: Host and Network-Based Analysis
14
Section 4: Security Policies and Procedures
21
Chapter 17: Mock Exam 1
22
Chapter 18: Mock Exam 2

Packet analysis using a PCAP file and Wireshark

Packet analysis is the technique of investigating details found within network traffic in an organization. Since devices send and receive packets between each other, the details found by analyzing the network traffic will provide statistics and in-depth information about all the conversations that are of interest to a security engineer. Such details will be host devices, protocols, file transfers, Voice over IP (VoIP) conversations, and so on. You'll be able to determine the most widely used network applications, the hosts that are sending and receiving the most network messages, file transfers, network errors and latency issues, and even perform network forensics to determine which event occurred on the network.

One of the most popular tools for performing packet analysis is Wireshark. Wireshark has been around for quite some time now and can capture traffic on many types of networks, such as wired, wireless, and mobile networks...