Preface

As a cybersecurity trainer, I've realized it's rare to find books that focus on cybersecurity operations for students and IT professionals who want to pursue a career in cybersecurity operations, incident response, and Blue Teaming strategies. Having the opportunity to write this book allowed me to share my knowledge, insights, and wisdom with others while helping to fill the gap between the offensive and defensive sides of cybersecurity.

When I gained my Cisco Certified CyberOps Associate certification, I fully understood the need and importance of such skills and knowledge for any professional within the cybersecurity industry. Therefore, I was inspired to give back to the community to help others learn and become better within their profession while improving their skills.

Using experience, research, and discussions with like-minded professionals within the industry, I was able to not only create the core content for the certification curriculum but also provided a beyond-certification approach through various chapters. This will allow you to obtain more in-depth information and strategies on key topics with hands-on labs to become an awesome cybersecurity professional.

As you embark on this new journey in the field of cybersecurity, I can definitely say it is going to be very exciting and thrilling as you will learn about the core operations of a cybersecurity professional.

The Cisco Certified CyberOps Associate certification is designed to provide you with all the essential skills and knowledge for the cybersecurity landscape of the world tomorrow. The certification is focused on ensuring the learner is well equipped to start a career in cybersecurity operations.

Furthermore, you will start by learning the fundamentals of networking and security concepts as they are important for cybersecurity professionals to have a solid foundation of how network protocols and security technologies function, and the role they play in enterprise networks.

You'll then take a deep dive in later sections of this book, which will cover how to perform security monitoring. You'll learn how to identify threats and various types of cyber-attacks. Then, you'll explore the need to perform both host-based and network-based analysis to detect and prevent intrusions on systems and networks.

Lastly, as an aspiring cybersecurity professional you will also learn about various incident response standards, strategies, and procedures that are used to prevent and recover from security events and intrusions.

Who this book is for

This book is written for students who are looking to pursue a career in cybersecurity operations, threat detection, and analysis, and aim to become part of a Blue Team. Additionally, IT professionals who are looking to gain a career boost and acquire new skills in security operations, incident response (IR), and security procedures will find this book a must-have in their library. Furthermore, enthusiasts and cybersecurity trainers who are always looking for great content will discover very informative discussions on key topics within the cybersecurity industry.

What this book covers

Chapter 1, Exploring Networking Concepts, covers the fundamentals of network protocol suites, and the characteristics and functionality of each layer of TCP/IP.

Chapter 2, Exploring Network Components and Security Systems, covers the function of various networking protocols, and the role and functions of networking and security devices.

Chapter 3, Discovering Security Concepts, covers the importance of implementing a Defense in Depth approach, explaining key security terminology and access control models.

Chapter 4, Understanding Security Principles, covers the functionality of a security operations center (SOC), how data visibility is affected by network technologies, and how threat actors are able to exfiltrate data using common network protocols.

Chapter 5, Identifying Attack Methods, covers the characteristics of common network-based attacks, web application attacks, social engineering attacks, and endpoint-based attacks, and explains how threat actors evade threat detection systems.

Chapter 6, Working with Cryptography and PKI, covers the importance of cryptography and the characteristics of confidentiality, interiority, origin authentication, non-repudiation, and Public Key Infrastructure (PKI).

Chapter 7, Delving into Endpoint Threat Analysis, covers the fundamentals of endpoint security and how it protects a system of various security threats, and also covers key components of both Windows and Linux operating systems that can help identify endpoint-based threats.

Chapter 8, Interpreting Endpoint Security, covers the filesystem for Windows and Linux operating systems, how security professionals are able to determine the vulnerability score of a security weakness, and malware analysis.

Chapter 9, Exploring Computer Forensics, covers the fundamentals of computer forensics, types of evidence collected during an investigation, and how to compare disk images.

Chapter 10, Performing Intrusion Analysis, covers the operations of various firewall technologies. It compares inline traffic interrogation techniques and explains the elements of various protocol headers as they relate to an intrusion.

Chapter 11, Security Management Techniques, covers the fundamentals of identifying artifact elements and explains the need for various security management techniques and practices within an enterprise organization.

Chapter 12, Dealing with Incident Response, covers the importance of incident response and handling processes, the characteristics of various security teams, and security compliance.

Chapter 13, Implementing Incident Handling, covers the fundamentals of implementing forensics techniques into IR, explains how the Cyber Kill Chain can be used to stop a cyber-attack, and explains how the Diamond Model of Intrusion is used to better understand how an intrusion occurs.

Chapter 14, Implementing Cisco Security Solutions, covers the fundamentals of implementing security solutions such as AAA, zone-based firewall, and an intrusion prevention system using Cisco solutions on a network.

Chapter 15, Working with Cisco Security Solutions, covers the fundamentals of implementing additional security solutions such as Layer 2 security controls, securing networking devices, and configuring a Cisco ASA firewall appliance.

Chapter 16, Real-World Implementation and Best Practices, covers advanced topics on implementing various real-world security solutions, such as an open source SIEM, performing active scanning of assets, performing breach and attack simulations, and deploying a honeypot.

Chapter 17, Mock Exam 1, includes a simple mock test containing questions that will help you to prepare for the Cisco Certified CyberOps Associate examination and will help you identify any topics you need to spend additional time learning about and practicing.

Chapter 18, Mock Exam 2, includes another mock test containing questions that will help you to prepare for the Cisco Certified CyberOps Associate examination.

To get the most out of this book

All of the labs completed within this book used virtualization technologies to ensure the learner can perform these hands-on labs without needing to purchase additional equipment. Keep in mind that you are required to have a fundamental knowledge of virtualization and its benefits. Furthermore, you are required to know the essentials of computer networking, such as IP addressing schemes and how to perform basic network troubleshooting.

When running the labs within this book, during some phases you'll notice that the installation or the setup process may get stuck. Don't worry, give it some time to complete on its own.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

After completing this book, using your imagination, attempt to use the knowledge and skills you have gained to perform vulnerability assessments and implement security technologies on your network. Keep in mind that you should not scan systems or networks that you do not own.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Cisco-Certified-CyberOps-Associate-200-201-Certification-Guide. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Code in Action

Code in Action videos for this book can be viewed at https://bit.ly/3xrwJTG.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781800560871_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "A subnet such as 255.255.255.0 contains a total of 24 ones, so we can represent this subnet mask by simply writing it as /24. "

A block of code is set as follows:

html, body, #map {

height: 100%;

margin: 0;

padding: 0

}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

[default]

exten => s,1,Dial(Zap/1|30)

exten => s,2,Voicemail(u100)

exten => s,102,Voicemail(b100)

exten => i,1,Voicemail(s0)

Any command-line input or output is written as follows:

$ ping 8.8.8.8 -c 4

$ sudo tcpdump -i eth0 -nn -s0 -v port 443 -w /home/kali/Desktop/tcpdump_capture.pcap

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "The VirtualBox import wizard will open. Simply click Import to begin importing the virtual image into VirtualBox."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.