Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying CCNA Cyber Ops SECOPS - Certification Guide 210-255
  • Table Of Contents Toc
  • Feedback & Rating feedback
CCNA Cyber Ops SECOPS - Certification Guide 210-255

CCNA Cyber Ops SECOPS - Certification Guide 210-255

By : Chu
Buy this Book
close
close
CCNA Cyber Ops SECOPS - Certification Guide 210-255

CCNA Cyber Ops SECOPS - Certification Guide 210-255

By: Chu
Buy this Book

Overview of this book

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks. You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you’ve learned to the test. By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.
Table of Contents (24 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Free Chapter
1
Section 1: Endpoint Threat Analysis and Forensics
Icon
Section 1: Endpoint Threat Analysis and Forensics
2
Classifying Threats
Icon
Classifying Threats
Icon
Categorizing and communicating threats
Icon
Exploitability metrics
Icon
Impact metrics
Icon
Scope
Icon
Summary
Icon
Questions
Icon
Further reading
3
Operating System Families
Icon
Operating System Families
Icon
Starting the operating system
Icon
Filesystems
Icon
Making, finding, accessing, and editing data
Icon
Summary
Icon
Questions
Icon
Further reading
4
Computer Forensics and Evidence Handling
Icon
Computer Forensics and Evidence Handling
Icon
Types of evidence
Icon
Maintaining evidential value
Icon
Attribution
Icon
Summary
Icon
Questions
Icon
Further reading
5
Section 2: Intrusion Analysis
Icon
Section 2: Intrusion Analysis
6
Identifying Rogue Data from a Dataset
Icon
Identifying Rogue Data from a Dataset
Icon
Using regexes to find normal characters
Icon
Using regexes to find characters in a set
Icon
Using regexes to extract groups of characters
Icon
Using regex logical operators
Icon
Summary
Icon
Questions
Icon
Further reading
7
Warning Signs from Network Data
Icon
Warning Signs from Network Data
Icon
Physical and data link layer (Ethernet) frame headers
Icon
Network layer (IPv4, IPv6, and ICMP) packet headers
Icon
Transport layer (TCP and UDP) segment and datagram headers
Icon
Application layer (HTTP) headers
Icon
Summary
Icon
Questions
Icon
Further reading
8
Network Security Data Analysis
Icon
Network Security Data Analysis
Icon
PCAP files and Wireshark
Icon
Alert identification
Icon
Security technologies and their reports
Icon
Evaluating alerts
Icon
Decisions and errors
Icon
Summary
Icon
Questions
Icon
Further reading
9
Section 3: Incident Response
Icon
Section 3: Incident Response
10
Roles and Responsibilities During an Incident
Icon
Roles and Responsibilities During an Incident
Icon
The incident response plan
Icon
The stages of an incident
Icon
Incident response teams
Icon
Summary
Icon
Questions
Icon
Further reading
11
Network and Server Profiling
Icon
Network and Server Profiling
Icon
Network profiling
Icon
Server profiling
Icon
Summary
Icon
Questions
Icon
Further reading
12
Compliance Frameworks
Icon
Compliance Frameworks
Icon
Payment Card Industry Data Security Standard
Icon
Health Insurance Portability and Accountability Act, 1996
Icon
Sarbanes Oxley Act, 2002
Icon
Summary
Icon
Questions
Icon
Further reading
13
Section 4: Data and Event Analysis
Icon
Section 4: Data and Event Analysis
14
Data Normalization and Exploitation
chevron up
Icon
Data Normalization and Exploitation
Icon
Creating commonality
Icon
The IP 5-tuple
Icon
Pinpointing threats and victims
Icon
Summary
Icon
Questions
Icon
Further reading
15
Drawing Conclusions from the Data
Icon
Drawing Conclusions from the Data
Icon
Finding a threat actor
Icon
Deterministic and probabilistic analysis
Icon
Distinguishing and prioritizing significant alerts
Icon
Summary
Icon
Questions
Icon
Further reading
16
Section 5: Incident Handling
Icon
Section 5: Incident Handling
17
The Cyber Kill Chain Model
Icon
The Cyber Kill Chain Model
Icon
Planning
Icon
Preparation
Icon
Execution
Icon
Summary
Icon
Questions
Icon
Further reading
18
Incident-Handling Activities
Icon
Incident-Handling Activities
Icon
VERIS
Icon
The phases of incident handling
Icon
Conducting an investigation
Icon
Summary
Icon
Questions
Icon
Further reading
19
Section 6: Mock Exams
Icon
Section 6: Mock Exams
20
Mock Exam 1
Icon
Mock Exam 1
21
Mock Exam 2
Icon
Mock Exam 2
22
Assessments
Icon
Assessments
Icon
Chapter 1: Classifying Threats
Icon
Chapter 2: Operating System Families
Icon
Chapter 3: Computer Forensics and Evidence Handling
Icon
Chapter 4: Identifying Rogue Data from a Dataset
Icon
Chapter 5: Warning Signs from Network Data
Icon
Chapter 6: Network Security Data Analysis
Icon
Chapter 7: Roles and Responsibilities During an Incident
Icon
Chapter 8: Network and Server Profiling
Icon
Chapter 9: Compliance Frameworks
Icon
Chapter 10: Data Normalization and Exploitation
Icon
Chapter 11: Drawing Conclusions from the Data
Icon
Chapter 12: The Cyber Kill Chain Model
Icon
Chapter 13: Incident-Handling Activities
Icon
Chapter 14 – Mock Exam 1
Icon
Chapter 15 – Mock Exam 2
23
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Pinpointing threats and victims

As we saw in Chapter 1, Classifying Threats, attributing actions to threat actors is an important cybersecurity task. Additionally, pinpointing machines that were targeted is important to the containment idea from the NIST incident response plan guidelines from Chapter 7, Roles and Responsibilities During an Incident. This is particularly important if the target has actually been compromised.

In this section, we will learn how to describe the retrospective analysis method to find a malicious file or to identify compromised hosts in a network based on reports that arise from network monitoring tools and threat analyses. This will be, specifically, in the guise of an AMP threat grid, which we saw in Chapter 1, Classifying Threats. This links to objectives 4.5 and 4.6 in the 210–255 topic list:

Implementing Cisco Cybersecurity Operations (210...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 4
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY