Introduction

CCNA Cybersecurity Operations Companion Guide is the official supplemental textbook for the Cisco Networking Academy CCNA Cybersecurity Operations v1.x course. Cisco Networking Academy is a comprehensive program that delivers information technology skills to students around the world. The curriculum emphasizes real-world practical application, while providing opportunities for you to gain the skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level cybersecurity analyst working in a Security Operations Center (SOC).

As a textbook, this book provides a ready reference to explain the same concepts, technologies, protocols, and tools as the online curriculum. You can use the online curriculum as directed by your instructor and then use this Companion Guide’s study tools to help solidify your understanding of all the topics.

• Objectives: Listed at the beginning of each chapter, the objectives reference the core concepts covered in the chapter. The objectives match the objectives stated in the corresponding chapters of the online curriculum; however, the question format in the Companion Guide encourages you to think about finding the answers as you read the chapter.

• Notes: These are short sidebars that point out interesting facts, time-saving methods, and important safety issues.

• Chapter summaries: At the end of each chapter is a summary of the chapter’s key concepts. It provides a synopsis of the chapter and serves as a study aid.

• Practice: At the end of chapter there is a full list of all the labs, class activities, and Packet Tracer activities to refer back to for study time.

• Key terms: Each chapter begins with a list of key terms, along with a page number reference from inside the chapter. The terms are listed in the order in which they are explained in the chapter. This handy reference allows you to find a term, flip to the page where the term appears, and see the term used in context. The Glossary defines all the key terms.

• Glossary: This book contains an all new Glossary with almost 400 terms.

• Check Your Understanding questions and answer key: Review questions are presented at the end of each chapter as a self-assessment tool. These questions match the style of questions that you see in the online course. Appendix A, “Answers to the ‘Check Your Understanding’ Questions,” provides an answer key to all the questions and includes an explanation of each answer.

• Labs and activities: Throughout each chapter, you will be directed back to the online course to take advantage of the activities created to reinforce concepts. In addition, at the end of each chapter, there is a practice section that collects a list of all the labs and activities to provide practice with the topics introduced in that chapter.

• Page references to online course: After headings, you will see, for example, (1.1.2.3). This number refers to the page number in the online course so that you can easily jump to that spot online to view a video, practice an activity, perform a lab, or review a topic.

About Packet Tracer Software and Activities

Interspersed throughout the chapters you’ll find a few Cisco Packet Tracer activities. Packet Tracer allows you to create networks, visualize how packets flow in the network, and use basic testing tools to determine whether the network would work. When you see this icon, you can use Packet Tracer with the listed file to perform a task suggested in this book. The activity files are available in the course. Packet Tracer software is available only through the Cisco Networking Academy website. Ask your instructor for access to Packet Tracer.

• Chapter 1, “Cybersecurity and the Security Operations Center”: This chapter examines why networks and data are attacked and how to prepare for a career in cybersecurity operations.

• Chapter 2, “Windows Operating System”: This chapter discusses the features and characteristics of the Windows operating system, including its operation and how to secure Windows endpoints.

• Chapter 3, “Linux Operating System”: This chapter discusses the features and characteristics of the Linux operating system, including basic operation in the Linux shell, basic administrative tasks, and basic security-related tasks on a Linux host.

• Chapter 4, “Network Protocols and Services”: This chapter discusses the operation of network protocols and services, including network operations, Ethernet and IP, common testing utilities, address resolution, transport functionality, and applications that provide network services.

• Chapter 5, “Network Infrastructure”: This chapter discusses network infrastructure, including wired and wireless networks, network security devices, and network topologies.

• Chapter 6, “Principles of Network Security”: This chapter discusses the various types of network attacks, including how networks are attacked and the various types of threats and attacks.

• Chapter 7, “Network Attacks: A Deeper Look”: This chapter dives deeper into network attacks, including how to identify attacks using network monitoring tools. Also, the vulnerabilities of TCP/IP and network applications are discussed.

• Chapter 8, “Protecting the Network”: This chapter discusses methods to prevent malicious access to networks, hosts, and data, including approaches to network security defense, access control methods, and using various intelligence sources to locate current security threats.

• Chapter 9, “Cryptography and the Public Key Infrastructure”: This chapter discusses the impact of cryptography on network security monitoring, including tools to encrypt and decrypt data and the public key infrastructure (PKI).

• Chapter 10, “Endpoint Security and Analysis”: This chapter discusses how to investigate endpoint vulnerabilities and attacks, including malware analysis and endpoint vulnerability assessment.

• Chapter 11, “Security Monitoring”: This chapter discusses how to identify network security alerts, including how network security technologies affect security monitoring and the type of log files used in security monitoring.

• Chapter 12, “Intrusion Data Analysis”: This chapter discusses how to analyze network intrusion data to verify potential exploits, including the process of evaluating alerts, determining the source of an alert, and the handling of evidence to ensure proper attack attribution.

• Chapter 13, “Incident Response and Handling”: This chapter discusses how to apply incident response models to manage security incidents. Response models include the Cyber Kill Chain, the Diamond Model of intrusion, the VERIS schema, and NIST 800-61r2 standards.

• Appendix A, “Answers to the ‘Check Your Understanding’ Questions”: This appendix lists the answers to the “Check Your Understanding” review questions that are included at the end of each chapter.

• Glossary: The Glossary provides you with definitions for all the key terms identified in each chapter.