CyberOps Associate (200-201 CBROPS)

Grupy docelowe:

keine Angaben

Wymagania specjalistyczne:

gute PC-Anwenderkenntnisse

Wymagania techniczne:

Keine besonderen Anforderungen.

Systematyka agencji zatrudnienia:

• C 1430-10-25 Andere Betriebssysteme, Netzwerke - Administration und Zertifizierungen

Treści

Understanding Cisco Cybersecurity Operations Fundamentals v1.0 (200-201 CBROPS)

*Instructor-led Classroom Training
*Instructor-led Virtual Class Training

The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0 course teaches you security concepts, common network and application operations and attacks, and the types of data needed to investigate security incidents. This course teaches you how to monitor alerts and breaches, and how to understand and follow established procedures for response to alerts converted to incidents. Through a combination of lecture, hands-on labs, and self-study, you will learn the essential skills, concepts, and technologies to be a contributing member of a cybersecurity operations center (SOC) including understanding the IT infrastructure, operations, and vulnerabilities. This course helps you prepare for the Cisco Certified CyberOps Associate certification and the role of a Junior or Entry-level cybersecurity operations analyst in a SOC.


Kursinhalt
Security Concepts
Describing the CIA triad
Comparing security deployments
Describing security terms
Comparing security concepts
Describing the principles of the defense-in-depth strategy
Comparing access control models
Describing terms as defined in CVSS
Identifying the challenges of data visibility (network, host, and cloud) in detection
Identifying potential data loss from provided traffic profiles
Interpreting the 5-tuple approach to isolate a compromised host in a grouped set of logs
Comparing rule-based detection vs. behavioral and statistical detection
Security Monitoring
Comparing attack surface and vulnerability
Identifying the types of data provided by these technologies
Describing the impact of these technologies on data visibility
Describing the uses of these data types in security monitoring
Describing network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
Describing web application attacks, such as SQL injection, command injections, and cross-site scripting
Describing social engineering attacks
Describing endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
Describing evasion and obfuscation techniques, such as tunneling, encryption, and proxies
Describing the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
Identifying the certificate components in a given scenario
Host-Based Analysis
Describing the functionality of these endpoint technologies in regard to security monitoring
Identifying components of an operating system (such as Windows and Linux) in a given scenario
Describing the role of attribution in an investigation
Identifying type of evidence used based on provided logs
Comparing tampered and untampered disk image
Interpreting operating system, application, or command line logs to identify an event
Interpreting the output report of a malware analysis tool (such as a detonation chamber or sandbox)
Network Intrusion Analysis
Mapping the provided events to source technologies
Comparing impact and no impact for these items
Comparing deep packet inspection with packet filtering and stateful firewall operation
Comparing inline traffic interrogation and taps or traffic monitoring
Comparing the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
Extracting files from a TCP stream when given a PCAP file and Wireshark
Identifying key elements in an intrusion from a given PCAP file
Interpreting the fields in protocol headers as related to intrusion analysis
Interpreting common artifact elements from an event to identify an alert
Interpreting basic regular expressions
Security Policies and Procedures
Describing management concepts
Describing the elements in an incident response plan as stated in NIST.SP800-61
Applying the incident handling process (such as NIST.SP800-61) to an event
Mapping elements to these steps of analysis based on the NIST.SP800-61
Mapping the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
Describing concepts as documented in NIST.SP800-86
Identifying these elements used for network profiling
Identifying these elements used for server profiling
Identifying protected data in a network
Classifying intrusion events into categories as defined by security models, such as Cyber Kill Chain Modeling and Diamond Model of Intrusion
Describing the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)