0%

Begin a successful career in cybersecurity operations by achieving Cisco Certified CyberOps Associate 200-201 certification

Key Features

  • Receive expert guidance on how to kickstart your career in the cybersecurity industry
  • Gain hands-on experience while studying for the Cisco Certified CyberOps Associate certification exam
  • Work through practical labs and exercises mapped directly to the exam objectives

Book Description

Achieving the Cisco Certified CyberOps Associate 200-201 certification helps you to kickstart your career in cybersecurity operations. This book offers up-to-date coverage of 200-201 exam resources to fully equip you to pass on your first attempt.

The book covers the essentials of network security concepts and shows you how to perform security threat monitoring. You'll begin by gaining an in-depth understanding of cryptography and exploring the methodology for performing both host and network-based intrusion analysis. Next, you'll learn about the importance of implementing security management and incident response strategies in an enterprise organization. As you advance, you'll see why implementing defenses is necessary by taking an in-depth approach, and then perform security monitoring and packet analysis on a network. You'll also discover the need for computer forensics and get to grips with the components used to identify network intrusions. Finally, the book will not only help you to learn the theory but also enable you to gain much-needed practical experience for the cybersecurity industry.

By the end of this Cisco cybersecurity book, you'll have covered everything you need to pass the Cisco Certified CyberOps Associate 200-201 certification exam, and have a handy, on-the-job desktop reference guide.

What you will learn

  • Incorporate security into your architecture to prevent attacks
  • Discover how to implement and prepare secure designs
  • Identify access control models for digital assets
  • Identify point of entry, determine scope, contain threats, and remediate
  • Find out how to perform malware analysis and interpretation
  • Implement security technologies to detect and analyze threats

Who this book is for

This book is for students who want to pursue a career in cybersecurity operations, threat detection and analysis, and incident response. IT professionals, network security engineers, security operations center (SOC) engineers, and cybersecurity analysts looking for a career boost and those looking to get certified in Cisco cybersecurity technologies and break into the cybersecurity industry will also benefit from this book. No prior knowledge of IT networking and cybersecurity industries is needed.

Table of Contents

  1. Cisco Certified CyberOps Associate 200-201 Certification Guide
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Code in Action
    6. Download the color images
    7. Conventions used
    8. Get in touch
    9. Reviews
  6. Section 1: Network and Security Concepts
  7. Chapter 1: Exploring Networking Concepts
    1. Technical requirements
    2. The functions of the network layers
    3. The OSI reference model
    4. The TCP/IP protocol suite
    5. Understanding the purpose of various network protocols
    6. Transmission Control Protocol
    7. User Datagram Protocol
    8. Internet Protocol
    9. The Internet Control Message Protocol
    10. Lab – inspecting ICMP messages with Wireshark
    11. Summary
    12. Questions
    13. Further reading
  8. Chapter 2: Exploring Network Components and Security Systems
    1. Technical requirements
    2. Exploring various network services
    3. Address Resolution Protocol
    4. Domain Name System
    5. Dynamic Host Configuration Protocol
    6. Discovering the role and operations of network devices
    7. Hubs
    8. Switches
    9. Layer 3 switches
    10. Routers
    11. Wireless Access Point (WAP)
    12. Wireless LAN Controller (WLC)
    13. Describing the functions of Cisco network security systems
    14. Firewall
    15. Cisco Intrusion Prevention System (IPS)
    16. Web Security Appliance
    17. Email Security Appliance
    18. Cisco Advanced Malware Protection
    19. Summary
    20. Questions
    21. Further reading
  9. Chapter 3: Discovering Security Concepts
    1. Introducing the principles of defense in depth
    2. Confidentiality
    3. Integrity
    4. Availability
    5. Combining the three pillars
    6. Exploring security terminologies
    7. Threats, vulnerabilities, and exploits
    8. Identifying threat actors
    9. Understanding runbook automation
    10. Chain of custody
    11. Reverse engineering
    12. PII and PHI
    13. Understanding risk
    14. Exploring access control models
    15. Discretionary access control
    16. Mandatory access control
    17. Rule-based access control
    18. Time-based access control
    19. Role-based access control
    20. Authentication, authorization, and accounting
    21. Understanding security deployment
    22. Summary
    23. Questions
  10. Section 2: Principles of Security Monitoring
  11. Chapter 4: Understanding Security Principles
    1. Technical requirements
    2. Understanding a security operation center
    3. Types of SOC
    4. Elements of an SOC
    5. Understanding the security tools used to inspect data types on a network
    6. Attack surface and vulnerability
    7. tcpdump
    8. NetFlow
    9. Application visibility and control
    10. Web content filtering
    11. Email content filtering
    12. Understanding the impact of data visibility through networking technologies
    13. Access control lists
    14. NAT and PAT
    15. Tunneling, encapsulation, and encryption
    16. Peer-to-Peer (P2P) and TOR
    17. Load balancing
    18. Next-gen IPS event types
    19. Understanding how threat actors transport malicious code
    20. The domain name system
    21. The Network Time Protocol
    22. Web-based traffic
    23. Email-based traffic
    24. Delving into data types used during security monitoring
    25. Session data
    26. Transaction data
    27. Full packet capture
    28. Statistical data
    29. Extracted content (metadata)
    30. Alert data
    31. Summary
    32. Questions
    33. Further reading
  12. Chapter 5: Identifying Attack Methods
    1. Understanding network-based attacks
    2. Denial of Service
    3. Protocol-based attacks
    4. Distributed Denial of Service
    5. Man-in-the-middle
    6. Exploring web application attacks
    7. SQL injection
    8. Command injection
    9. Cross-site scripting
    10. Cross-site request forgery
    11. Delving into social engineering attacks
    12. Key elements of social engineering
    13. Types of social engineering attacks
    14. Understanding endpoint-based attacks
    15. Buffer overflows
    16. Command and control (C2)
    17. Malware and ransomware
    18. Interpreting evasion and obfuscation techniques
    19. Summary
    20. Questions
    21. Further reading
  13. Chapter 6: Working with Cryptography and PKI
    1. Technical requirements
    2. Understanding the need for cryptography
    3. Elements of cryptography
    4. Types of ciphers
    5. Substitution cipher
    6. Transposition cipher
    7. Understanding cryptanalysis
    8. Understanding the hashing process
    9. Describing hashing algorithms
    10. Lab – Comparing hashes
    11. Exploring symmetric encryption algorithms
    12. Symmetric algorithms
    13. Delving into asymmetric encryption algorithms
    14. Understanding PKI
    15. Components of PKI
    16. PKI trust system
    17. Lab – Observing the exchange of digital certificates
    18. Using cryptography in wireless security
    19. Summary
    20. Questions
    21. Further reading
  14. Section 3: Host and Network-Based Analysis
  15. Chapter 7: Delving into Endpoint Threat Analysis
    1. Technical requirements
    2. Understanding endpoint security technologies
    3. Anti-malware and antivirus
    4. Host-based firewall
    5. Host-based intrusion detection
    6. Application-level whitelisting/blacklisting
    7. Systems-based sandboxing
    8. Understanding Microsoft Windows components
    9. Processes, threads, and services
    10. The Windows paging file
    11. Windows registry
    12. Windows Management Instrumentation
    13. Monitoring tools
    14. Exploring Linux components
    15. Linux Terminal
    16. Viewing directories
    17. Log files
    18. Monitoring resources
    19. Summary
    20. Questions
    21. Further reading
  16. Chapter 8: Interpreting Endpoint Security
    1. Technical requirements
    2. Exploring the Microsoft Windows filesystem
    3. Filesystems
    4. Alternate data streams
    5. Delving into the Linux filesystem
    6. Understanding the CVSS
    7. CVSS metrics
    8. Working with malware analysis tools
    9. Lab exercise – Building a malware analysis sandbox
    10. Summary
    11. Questions
  17. Chapter 9: Exploring Computer Forensics
    1. Technical requirements
    2. Understanding the need for computer forensics
    3. Understanding the process of digital forensics
    4. Understanding the chain of custody
    5. Understanding volatility of evidence
    6. Understanding types of evidence
    7. Contrasting tampered and untampered disk images
    8. Lab – capturing a disk image on Linux
    9. Lab – using FTK Imager to capture a disk image on Microsoft Windows
    10. Tools commonly used during a forensics investigation
    11. Understanding the role of attribution in an investigation
    12. Summary
    13. Questions
    14. Further reading
  18. Chapter 10: Performing Intrusion Analysis
    1. Technical requirements
    2. Identifying intrusion events based on source technologies
    3. IDS/IPS
    4. Firewall
    5. Network application control
    6. Proxy logs
    7. Antivirus
    8. Elements of NetFlow and transactional data
    9. Stateful and deep packet firewall operations
    10. DPI firewall
    11. Stateful firewall
    12. Packet filtering
    13. Comparing inline traffic interrogation techniques
    14. Understanding impact and no impact on intrusion
    15. Protocol headers in intrusion analysis
    16. Ethernet frame
    17. IPv4 and IPv6
    18. TCP
    19. UDP
    20. ICMP
    21. SMTP
    22. HTTP and HTTPS
    23. ARP
    24. Packet analysis using a PCAP file and Wireshark
    25. Lab – packet analysis using Wireshark
    26. Summary
    27. Questions
    28. Further reading
  19. Section 4: Security Policies and Procedures
  20. Chapter 11: Security Management Techniques
    1. Technical requirements
    2. Identifying common artifact elements
    3. Interpreting basic regular expressions
    4. Lab – using regexes to find specific data values
    5. Understanding asset management
    6. Delving into configuration and mobile device management
    7. Exploring patch and vulnerability management
    8. Summary
    9. Questions
    10. Further reading
  21. Chapter 12: Dealing with Incident Response
    1. Understanding the incident handling process
    2. Understanding the phases of incident handling
    3. Exploring CSIRT teams and their responsibilities
    4. Delving into network and server profiling
    5. Network profiling
    6. Server profiling
    7. Comparing compliance frameworks
    8. PCI DSS
    9. HIPAA
    10. SOX
    11. Summary
    12. Questions
    13. Further reading
  22. Chapter 13: Implementing Incident Handling
    1. Understanding the NIST SP 800-86 components
    2. Evidence collection order and volatility
    3. Data acquisition and integrity
    4. Sharing information using VERIS
    5. Exploring the Cyber Kill Chain
    6. Reconnaissance
    7. Weaponization
    8. Delivery
    9. Exploitation
    10. Installation
    11. Command and Control (C2)
    12. Actions on objectives
    13. Delving into the Diamond Model of Intrusion Analysis
    14. Identifying protected data in a network
    15. Personally Identifiable Information (PII)
    16. Personal Security Information (PSI)
    17. Protected Health Information (PHI)
    18. Intellectual property
    19. Summary
    20. Questions
    21. Further reading
  23. Chapter 14: Implementing Cisco Security Solutions
    1. Technical requirements
    2. Implementing AAA in a Cisco environment
    3. Part 1 – Configuring IP addresses on host devices
    4. Part 2 – Configuring RADIUS and TACACS+ services
    5. Part 3 – Configuring local AAA on the R1 router
    6. Part 4 – Configuring server-based AAA using RADIUS
    7. Part 5 – Configuring server-based AAA using TACACS+
    8. Part 6 – Verification
    9. Deploying a zone-based firewall
    10. Part 1 – Configuring IP addresses on PC 1 and the web server
    11. Part 2 – Enabling the security technology license on the HQ router
    12. Part 3 – Configuring IP addresses and routes on HQ and ISP routers
    13. Part 4 – Creating security zones
    14. Part 5 – Identifying traffic
    15. Part 6 – Creating a policy map to define the action of matching traffic
    16. Part 7 – Identifying the zone pair and match policy
    17. Part 8 – Assigning the security zones to the interface
    18. Part 9 – Verification
    19. Configuring an IPS
    20. Part 1 – Configuring IP addresses on end devices
    21. Part 2 – Enabling the security technology license on the HQ router
    22. Part 4 – Configuring the IPS signature storage location and rule on HQ
    23. Part 5 – Configuring the logging of IPS events
    24. Part 6 – Configuring IPS with signature categories
    25. Part 7 – Applying the IPS rule to an interface
    26. Part 8 – Creating an alert and dropping inbound ICMP Echo Reply packets
    27. Part 3 – Configuring IP addresses and routes on HQ and ISP routers
    28. Part 9 – Verification
    29. Summary
    30. Further reading
  24. Chapter 15: Working with Cisco Security Solutions
    1. Technical requirements
    2. Implementing secure protocols on Cisco devices
    3. Part 1 – Configuring IP addresses on host devices
    4. Part 2 – Configuring the Syslog and NTP servers
    5. Part 3 – Configuring hostnames, banners, and IP addresses on routers
    6. Part 4 – Configuring OSPFv2 routing with authentication
    7. Part 5 – Configuring NTP with authentication
    8. Part 6 – Configuring Syslog
    9. Part 7 – Implementing secure remote access using SSH
    10. Part 8 – Verification
    11. Deploying Layer 2 security controls
    12. Part 1 – Configuring end devices and the DHCP server
    13. Part 2 – Securing STP
    14. Part 3 – Configuring DHCP snooping with ARP inspection
    15. Part 4 – Verification
    16. Configuring a Cisco ASA firewall
    17. Part 1 – Configuring the ISP router and end devices
    18. Part 2 – Performing basic ASA configurations
    19. Part 3 – Configuring security zones and interfaces
    20. Part 4 – Assigning the physical interfaces to a security zone
    21. Part 5 – Configuring routing and NAT
    22. Part 6 – Configuring the Cisco MPF
    23. Part 7 – Configuring DHCP and remote access
    24. Part 8 – Configuring the DMZ
    25. Part 9 – Verification
    26. Summary
  25. Chapter 16: Real-World Implementation and Best Practices
    1. Technical requirements
    2. Implementing an open source SIEM tool
    3. Part 1 – Creating a virtual environment
    4. Part 2 – Installing OSSIM
    5. Part 3 – Getting started with AlienVault OSSIM
    6. Implementing tools to perform the active scanning of assets
    7. Part 1 – Setting up Kali Linux
    8. Part 2 – Acquiring and installing Nessus
    9. Part 3 – Performing a vulnerability scan
    10. Using open source breach and attack simulation tools
    11. Part 1 – Installing Infection Monkey
    12. Part 2 – Setting up C2
    13. Part 3 – Breach and attack reporting
    14. Implementing an open source honeypot platform
    15. Part 1 – Creating the virtual environment
    16. Part 2 – Installing the honeypot platform
    17. Part 3 – Initializing the honeypot and its applications
    18. Part 4 – Accessing the honeypot dashboard
    19. Summary
  26. Chapter 17: Mock Exam 1
  27. Chapter 18: Mock Exam 2
    1. Questions
  28. Assessment
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
    12. Chapter 12
    13. Chapter 13
    14. Chapter 17
    15. Chapter 18
    16. Why subscribe?
  29. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think
44.200.77.59