book

Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

by Omar Santos

December 2020

Intermediate to advanced

688 pages

21h 18m

English

Cisco Press

Read now

Unlock full access

The Cisco CyberOps Associate CertificationThe Exam Objectives (Domains)Steps to Pass the 200-201 CBROPS ExamSigning Up for the ExamFacts About the ExamAbout the Cisco CyberOps Associate CBROPS 200-201 Official Cert GuideThe Companion Website for Online Content ReviewHow to Access the Pearson Test Prep (PTP) AppCredits List
“Do I Know This Already?” QuizFoundation TopicsIntroduction to CybersecurityThreats, Vulnerabilities, and ExploitsNetwork Security SystemsIntrusion Detection Systems and Intrusion Prevention SystemsAdvanced Malware ProtectionWeb Security ApplianceEmail Security ApplianceCisco Security Management ApplianceCisco Identity Services EngineSecurity Cloud-Based SolutionsCisco NetFlowData Loss PreventionThe Principles of the Defense-in-Depth StrategyConfidentiality, Integrity, and Availability: The CIA TriadRisk and Risk AnalysisPersonally Identifiable Information and Protected Health InformationPrinciple of Least Privilege and Separation of DutiesSecurity Operations CentersPlaybooks, Runbooks, and Runbook AutomationDigital ForensicsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsCloud Computing and the Cloud Service ModelsCloud Security Responsibility ModelsDevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOpsUnderstanding the Different Cloud Security ThreatsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsInformation Security PrinciplesSubject and Object DefinitionAccess Control FundamentalsAccess Control ProcessInformation Security Roles and ResponsibilitiesAccess Control TypesAccess Control ModelsAccess Control MechanismsIdentity and Access Control ImplementationExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsTypes of AttacksTypes of VulnerabilitiesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsCryptographyBlock and Stream CiphersSymmetric and Asymmetric AlgorithmsHashesDigital SignaturesNext-Generation Encryption ProtocolsIPsec and SSL/TLSFundamentals of PKIRoot and Identity CertificatesRevoking Digital CertificatesUsing Digital CertificatesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsWhat Are VPNs?Site-to-Site vs. Remote-Access VPNsAn Overview of IPsecSSL VPNsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIntroduction to Identity and Access ManagementSecurity Events and Log ManagementAsset ManagementIntroduction to Enterprise Mobility ManagementConfiguration and Change ManagementVulnerability ManagementPatch ManagementExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIntroduction to Incident ResponseThe Incident Response PlanThe Incident Response ProcessInformation Sharing and CoordinationIncident Response Team StructureCommon Artifact Elements and Sources of Security EventsUnderstanding Regular ExpressionsProtocols, Protocol Headers, and Intrusion AnalysisHow to Map Security Event Types to Source TechnologiesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIntroduction to Digital ForensicsThe Role of Attribution in a Cybersecurity InvestigationThe Use of Digital EvidenceEvidentiary Chain of CustodyReverse EngineeringFundamentals of Microsoft Windows ForensicsFundamentals of Linux ForensicsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsNetwork Infrastructure LogsTraditional Firewall LogsNetFlow AnalysisNetwork Packet CaptureNetwork ProfilingExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsUnderstanding Host TelemetryHost ProfilingAnalyzing Windows EndpointsLinux and macOS AnalysisEndpoint Security TechnologiesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsSecurity Monitoring Challenges in the SOCAdditional Evasion and Obfuscation TechniquesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsNormalizing DataUsing the 5-Tuple Correlation to Respond to Security IncidentsUsing Retrospective Analysis and Identifying Malicious FilesMapping Threat Intelligence with DNS and Other ArtifactsUsing Deterministic Versus Probabilistic AnalysisExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsDiamond Model of IntrusionCyber Kill Chain ModelThe Kill Chain vs. MITRE’s ATT&CKExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsWhat Is Threat Hunting?The Threat-Hunting ProcessThreat Hunting and MITRE’s ATT&CKThreat-Hunting Case StudyThreat Hunting, Honeypots, Honeynets, and Active DefenseExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
Hands-on ActivitiesSuggested Plan for Final Review and StudySummary
Always Get the Latest at the Book’s Product PageIntroductionWhat Changed in the Cisco Cybersecurity Associate Exam?Modern Endpoint Security Monitoring: Rules, Signatures, and AI-Based DetectionLeveraging AI-Driven Threat Intelligence ToolsInterpreting the Sequence of Events During an Attack Based on Predictive AI Analysis of Traffic PatternsSummaryTest Your Skills

Content preview from Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

Chapter 8

Fundamentals of Intrusion Analysis

This chapter covers the following topics:

Introduction to Incident Response

The Incident Response Plan

The Incident Response Process

Information Sharing and Coordination

Incident Response Team Structure

Common Artifact Elements and Sources of Security Events

Understanding Regular Expressions

Protocols, Protocol Headers, and Intrusion Analysis

How to Map Security Event Types to Source Technologies

This chapter covers the common artifact elements and sources of security events and how you can use regular expressions to analyze security event data. You learn the details about different protocols, protocol headers, and how they relate to intrusion analysis. You also learn how to use packet captures for ...