O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CCNA Cyber Ops SECOPS - Certification Guide 210-255

Book Description

Develop your cybersecurity knowledge to obtain CCNA Cyber Ops certification and gain professional skills to identify and remove potential threats

Key Features

  • Explore different security analysis tools and develop your knowledge to confidently pass the 210-255 SECOPS exam
  • Grasp real-world cybersecurity skills such as threat analysis, event correlation, and identifying malicious activity
  • Learn through mock tests, useful tips, and up-to-date exam questions

Book Description

Cybersecurity roles have grown exponentially in the IT industry and an increasing number of organizations have set up security operations centers (SOCs) to monitor and respond to security threats. The 210-255 SECOPS exam is the second of two exams required for the Cisco CCNA Cyber Ops certification. By providing you with fundamental knowledge of SOC events, this certification validates your skills in managing cybersecurity processes such as analyzing threats and malicious activities, conducting security investigations, and using incident playbooks.

You'll start by understanding threat analysis and computer forensics, which will help you build the foundation for learning intrusion analysis and incident response principles. The book will then guide you through vocabulary and techniques for analyzing data from the network and previous events. In later chapters, you'll discover how to identify, analyze, correlate, and respond to incidents, including how to communicate technical and inaccessible (non-technical) examples. You'll be able to build on your knowledge as you learn through examples and practice questions, and finally test your knowledge with two mock exams that allow you to put what you've learned to the test.

By the end of this book, you'll have the skills to confidently pass the SECOPS 210-255 exam and achieve CCNA Cyber Ops certification.

What you will learn

  • Get up to speed with the principles of threat analysis in a network and on a host device
  • Understand the impact of computer forensics
  • Examine typical and atypical network data to identify intrusions
  • Identify the role of the SOC and explore other individual roles in incident response
  • Analyze data and events using common frameworks
  • Learn the phases of an incident and how incident response priorities change for each phase

Who this book is for

This book is for anyone who wants to prepare for the Cisco 210-255 SECOPS exam (CCNA Cyber Ops). If you're interested in cybersecurity, have already completed cybersecurity training as part of your formal education, or you work in Cyber Ops and just need a new certification, this book is for you. The certification guide looks at cyber operations from the ground up, consolidating concepts you may or may not have heard about before, to help you become a better cybersecurity operator.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. CCNA Cyber Ops SECOPS – Certification Guide 210-255
  3. About Packt
    1. Why subscribe?
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Conventions used
    4. Get in touch
      1. Reviews
  6. Section 1: Endpoint Threat Analysis and Forensics
  7. Classifying Threats
    1. Categorizing and communicating threats
      1. AMP Threat Grid
      2. Cuckoo Sandbox
      3. Requirements for CVSS
    2. Exploitability metrics
      1. Attack vector
      2. Attack complexity
      3. Privileges required
      4. User interaction
    3. Impact metrics
      1. Confidentiality
      2. Integrity
      3. Availability
    4. Scope
    5. Summary
    6. Questions
    7. Further reading
  8. Operating System Families
    1. Starting the operating system
      1. Basic Input Output System
      2. Master Boot Record
      3. Unified Extensible Firmware Interface
      4. GUID Partition Table
      5. Booting Windows and Linux
    2. Filesystems
      1. File Allocation Table 32
      2. New Technology Filesystem
      3. Extended Filesystem 4
    3. Making, finding, accessing, and editing data
      1. Creating files
      2. Locating files
      3. Reading files
      4. Changes to files and properties
      5. Deleting files
    4. Summary
    5. Questions
    6. Further reading
  9. Computer Forensics and Evidence Handling
    1. Types of evidence
      1. Digital forensics versus cybersecurity forensics
      2. Best evidence
      3. Direct versus indirect evidence
      4. Corroborative evidence
    2. Maintaining evidential value
      1. Altered disk image
      2. Unaltered disk image
      3. Chain of custody
    3. Attribution
      1. Asset attribution
      2. Threat actor attribution
    4. Summary
    5. Questions
    6. Further reading
  10. Section 2: Intrusion Analysis
  11. Identifying Rogue Data from a Dataset
    1. Using regexes to find normal characters
    2. Using regexes to find characters in a set
    3. Using regexes to extract groups of characters
    4. Using regex logical operators
    5. Summary
    6. Questions
    7. Further reading
  12. Warning Signs from Network Data
    1. Physical and data link layer (Ethernet) frame headers
      1. Layer 1
        1. Preamble
        2. Start frame delimiter
        3. Interframe separation
      2. Layer 2
        1. Addressing
        2. VLAN tagging
        3. Type/Length fields
        4. Cyclic redundancy checking
    2. Network layer (IPv4, IPv6, and ICMP) packet headers
      1. Internet Protocol (IPv4 and IPv6)
        1. Version
        2. IPv4: Internet Header Length, options, and padding
        3. IPv4 – Type of Service and IPv6 – Traffic Class
        4. IPv4 – Total Length and IPv6 – Payload Length
        5. IPv4 – Time-to-Live and IPv6 – Hop Limit
        6. IPv4 – Protocol and IPv6 – Next Header
        7. IPv4 – identification and flags
        8. Source and destination addresses
      2. ICMP
    3. Transport layer (TCP and UDP) segment and datagram headers
      1. TCP
        1. Source and destination ports
        2. Sequence and acknowledgment numbers
        3. Header length
        4. Flags
        5. Window
        6. Checksum
        7. Urgent pointer
      2. UDP
        1. Source and destination port
        2. Length
        3. Checksum
    4. Application layer (HTTP) headers
      1. Request header
        1. Request method name
        2. URI
        3. HTTP version
        4. User-Agent
      2. Response header
    5. Summary
    6. Questions
    7. Further reading
  13. Network Security Data Analysis
    1. PCAP files and Wireshark
      1. Viewing packet details
      2. Extracting data using Wireshark
    2. Alert identification
      1. Network indicators
        1. IP address (source/destination)
        2. Client and server port identity
        3. URI/URL
      2. Payload indicators
        1. Process (file or registry)
        2. System (API calls)
        3. Hashes
    3. Security technologies and their reports
      1. Network indicators
        1. NetFlow
        2. Proxy logs
      2. Payload indicators
        1. Antivirus
        2. Intrusion Detection Systems/Intrusion Prevention Systems
        3. Firewall
      3. Network application control
    4. Evaluating alerts
      1. Impact flags
      2. Firepower Management Center priorities
      3. Analyzing a network and host profile
    5. Decisions and errors
      1. True Positive (red and hatched)/True Negative (green and unhatched)
      2. False Positives (green and hatched)
      3. False Negatives (red and unhatched)
    6. Summary
    7. Questions
    8. Further reading
  14. Section 3: Incident Response
  15. Roles and Responsibilities During an Incident
    1. The incident response plan
      1. Organizational priorities
      2. Incident response requirement and capability
      3. Command-and-control
    2. The stages of an incident
      1. Preparation
      2. Detection and analysis
      3. Containment, eradication, and recovery
      4. Post-incident analysis (lessons learned)
    3. Incident response teams
      1. Internal CSIRT
      2. Coordination centers
      3. National CSIRT
      4. Analysis centers
      5. Vendor teams
      6. Managed Security Service Providers
    4. Summary
    5. Questions
    6. Further reading
  16. Network and Server Profiling
    1. Network profiling
      1. Total throughput
      2. Session duration
      3. Ports used
      4. Critical asset address space
    2. Server profiling
      1. Listening ports
      2. Logged in users/service accounts
        1. Which users are present?
        2. Where are users located?
        3. What privileges and access rights are available?
      3. Running processes, tasks, and applications
    3. Summary
    4. Questions
    5. Further reading
  17. Compliance Frameworks
    1. Payment Card Industry Data Security Standard
      1. Protected data elements
      2. Required actions
    2. Health Insurance Portability and Accountability Act, 1996
      1. Protected health information and covered entities
      2. Safeguards
        1. Administrative safeguards
        2. Physical safeguards
        3. Technical safeguards
    3. Sarbanes Oxley Act, 2002
    4. Summary
    5. Questions
    6. Further reading
  18. Section 4: Data and Event Analysis
  19. Data Normalization and Exploitation
    1. Creating commonality
      1. Standardized formatting
      2. Normalizing data
        1. Original data
        2. First normal form
        3. Second normal form
        4. Third normal form
        5. Criticisms
    2. The IP 5-tuple
      1. 5-tuple correlation
      2. Isolating compromised hosts
    3. Pinpointing threats and victims
      1. Malicious file identification
      2. Host identification
    4. Summary
    5. Questions
    6. Further reading
  20. Drawing Conclusions from the Data
    1. Finding a threat actor
    2. Deterministic and probabilistic analysis
      1. Data required
      2. Scope
      3. Results
      4. Examples
    3. Distinguishing and prioritizing significant alerts
    4. Summary
    5. Questions
    6. Further reading
  21. Section 5: Incident Handling
  22. The Cyber Kill Chain Model
    1. Planning
      1. Reconnaissance
        1. Technology
        2. Personnel
        3. Defenses
      2. Weaponization
    2. Preparation
      1. Delivery
      2. Exploitation
    3. Execution
      1. Installation
      2. Command and control
      3. Action on objectives
    4. Summary
    5. Questions
    6. Further reading
  23. Incident-Handling Activities
    1. VERIS
      1. Asset
      2. Actors
      3. Actions
      4. Attributes
    2. The phases of incident handling
      1. Identification
      2. Scoping
      3. Containment
      4. Remediation
      5. Lesson-based hardening
      6. Reporting
    3. Conducting an investigation
      1. Evidential collection order
      2. Data integrity and preservation
      3. Volatile data collection
    4. Summary
    5. Questions
    6. Further reading
  24. Section 6: Mock Exams
  25. Mock Exam 1
  26. Mock Exam 2
  27. Assessments
    1. Chapter 1: Classifying Threats
    2. Chapter 2: Operating System Families
    3. Chapter 3: Computer Forensics and Evidence Handling
    4. Chapter 4: Identifying Rogue Data from a Dataset
    5. Chapter 5: Warning Signs from Network Data
    6. Chapter 6: Network Security Data Analysis
    7. Chapter 7: Roles and Responsibilities During an Incident
    8. Chapter 8: Network and Server Profiling
    9. Chapter 9: Compliance Frameworks
    10. Chapter 10: Data Normalization and Exploitation
    11. Chapter 11: Drawing Conclusions from the Data
    12. Chapter 12: The Cyber Kill Chain Model
    13. Chapter 13: Incident-Handling Activities
    14. Chapter 14 – Mock Exam 1
    15. Chapter 15 – Mock Exam 2
  28. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think