Book Image

Cisco Certified CyberOps Associate 200-201 Certification Guide

By : Glen D. Singh

Book Image

Cisco Certified CyberOps Associate 200-201 Certification Guide

By: Glen D. Singh

Overview of this book

Achieving the Cisco Certified CyberOps Associate 200-201 certification helps you to kickstart your career in cybersecurity operations. This book offers up-to-date coverage of 200-201 exam resources to fully equip you to pass on your first attempt. The book covers the essentials of network security concepts and shows you how to perform security threat monitoring. You'll begin by gaining an in-depth understanding of cryptography and exploring the methodology for performing both host and network-based intrusion analysis. Next, you'll learn about the importance of implementing security management and incident response strategies in an enterprise organization. As you advance, you'll see why implementing defenses is necessary by taking an in-depth approach, and then perform security monitoring and packet analysis on a network. You'll also discover the need for computer forensics and get to grips with the components used to identify network intrusions. Finally, the book will not only help you to learn the theory but also enable you to gain much-needed practical experience for the cybersecurity industry. By the end of this Cisco cybersecurity book, you'll have covered everything you need to pass the Cisco Certified CyberOps Associate 200-201 certification exam, and have a handy, on-the-job desktop reference guide.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Section 1: Network and Security Concepts

Section 1: Network and Security Concepts

Free Chapter

Chapter 1: Exploring Networking Concepts

Chapter 1: Exploring Networking Concepts

Technical requirements

The functions of the network layers

Understanding the purpose of various network protocols

Further reading

Chapter 2: Exploring Network Components and Security Systems

Chapter 2: Exploring Network Components and Security Systems

Technical requirements

Exploring various network services

Discovering the role and operations of network devices

Describing the functions of Cisco network security systems

Further reading

Chapter 3: Discovering Security Concepts

Chapter 3: Discovering Security Concepts

Introducing the principles of defense in depth

Exploring security terminologies

Exploring access control models

Understanding security deployment

Section 2: Principles of Security Monitoring

Section 2: Principles of Security Monitoring

Chapter 4: Understanding Security Principles

Chapter 4: Understanding Security Principles

Technical requirements

Understanding a security operation center

Understanding the security tools used to inspect data types on a network

Understanding the impact of data visibility through networking technologies

Understanding how threat actors transport malicious code

Delving into data types used during security monitoring

Further reading

Chapter 5: Identifying Attack Methods

Chapter 5: Identifying Attack Methods

Understanding network-based attacks

Exploring web application attacks

Delving into social engineering attacks

Understanding endpoint-based attacks

Interpreting evasion and obfuscation techniques

Further reading

Chapter 6: Working with Cryptography and PKI

Chapter 6: Working with Cryptography and PKI

Technical requirements

Understanding the need for cryptography

Types of ciphers

Understanding cryptanalysis

Understanding the hashing process

Exploring symmetric encryption algorithms

Delving into asymmetric encryption algorithms

Understanding PKI

Using cryptography in wireless security

Further reading

Section 3: Host and Network-Based Analysis

Section 3: Host and Network-Based Analysis

Chapter 7: Delving into Endpoint Threat Analysis

Chapter 7: Delving into Endpoint Threat Analysis

Technical requirements

Understanding endpoint security technologies

Understanding Microsoft Windows components

Exploring Linux components

Further reading

Chapter 8: Interpreting Endpoint Security

Chapter 8: Interpreting Endpoint Security

Technical requirements

Exploring the Microsoft Windows filesystem

Delving into the Linux filesystem

Understanding the CVSS

Working with malware analysis tools

Chapter 9: Exploring Computer Forensics

Chapter 9: Exploring Computer Forensics

Technical requirements

Understanding the need for computer forensics

Understanding types of evidence

Contrasting tampered and untampered disk images

Tools commonly used during a forensics investigation

Understanding the role of attribution in an investigation

Further reading

Chapter 10: Performing Intrusion Analysis

Chapter 10: Performing Intrusion Analysis

Technical requirements

Identifying intrusion events based on source technologies

Stateful and deep packet firewall operations

Comparing inline traffic interrogation techniques

Understanding impact and no impact on intrusion

Protocol headers in intrusion analysis

Packet analysis using a PCAP file and Wireshark

Further reading

Section 4: Security Policies and Procedures

Section 4: Security Policies and Procedures

Chapter 11: Security Management Techniques

Chapter 11: Security Management Techniques

Technical requirements

Identifying common artifact elements

Interpreting basic regular expressions

Understanding asset management

Delving into configuration and mobile device management

Exploring patch and vulnerability management

Further reading

Chapter 12: Dealing with Incident Response

Chapter 12: Dealing with Incident Response

Understanding the incident handling process

Exploring CSIRT teams and their responsibilities

Delving into network and server profiling

Comparing compliance frameworks

Further reading

Chapter 13: Implementing Incident Handling

Chapter 13: Implementing Incident Handling

Understanding the NIST SP 800-86 components

Sharing information using VERIS

Exploring the Cyber Kill Chain

Delving into the Diamond Model of Intrusion Analysis

Identifying protected data in a network

Further reading

Chapter 14: Implementing Cisco Security Solutions

Chapter 14: Implementing Cisco Security Solutions

Technical requirements

Implementing AAA in a Cisco environment

Deploying a zone-based firewall

Configuring an IPS

Further reading

Chapter 15: Working with Cisco Security Solutions

Chapter 15: Working with Cisco Security Solutions

Technical requirements

Implementing secure protocols on Cisco devices

Deploying Layer 2 security controls

Configuring a Cisco ASA firewall

Chapter 16: Real-World Implementation and Best Practices

Chapter 16: Real-World Implementation and Best Practices

Technical requirements

Implementing an open source SIEM tool

Implementing tools to perform the active scanning of assets

Using open source breach and attack simulation tools

Implementing an open source honeypot platform

Chapter 17: Mock Exam 1

Chapter 17: Mock Exam 1

Chapter 18: Mock Exam 2

Assessment

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 15: Working with Cisco Security Solutions

Throughout the course of this chapter, you will learn how to implement various Cisco security solutions on a network to mitigate various types of threats and attacks. You will learn how to secure various Internet Protocol (IP) services and routing protocols, how to implement various Layer 2 security controls to prevent and mitigate Spanning Tree Protocol (STP), Dynamic Host Configuration Protocol (DHCP), and Man-in-the-Middle (MitM) attacks, and how to complement a Cisco firewall on a network.

In this chapter, we will cover the following topics:

Implementing secure protocols on Cisco devices
Deploying Layer 2 security controls
Configuring a Cisco Adaptive Security Appliance (ASA) firewall

Let's dive in!