Home Page Icon
Home Page
Table of Contents for
Assessment
Close
Assessment
by
Cisco Certified CyberOps Associate 200-201 Certification Guide
Cisco Certified CyberOps Associate 200-201 Certification Guide
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Network and Security Concepts
Chapter 1: Exploring Networking Concepts
Technical requirements
The functions of the network layers
The OSI reference model
The TCP/IP protocol suite
Understanding the purpose of various network protocols
Transmission Control Protocol
User Datagram Protocol
Internet Protocol
The Internet Control Message Protocol
Lab – inspecting ICMP messages with Wireshark
Summary
Questions
Further reading
Chapter 2: Exploring Network Components and Security Systems
Technical requirements
Exploring various network services
Address Resolution Protocol
Domain Name System
Dynamic Host Configuration Protocol
Discovering the role and operations of network devices
Hubs
Switches
Layer 3 switches
Routers
Wireless Access Point (WAP)
Wireless LAN Controller (WLC)
Describing the functions of Cisco network security systems
Firewall
Cisco Intrusion Prevention System (IPS)
Web Security Appliance
Email Security Appliance
Cisco Advanced Malware Protection
Summary
Questions
Further reading
Chapter 3: Discovering Security Concepts
Introducing the principles of defense in depth
Confidentiality
Integrity
Availability
Combining the three pillars
Exploring security terminologies
Threats, vulnerabilities, and exploits
Identifying threat actors
Understanding runbook automation
Chain of custody
Reverse engineering
PII and PHI
Understanding risk
Exploring access control models
Discretionary access control
Mandatory access control
Rule-based access control
Time-based access control
Role-based access control
Authentication, authorization, and accounting
Understanding security deployment
Summary
Questions
Section 2: Principles of Security Monitoring
Chapter 4: Understanding Security Principles
Technical requirements
Understanding a security operation center
Types of SOC
Elements of an SOC
Understanding the security tools used to inspect data types on a network
Attack surface and vulnerability
tcpdump
NetFlow
Application visibility and control
Web content filtering
Email content filtering
Understanding the impact of data visibility through networking technologies
Access control lists
NAT and PAT
Tunneling, encapsulation, and encryption
Peer-to-Peer (P2P) and TOR
Load balancing
Next-gen IPS event types
Understanding how threat actors transport malicious code
The domain name system
The Network Time Protocol
Web-based traffic
Email-based traffic
Delving into data types used during security monitoring
Session data
Transaction data
Full packet capture
Statistical data
Extracted content (metadata)
Alert data
Summary
Questions
Further reading
Chapter 5: Identifying Attack Methods
Understanding network-based attacks
Denial of Service
Protocol-based attacks
Distributed Denial of Service
Man-in-the-middle
Exploring web application attacks
SQL injection
Command injection
Cross-site scripting
Cross-site request forgery
Delving into social engineering attacks
Key elements of social engineering
Types of social engineering attacks
Understanding endpoint-based attacks
Buffer overflows
Command and control (C2)
Malware and ransomware
Interpreting evasion and obfuscation techniques
Summary
Questions
Further reading
Chapter 6: Working with Cryptography and PKI
Technical requirements
Understanding the need for cryptography
Elements of cryptography
Types of ciphers
Substitution cipher
Transposition cipher
Understanding cryptanalysis
Understanding the hashing process
Describing hashing algorithms
Lab – Comparing hashes
Exploring symmetric encryption algorithms
Symmetric algorithms
Delving into asymmetric encryption algorithms
Understanding PKI
Components of PKI
