CBROPS: Attack Surfaces, Vulnerability, & Analysis Tools

CBROPS: Attack Surfaces, Vulnerability, & Analysis Tools

• identify security terminology related to attack surfaces, vulnerabilities, and analysis tools
• recognize methods to reduce the attack surface
• identify the commands to configure NetFlow on a Cisco device
• identify the command used to monitor connections on a system
• identify the command used to monitor traffic traveling through a specific interface

There are many things in cybersecurity that sound similar but are not. In this course, you'll learn to distinguish the attack surface from vulnerability. You'll also learn the basics of the tcpdump and NetFlow tools. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operation

CBROPS: CVSS, Deployments, Access Control, & Data Visibility

CBROPS: CVSS, Deployments, Access Control, & Data Visibility

• identify the information used to build a CVSS score and what value it has to a cybersecurity data analyst
• recognize the advantages of using CVSS to understand system attacks
• recognize the importance of Common Vulnerability Scoring System (CVSS) score values
• describe security tools that are implemented to manage malware related issues
• identify different methods used to gather various types of security data
• identify log related security implementation methods and their benefits
• describe differences between different access control models
• identify different methods of access control
• identify key aspects of different access control models
• identify the components of AAA services
• describe data visibility challenges on the cloud and on hosts
• describe data visibility challenges on the network
• identify the needs of administrators regarding data visibility

A SOC data analyst may depend on external data to help with understanding potential attacks against systems. In this course, you'll learn how the CVSS helps and what information it provides to a cybersecurity data analyst. You'll examine the implementation of security methods and how they fit into security design. You'll review how access control is implemented across an organization and some of the available access control models. Finally, it's important to know about network data visibility challenges, so you'll learn what they are and how to deal with them. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Data & Attack Types

CBROPS: Data & Attack Types

• identify the steps to view statistical data in Wireshark
• identify the type of data that is an exact copy of network traffic
• recognize the data type that describes data
• identify the types of DDoS attacks
• recognize common techniques to perform MiTM attacks
• recognize the type of attack that involves multiple systems being used to overload a victim
• identify the types of cross-site scripting (XSS) attacks
• recognize the attack type that involves the hacker injecting database syntax into the web application
• recognize the techniques used to prevent injection attacks

In this course, you'll learn about data types that provide valuable information for security monitoring. You'll explore different network attacks, including protocol-based, DoS, DDoS and MITM attacks. Finally, you'll also look at common web application attacks like SQL injection, command injection, and cross-site scripting. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Data Loss, Host Isolation, & Detection Methods

CBROPS: Data Loss, Host Isolation, & Detection Methods

• classify network traffic types that indicate potential data loss
• describe different types of data loss and concerns regarding data loss
• identify potential sources of data loss via network infrastructure configurations
• identify traffic profile key values that flag potential data loss
• describe the benefits of using the 5-tuple approach to isolate hosts
• identify the components of the 5-tuple approach to isolating a particular host
• describe the differences between detection methodologies
• describe the key characteristics of different security threat detection tools
• differentiate between characteristics of different detection methods

In this course, you'll learn to identify potential data loss indicators noted from a traffic profile. Then, you'll explore the 5-tuple approach for isolating a host. Finally, there are different detection methods that are used when securing networks dynamically. You'll review the similarities between them and how they operate to bring about usable results. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: File Extraction, Event Artifacts, & Regular Expressions

CBROPS: File Extraction, Event Artifacts, & Regular Expressions

• identify methods used in Wireshark to decrypt traffic
• recognize the steps to export objects from a Wireshark capture
• identify how to filter traffic within Wireshark after the traffic has been captured
• identify the command in Wireshark to view an entire session between hosts
• identify the steps to upload a file through Armitage
• recognize the graphical tool to use in Kali to exploit systems
• identify the steps to view malware events within Firepower Management Center
• recognize how to use the Firepower Management Center to view information on potential intrusions
• identify how to exclude interfaces without an IP address from the output
• identify how to use grep to search for content within a file
• recognize how to specify content to display from the output of a command

In this course, you'll learn how to extract files from a TCP stream from a PCAP file using Wireshark. Next, you'll explore how to identify intrusion elements from a given pcap file using Wireshark. You'll learn how to interpret common artifacts from events for an alert using the Cisco FMC. Finally, you'll examine how to use basic regular expressions with grep and the Cisco CLI. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Firewall, Filtering, Visibility, & Control Data

CBROPS: Firewall, Filtering, Visibility, & Control Data

• describe the firewall type that can perform malware analysis
• identify packet headers used by firewalls to control traffic
• recognize the different types of firewalls
• identify Cisco content filtering products
• recognize common security threats the email security appliance protects against
• identify the ports opened on firewalls for different types of traffic
• identify types of packet analysis performed by firewalls
• recognize the layer of the OSI model for deep packet inspection
• identify data visibility challenges on firewalls that involve hiding the source of a packet
• identify methods to overcome visibility challenges
• recognize the data visibility challenge that hides the internal IP address schemes

A key part of your role as an SOC data analyst is knowing what tool will give you the type of data type you want to analyze. In this course, you'll learn about useful next-gen and stateful firewall data. You'll explore content filtering, as well as web and e-mail content filtering, and why they are useful. Next, you'll review application level visibility and control data. Finally, you'll learn how the use of different technology can cause unexpected data visibility challenges. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Host-based Analysis & the Role of Attribution

CBROPS: Host-based Analysis & the Role of Attribution

• identify the type of attack that involves the hacker using malicious software to call home and control your system
• recognize the type of attack a hacker uses to encrypt your data and withhold the encryption key
• recognize the type of attack that involves a hacker sending more data to an application than what it can handle
• identify tools that can be used to identify reliability issues with the Windows system
• recognize tools used to identify performance issues on a Windows system
• identify the command to view user account and group changes on a Linux system
• recognize the folder in Linux that is the default folder for log files
• recognize tools in Linux to monitor the health of the system
• identify an example of an indicator of compromise (IOC)
• recognize examples of digital assets when performing an investigation
• recognize the phases of the Cyber Kill Chain

In this course, you'll learn about host-based attacks in their various forms. Next, you'll explore components of Windows 10 and Ubuntu that are useful in host-based analysis. Finally, you'll examine the concept of attribution and its importance when investigating an organizational security breach. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Incident Response, Security Management, & Analysis

CBROPS: Incident Response, Security Management, & Analysis

• identify the NIST publication that contains forensics techniques that can be integrated into incident response
• recognize the phases of the forensics process
• recognize the steps to collecting evidence on a system when performing a computer forensics investigation
• identify the goal of asset management
• identify the steps to vulnerability management within an organization
• recognize the security management concept related to applying a configuration baseline on devices
• identify the goals of SOC metrics
• recognize the types of SOC metrics
• What is one of the job tasks performed by a tier 1 SOC analyst?

In this course, you'll review NIST800-86 to learn basic forensic techniques for incident response. You'll examine management concepts needed to be known and addressed in a security policy. Finally, you'll explore the relationship between metrics and scope analysis in a SOC. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Log Evidence, Disk Images, & Malware Analysis Output

CBROPS: Log Evidence, Disk Images, & Malware Analysis Output

• apply examples of evidence to their type of evidence
• recognize how data must be acquired from logs to be considered evidence
• recognize the use of the different types of evidence
• compare a duplicated target disk to the original source disk
• work with commands to create a disk image for an investigation
• work with disk to create a bit-by-bit duplicate
• recognize important attack information provided by malware analysis tools
• recognize information provided by malware analysis tools
• recognize malware analysis tools and the information they can provide

In this course, you'll examine the importance of logs, as well as types of evidence that can be acquired from them. Next, you'll learn how critical disk images can be during an investigation and about the comparisons and analysis that can transpire in an investigation. Finally, you'll review some of the most important information that can be found in the out of malware analysis tools. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Protected Data, Profiling, Forensics, & IRP

CBROPS: Protected Data, Profiling, Forensics, & IRP

• identify the average total cost to a data breach
• identify the type of information that should be protected using patents or copyrights
• identify the types of sensitive data that should be protected
• identify server profiling elements
• recognize the network profile element that allows you to identify the type of traffic that should be traveling on the network
• recognize tools used with network and server profiling
• identify the actions performed in each phase of incident handling
• identify the NIST special publication that defines best practices for incident handling
• recognize the steps to incident handling
• identify the incident response plan element that is responsible for maturing the incident response capabilities
• recognize the elements of the incident response plan that must align with the organization

In this course, you'll learn how to identify protected data in a network, as well as how to identify elements in network and server profiling. You'll explore the use of NIST SP 800-61 to identify forensic elements and how to apply them to the incident handling process. Finally, you'll learn how NIST SP 800-61 guides incident handling and review the elements of an incident response plan. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Security Events, Firewall Operations, & Traffic Analysis

CBROPS: Security Events, Firewall Operations, & Traffic Analysis

• determine infrastructure elements that are used during the Diamon Model of Intrusion
• identify the phases of the Cyber Kill Chain model
• recognize the phase of the Cyber Kill Chain that may involve a phishing attack
• identify key information being monitored with network application control
• identify the types of events that occur during network intrusion analysis
• recognize traffic patterns being monitored in a virtualization environment
• identify the layer of the OSI model that a DPI firewall runs at
• recognize the firewall type that only inspects the header of the packet
• identify monitoring features that can be configured on a Cisco device to monitor specific traffic
• identify the different methods to perform inline traffic interrogation
• recognize features of a Cisco switch that allows you to monitor network traffic

In this course, you'll learn to categorize intrusion events according to the cyber kill chain and diamond intrusion models. Next, with so many tools available, you'll examine which ones should be used to identify different security events. You'll learn the differences between deep packet inspection, packet filtering, and stateful firewall operations. Finally, you'll review the differences between inline traffic interrogation, taps, and traffic monitoring. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Social Engineering, Evasion, Obfuscation, & Certificates

CBROPS: Social Engineering, Evasion, Obfuscation, & Certificates

• identify the attack type that involves the hacker creating a fake identity
• identify the different types of social engineer attacks involving email messages or text messages
• recognize the attack type that involves infecting a website that is commonly visited by intended victims
• identify techniques hackers use for evading detection
• recognize obfuscation techniques used by hackers
• recognize the purpose of evasion and obfuscation techniques
• analyze packet headers to determine network activity that is occurring
• identify the standard for digital certificates
• recognize the different PKCS standards and their purpose
• recognize the phases of a TLS key exchange

In this course, you'll examine multiple examples of social engineering attacks that you should be familiar with as an analyst. Attacks are not always easily identified, so you'll learn about the different evasion and obfuscation techniques. Finally, you'll learn about the different components of digital certificates and what these components do. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: The CIA Triad & Security Approaches

CBROPS: The CIA Triad & Security Approaches

• identify what knowledge areas are required for the Cisco Certified CyberOps Associate certification
• describe the differences between the different aspects of the CIA triad
• describe the meaning of the CIA triad model
• identify the importance of various aspects of the CIA triad
• compare the differences between different security approaches
• describe the tools used to implement different cybersecurity approaches
• identify the characteristics of cybersecurity models
• identify the core responsibilities of a SOC Analyst
• recognize the security terminology and practices within the SOC
• recognize the value of cybersecurity tools

For those aspiring or current IT professionals pursuing a job role as an entry or associate-level cybersecurity analyst, or for those pursuing the Cisco Certified CyberOps Associate certification, this course will introduce you to cybersecurity operations in a security operation center. You'll review security concepts, policies, and procedures used by a CyberOps Associate working within a SOC. You'll learn about the CIA triad, a model of implementing security on networks. Next, you'll explore basic models for cybersecurity and various security approaches. Finally, you'll review security terminology you should be familiar with and common security practices and tools for the CyberOps Associate. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

CBROPS: Threat Actors, Security, & Risk Management

CBROPS: Threat Actors, Security, & Risk Management

• describe the differences between different types of threat actors
• identify different sources of cybersecurity threats
• recognize the characteristics that comprise a threat actor
• differentiate between various security concepts
• identify key differences between risks, threats, vulnerabilities, and exploits
• recognize examples of risks, threats, vulnerabilities, and exploits
• describe different methods of risk mitigation
• describe the process of assessing cybersecurity risks
• explain different strategies used for risk reduction

In this course, you'll learn about threat actor types and review related examples. You'll then explore commonly confused security concepts - risk, threat, vulnerability, and exploit. Finally, you'll examine risk management concepts, including risk scoring/weighting, risk reduction, and risk assessment. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.