book

Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

by Omar Santos

December 2020

Intermediate to advanced

688 pages

21h 18m

English

Cisco Press

Read now

Unlock full access

The Cisco CyberOps Associate CertificationThe Exam Objectives (Domains)Steps to Pass the 200-201 CBROPS ExamSigning Up for the ExamFacts About the ExamAbout the Cisco CyberOps Associate CBROPS 200-201 Official Cert GuideThe Companion Website for Online Content ReviewHow to Access the Pearson Test Prep (PTP) AppCredits List
“Do I Know This Already?” QuizFoundation TopicsIntroduction to CybersecurityThreats, Vulnerabilities, and ExploitsNetwork Security SystemsIntrusion Detection Systems and Intrusion Prevention SystemsAdvanced Malware ProtectionWeb Security ApplianceEmail Security ApplianceCisco Security Management ApplianceCisco Identity Services EngineSecurity Cloud-Based SolutionsCisco NetFlowData Loss PreventionThe Principles of the Defense-in-Depth StrategyConfidentiality, Integrity, and Availability: The CIA TriadRisk and Risk AnalysisPersonally Identifiable Information and Protected Health InformationPrinciple of Least Privilege and Separation of DutiesSecurity Operations CentersPlaybooks, Runbooks, and Runbook AutomationDigital ForensicsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsCloud Computing and the Cloud Service ModelsCloud Security Responsibility ModelsDevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOpsUnderstanding the Different Cloud Security ThreatsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsInformation Security PrinciplesSubject and Object DefinitionAccess Control FundamentalsAccess Control ProcessInformation Security Roles and ResponsibilitiesAccess Control TypesAccess Control ModelsAccess Control MechanismsIdentity and Access Control ImplementationExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsTypes of AttacksTypes of VulnerabilitiesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsCryptographyBlock and Stream CiphersSymmetric and Asymmetric AlgorithmsHashesDigital SignaturesNext-Generation Encryption ProtocolsIPsec and SSL/TLSFundamentals of PKIRoot and Identity CertificatesRevoking Digital CertificatesUsing Digital CertificatesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsWhat Are VPNs?Site-to-Site vs. Remote-Access VPNsAn Overview of IPsecSSL VPNsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIntroduction to Identity and Access ManagementSecurity Events and Log ManagementAsset ManagementIntroduction to Enterprise Mobility ManagementConfiguration and Change ManagementVulnerability ManagementPatch ManagementExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIntroduction to Incident ResponseThe Incident Response PlanThe Incident Response ProcessInformation Sharing and CoordinationIncident Response Team StructureCommon Artifact Elements and Sources of Security EventsUnderstanding Regular ExpressionsProtocols, Protocol Headers, and Intrusion AnalysisHow to Map Security Event Types to Source TechnologiesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIntroduction to Digital ForensicsThe Role of Attribution in a Cybersecurity InvestigationThe Use of Digital EvidenceEvidentiary Chain of CustodyReverse EngineeringFundamentals of Microsoft Windows ForensicsFundamentals of Linux ForensicsExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsNetwork Infrastructure LogsTraditional Firewall LogsNetFlow AnalysisNetwork Packet CaptureNetwork ProfilingExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsUnderstanding Host TelemetryHost ProfilingAnalyzing Windows EndpointsLinux and macOS AnalysisEndpoint Security TechnologiesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsSecurity Monitoring Challenges in the SOCAdditional Evasion and Obfuscation TechniquesExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsNormalizing DataUsing the 5-Tuple Correlation to Respond to Security IncidentsUsing Retrospective Analysis and Identifying Malicious FilesMapping Threat Intelligence with DNS and Other ArtifactsUsing Deterministic Versus Probabilistic AnalysisExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsDiamond Model of IntrusionCyber Kill Chain ModelThe Kill Chain vs. MITRE’s ATT&CKExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsWhat Is Threat Hunting?The Threat-Hunting ProcessThreat Hunting and MITRE’s ATT&CKThreat-Hunting Case StudyThreat Hunting, Honeypots, Honeynets, and Active DefenseExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
Hands-on ActivitiesSuggested Plan for Final Review and StudySummary
Always Get the Latest at the Book’s Product PageIntroductionWhat Changed in the Cisco Cybersecurity Associate Exam?Modern Endpoint Security Monitoring: Rules, Signatures, and AI-Based DetectionLeveraging AI-Driven Threat Intelligence ToolsInterpreting the Sequence of Events During an Attack Based on Predictive AI Analysis of Traffic PatternsSummaryTest Your Skills

Content preview from Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

Chapter 14

Classifying Intrusion Events into Categories

This chapter covers the following topics:

Diamond Model of Intrusion

Cyber Kill Chain Model

The Kill Chain vs. MITRE’s ATT&CK

Now that we have covered how to analyze data and events, let’s look at how to handle categorizing an incident that is identified during the monitoring process. A security incident is any event that threatens the security, confidentiality, integrity, or availability of something of value, such as assets, technical systems, networks, and so on. Things that can be identified as threats and would trigger an incident are violations of security policies, user policies, or general security practices. Examples would be gaining unauthorized access to a system, denying services, ...