PKI trust system
Lab – Observing the exchange of digital certificates
Using cryptography in wireless security
Summary
Questions
Further reading
Section 3: Host and Network-Based Analysis
Chapter 7: Delving into Endpoint Threat Analysis
Technical requirements
Understanding endpoint security technologies
Anti-malware and antivirus
Host-based firewall
Host-based intrusion detection
Application-level whitelisting/blacklisting
Systems-based sandboxing
Understanding Microsoft Windows components
Processes, threads, and services
The Windows paging file
Windows registry
Windows Management Instrumentation
Monitoring tools
Exploring Linux components
Linux Terminal
Viewing directories
Log files
Monitoring resources
Summary
Questions
Further reading
Chapter 8: Interpreting Endpoint Security
Technical requirements
Exploring the Microsoft Windows filesystem
Filesystems
Alternate data streams
Delving into the Linux filesystem
Understanding the CVSS
CVSS metrics
Working with malware analysis tools
Lab exercise – Building a malware analysis sandbox
Summary
Questions
Chapter 9: Exploring Computer Forensics
Technical requirements
Understanding the need for computer forensics
Understanding the process of digital forensics
Understanding the chain of custody
Understanding volatility of evidence
Understanding types of evidence
Contrasting tampered and untampered disk images
Lab – capturing a disk image on Linux
Lab – using FTK Imager to capture a disk image on Microsoft Windows
Tools commonly used during a forensics investigation
Understanding the role of attribution in an investigation
Summary
Questions
Further reading
Chapter 10: Performing Intrusion Analysis
Technical requirements
Identifying intrusion events based on source technologies
IDS/IPS
Firewall
Network application control
Proxy logs
Antivirus
Elements of NetFlow and transactional data
Stateful and deep packet firewall operations
DPI firewall
Stateful firewall
Packet filtering
Comparing inline traffic interrogation techniques
Understanding impact and no impact on intrusion
Protocol headers in intrusion analysis
Ethernet frame
IPv4 and IPv6
TCP
UDP
ICMP
SMTP
HTTP and HTTPS
ARP
Packet analysis using a PCAP file and Wireshark
Lab – packet analysis using Wireshark
Summary
Questions
Further reading
Section 4: Security Policies and Procedures
Chapter 11: Security Management Techniques
Technical requirements
Identifying common artifact elements
Interpreting basic regular expressions
Lab – using regexes to find specific data values
Understanding asset management
Delving into configuration and mobile device management
Exploring patch and vulnerability management
Summary
Questions
Further reading
Chapter 12: Dealing with Incident Response
Understanding the incident handling process
Understanding the phases of incident handling
Exploring CSIRT teams and their responsibilities
Delving into network and server profiling
Network profiling
Server profiling
Comparing compliance frameworks
PCI DSS
HIPAA
SOX
Summary
Questions
Further reading
Chapter 13: Implementing Incident Handling
Understanding the NIST SP 800-86 components
Evidence collection order and volatility
Data acquisition and integrity
Sharing information using VERIS
Exploring the Cyber Kill Chain
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control (C2)
Actions on objectives
Delving into the Diamond Model of Intrusion Analysis
Identifying protected data in a network
Personally Identifiable Information (PII)
Personal Security Information (PSI)
Protected Health Information (PHI)
Intellectual property
Summary
Questions
Further reading
Chapter 14: Implementing Cisco Security Solutions
Technical requirements
Implementing AAA in a Cisco environment
Part 1 – Configuring IP addresses on host devices
Part 2 – Configuring RADIUS and TACACS+ services
Part 3 – Configuring local AAA on the R1 router
Part 4 – Configuring server-based AAA using RADIUS
Part 5 – Configuring server-based AAA using TACACS+
Part 6 – Verification
Deploying a zone-based firewall
Part 1 – Configuring IP addresses on PC 1 and the web server
Part 2 – Enabling the security technology license on the HQ router
Part 3 – Configuring IP addresses and routes on HQ and ISP routers
Part 4 – Creating security zones
Part 5 – Identifying traffic
Part 6 – Creating a policy map to define the action of matching traffic
Part 7 – Identifying the zone pair and match policy
Part 8 – Assigning the security zones to the interface
Part 9 – Verification
Configuring an IPS
Part 1 – Configuring IP addresses on end devices
Part 2 – Enabling the security technology license on the HQ router
Part 4 – Configuring the IPS signature storage location and rule on HQ
Part 5 – Configuring the logging of IPS events
Part 6 – Configuring IPS with signature categories
Part 7 – Applying the IPS rule to an interface
Part 8 – Creating an alert and dropping inbound ICMP Echo Reply packets
Part 3 – Configuring IP addresses and routes on HQ and ISP routers
Part 9 – Verification
Summary
Further reading
Chapter 15: Working with Cisco Security Solutions
Technical requirements
Implementing secure protocols on Cisco devices
Part 1 – Configuring IP addresses on host devices
Part 2 – Configuring the Syslog and NTP servers
Part 3 – Configuring hostnames, banners, and IP addresses on routers
Part 4 – Configuring OSPFv2 routing with authentication
Part 5 – Configuring NTP with authentication
Part 6 – Configuring Syslog
Part 7 – Implementing secure remote access using SSH
Part 8 – Verification
Deploying Layer 2 security controls
Part 1 – Configuring end devices and the DHCP server
Part 2 – Securing STP
Part 3 – Configuring DHCP snooping with ARP inspection
Part 4 – Verification
Configuring a Cisco ASA firewall
Part 1 – Configuring the ISP router and end devices
Part 2 – Performing basic ASA configurations
Part 3 – Configuring security zones and interfaces
Part 4 – Assigning the physical interfaces to a security zone
Part 5 – Configuring routing and NAT
Part 6 – Configuring the Cisco MPF
Part 7 – Configuring DHCP and remote access
Part 8 – Configuring the DMZ
Part 9 – Verification
Summary
Chapter 16: Real-World Implementation and Best Practices
Technical requirements
Implementing an open source SIEM tool
Part 1 – Creating a virtual environment
Part 2 – Installing OSSIM
Part 3 – Getting started with AlienVault OSSIM
Implementing tools to perform the active scanning of assets
Part 1 – Setting up Kali Linux
Part 2 – Acquiring and installing Nessus
Part 3 – Performing a vulnerability scan
Using open source breach and attack simulation tools
Part 1 – Installing Infection Monkey
Part 2 – Setting up C2
Part 3 – Breach and attack reporting
Implementing an open source honeypot platform
Part 1 – Creating the virtual environment
Part 2 – Installing the honeypot platform
Part 3 – Initializing the honeypot and its applications
Part 4 – Accessing the honeypot dashboard
Summary
Chapter 17: Mock Exam 1
Chapter 18: Mock Exam 2
Questions
Assessment
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 17
Chapter 18
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Chapter 18: Mock Exam 2
Next
Next Chapter
Why subscribe?
Assessment
Chapter 1
C
B
D
A
B
D
C
Chapter 2
A
C
B
C
C
A, C
Chapter 3
A
B
D
C
D
B
A
Chapter 4
C
B
A
D
C
B
Chapter 5
B
A
D
B
C
Chapter 6
A
D
A
B
D
C
Chapter 7
C
A
B
D
C
Chapter 8
B
C
A
C
D
Chapter 9
A
D
C
D
C
Chapter 10
C
D
A
B
D
Chapter 11
D.
B.
C.
B.
A.
Chapter 12
B
C
A
D
B
Chapter 13
D
A
C
D
B
Chapter 17
C
A
C
D
A
B
A
C
D
A
A
C
B
D
C
D
A
B
D
B
C
C
D
A
C
D
B
A
B
D
C
C
B
B
C
D
B
D
A
B
D
C
C
C
D
B
A
D
B
B
Chapter 18
B
D
D
B
B
C
C
A
D
B
D
C
A
D
B
C
B
A
D
C
B
D
A
D
A
A
C
B
D
A
C
B
D
C
A
A
C
D
C
A
C
D
B
A
C
D
C
C
A
D
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset