CCNA Cyber Ops
210-250 Understanding Cisco Cybersecurity Fundamentals (SECFND)
SECFND: ACLs & Filtering
SECFND: Attacks and Evasion
SECFND: Basic Networking Protocols
SECFND: Basic Networking Services
SECFND: Cryptographic Encryption Algorithms
SECFND: Cryptographic Hashing Algorithms
SECFND: Cryptography
SECFND: Data Loss & Defense in Depth
SECFND: Digital Signatures
SECFND: Endpoint Security
SECFND: Filtering and Packet Capture
SECFND: Interpreting Log Data
SECFND: Linux Host Terminology
SECFND: Monitoring Network Protocols
SECFND: Network Addressing
SECFND: Network and Web Attacks
SECFND: Network Data Types
SECFND: Network Data Types and Security Monitoring
SECFND: Network Devices Operations & Security
SECFND: Network Models
SECFND: Network Monitoring
SECFND: Next Generation Firewalls
SECFND: Overview and Network Models
SECFND: Packet Analysis
SECFND: Security Attack Concepts
SECFND: Security Concepts
SECFND: Security Management Part 1
SECFND: Security Management Part 2
SECFND: SSL/TLS Components
SECFND: VLANS and Data Visibility
SECFND: Windows Host Terminology
210-255 Implementing Cisco Cybersecurity Operations (SECOPS)
SECOPS: Analyzing Intrusion Impact
SECOPS: Analyzing Threat Mitigation Reports
SECOPS: Categorize and Classify Intrusions
SECOPS: CSIRT Goals and Cybersec Elements
SECOPS: Data Normalization and 5-Tuple Correlation
SECOPS: Examining Intrusion Events
SECOPS: Firepower Management Console and Analysis Methods
SECOPS: Handling Incident Events and Evidence
SECOPS: HTTP Headers
SECOPS: ICMP Intrusion
SECOPS: ICMP Intrusion Part 2
SECOPS: Identifying Forensic Evidence
SECOPS: Identifying NetFlow v5 Records
SECOPS: Interpreting Regular Expressions
SECOPS: Intrusion Event Technologies
SECOPS: IP Header Security
SECOPS: Protocol Header Security
SECOPS: Responding to Incidents
SECOPS: Scoring with CVSS 3.0
SECOPS: Securing File Systems
SECOPS: Transport Layer Headers

SECFND: ACLs & Filtering

Course Number:
it_secfndtv_08_enus
Lesson Objectives

SECFND: ACLs & Filtering

  • describe packet filtering and block traffic based on IP addresses
  • describe packet filtering and firewall options that operate at higher OSI levels

Overview/Description

Examine access control lists, as well as how to apply packet filtering and block traffic based on IP addresses with a Cisco router. Explore how firewall devices operating at higher OSI levels can perform additional functions.



Target

Prerequisites: none

SECFND: Attacks and Evasion

Course Number:
it_secfndtv_31_enus
Lesson Objectives

SECFND: Attacks and Evasion

  • describe endpoint attacks and how buffer overflows, malware, rootkits, port scanning, and host profiling are used to attack an endpoint
  • describe evasion methods that attackers can use to avoid detection like tunneling, protocol misinterpretation, and traffic substitution

Overview/Description

Discover how attackers target your networks and evasion methods they may use. Buffer overflow, malware, port scanning, host profiling, encryption and tunneling, resource exhaustion, traffic fragmentation, and pivot attacks are covered.



Target

Prerequisites: none

SECFND: Basic Networking Protocols

Course Number:
it_secfndtv_03_enus
Lesson Objectives

SECFND: Basic Networking Protocols

  • describe the Internet Protocol and identify the need for IPv6
  • compare Transmission Control Protocol (TCP) with User Datagram Protocol (UDP) and describe the Internet Control Message Protocol (ICMP)

Overview/Description

Explore the network protocols that are used within most networks and the Internet, as well as the processes and tools that facilitate communication between network devices.



Target

Prerequisites: none

SECFND: Basic Networking Services

Course Number:
it_secfndtv_04_enus
Lesson Objectives

SECFND: Basic Networking Services

  • describe the Address Resolution Protocol (ARP) and how the Dynamic Host Configuration Protocol (DHCP) works on a network
  • describe the Domain Name System (DNS) and perform lookups and conversions between fully qualified domain names and IP addresses

Overview/Description

Discover the Address Resolution Protocol (ARP), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP) and how they are used to manage and facilitate communications over a network.



Target

Prerequisites: none

SECFND: Cryptographic Encryption Algorithms

Course Number:
it_secfndtv_19_enus
Lesson Objectives

SECFND: Cryptographic Encryption Algorithms

  • describe how encryption algorithms protect data and internally how they do that; and, how to select algorithms based on security levels
  • recognize the common encryption algorithms and algorithms used for securing communication

Overview/Description

Explore encryption algorithms, their history and characteristics, and the security impacts they have on networks. Examine the recommended minimum security algorithms based on use and how to appropriately choose an algorithm to use.



Target

Prerequisites: none

SECFND: Cryptographic Hashing Algorithms

Course Number:
it_secfndtv_18_enus
Objectives:

Overview/Description

Discover the security impact of commonly used hash algorithms, characteristics of successful hashing algorithms, and the types of hashing algorithms available.



Target

Prerequisites: none

SECFND: Cryptography

Course Number:
it_secfndtv_15_enus
Lesson Objectives

SECFND: Cryptography

  • describe hash and encryption algorithms and how they are used to secure data
  • compare symmetric and asymmetric encryption algorithms and the benefits for each type

Overview/Description

Explore how crypto algorithms are used to help secure data in a digital environment, including the use of hash and encryption algorithms. Discover the differences between symmetric and asymmetric key encryption and when to use each.



Target

Prerequisites: none

SECFND: Data Loss & Defense in Depth

Course Number:
it_secfndtv_11_enus
Lesson Objectives

SECFND: Data Loss & Defense in Depth

  • compare the concept of data loss from a security and a network perspective and understand the network concepts of packet retransmits and packet dropping
  • define the principles or defense-in-depth and describe why multiple layers of defense are required

Overview/Description

Discover the impacts of data loss from security and networking standpoints and analyze data loss using Wireshark. Explore the principles of Defense-in-Depth, including how to set up multiple defenses to act as independent road blocks.



Target

Prerequisites: none

SECFND: Digital Signatures

Course Number:
it_secfndtv_16_enus
Lesson Objectives

SECFND: Digital Signatures

  • create and verify a digital signature
  • describe the use and purpose of public key infrastructure (PKI) and the lifecycle of a certificate
  • describe how the success or failure of a cryptographic exchange can impact security

Overview/Description

Explore digital signatures and how to create and verify them. Examine public key infrastructure, when to use it, and common implementation designs. The role of cryptographic exchange on security investigations is also covered.



Target

Prerequisites: none

SECFND: Endpoint Security

Course Number:
it_secfndtv_22_enus
Objectives:

Overview/Description

Examine endpoint security, its purpose, and the associated risks. Tips for hardening individual endpoints are also provided.



Target

Prerequisites: none

SECFND: Filtering and Packet Capture

Course Number:
it_secfndtv_09_enus
Lesson Objectives

SECFND: Filtering and Packet Capture

  • describe deep packet inspection (DPI), stateful firewalls, and how to use them to filter or block traffic
  • work with Test Access Points (TAPs) to capture packets and describe how to mirror traffic for analysis

Overview/Description

Explore the concept of deep packet inspection, including why you would use it and packet capturing methods, such as inline traffic interrogation. Examine Test Access Points, how these devices copy network traffic, and traffic mirroring.



Target

Prerequisites: none

SECFND: Interpreting Log Data

Course Number:
it_secfndtv_23_enus
Lesson Objectives

SECFND: Interpreting Log Data

  • navigate logs for Windows Event Viewer, Linux syslog, and Apache
  • describe lower urgency levels and how to view logs for IIS

Overview/Description

Discover the importance of interpreting log data, including how to locate and decipher information. Viewing log info in Windows, Unix, Apache, and Mac systems is covered.



Target

Prerequisites: none

SECFND: Linux Host Terminology

Course Number:
it_secfndtv_21_enus
Lesson Objectives

SECFND: Linux Host Terminology

  • perform process and process tree listing in Linux and view system resource utilization
  • describe how process forking works in Linux and how symlinks and daemons work

Overview/Description

Examine basic Linux terminology, how to complete basic tasks in a Linux environment, and how to identify problematic or potentially malicious processes on a Linux system. Forks, symlink, daemons, and permissions are also covered.



Target

Prerequisites: none

SECFND: Monitoring Network Protocols

Course Number:
it_secfndtv_28_enus
Lesson Objectives

SECFND: Monitoring Network Protocols

  • describe how to monitor the Domain Name System and Network Time Protocol communications
  • monitor the simple mail transfer, post office, internet message access, and hypertext transfer protocols

Overview/Description

Explore the importance of monitoring the protocols being used in your network and the weaknesses protocols can have. Protocols covered include DNS, NTP, SMTP, POP, IMAP, HTTP, and HTTPS.



Target

Prerequisites: none

SECFND: Network Addressing

Course Number:
it_secfndtv_06_enus
Lesson Objectives

SECFND: Network Addressing

  • describe the structure of an IP address and the basics of subnetting
  • perform subnetting on example problems

Overview/Description

Examine the structure of an IP address, as well as how subnetting works and is used in networks.



Target

Prerequisites: none

SECFND: Network and Web Attacks

Course Number:
it_secfndtv_30_enus
Lesson Objectives

SECFND: Network and Web Attacks

  • describe denial-of-service (DoS), distributed denial-of-service (DDoS), man-in-the-middle (MiTM), and SQL injection attacks
  • describe cross-site scripting (XSS), LDAP injection, directory traversal, and header manipulation attacks

Overview/Description

Strengthen your security skills by familiarizing yourself with various attack styles. Explore DoS, DDoS, Man in the Middle, SQL injection, Cross-Site Scripting, LDAP injection, and directory traversal attacks.



Target

Prerequisites: none

SECFND: Network Data Types

Course Number:
it_secfndtv_24_enus
Lesson Objectives

SECFND: Network Data Types

  • examine network traffic using the Linux tool tcpdump
  • describe how to combat malicious attacks

Overview/Description

Discover how to examine network traffic in a Linux environment using tcpdump, including tool installation and filter customization. Identifying data types and viewing information to combat malicious email attacks is also covered.



Target

Prerequisites: none

SECFND: Network Data Types and Security Monitoring

Course Number:
it_secfndtv_25_enus
Lesson Objectives

SECFND: Network Data Types and Security Monitoring

  • describe network traffic from NetFlow
  • describe network tools and data used for network security monitoring (NSM)

Overview/Description

Explore data types and how data can be analyzed within networks, using tools such as tcpdump, Wireshark, and NetFlow. Examine how data can be useful as a tool for network security monitoring.



Target

Prerequisites: none

SECFND: Network Devices Operations & Security

Course Number:
it_secfndtv_05_enus
Lesson Objectives

SECFND: Network Devices Operations & Security

  • describe the basic hardware that is used to build a network like routers, switches, and hubs
  • recognize the use of some older and newer network technology, like bridges, Wireless Access Points (WAP) and Wireless LAN Controllers (WLC)
  • describe the available Cisco security offerings, including firewalls, intrusion prevention systems (IPS), malware protection, and web/email security appliances

Overview/Description

Explore the appliances, devices, and software Cisco has available and how they can be used to help solve networking and security issues.



Target

Prerequisites: none

SECFND: Network Models

Course Number:
it_secfndtv_02_enus
Objectives:

Overview/Description

Explore more of the OSI network model, some additional network models, and the TCP/IP network model.



Target

Prerequisites: none

SECFND: Network Monitoring

Course Number:
it_secfndtv_26_enus
Lesson Objectives

SECFND: Network Monitoring

  • describe monitoring security of NAT/PAT and how to configure an access control list
  • describe monitoring the security of TOR, P2P site traffic, encapsulated data, and tunnels

Overview/Description

Examine the importance of monitoring different network components, including how and where to configure an access control list on a router. Network and port address translation, tunneling, traffic types, and load balancing are also covered.



Target

Prerequisites: none

SECFND: Next Generation Firewalls

Course Number:
it_secfndtv_27_enus
Lesson Objectives

SECFND: Next Generation Firewalls

  • use Cisco's FireSIGHT to track events and view connections, hosts, and NetFlow events within a network

  • Overview/Description

    Explore events, the information they can provide about your network, and how to use Cisco FireSIGHT to highlight them. Viewing connection, intrusion, host, network discovery, and NetFlow events is also covered.



    Target

    Prerequisites: none

    SECFND: Overview and Network Models

    Course Number:
    it_secfndtv_01_enus
    Lesson Objectives

    SECFND: Overview and Network Models

    • describe the CCNA Cyber Ops 210-250 exam
    • describe the Open Systems Interconnect (OSI) model and recognize the seven layers starting with the Application, Presentation, and Session layers

    Overview/Description

    Discover the CCNA Cyber Ops exam and explore the OSI network model.



    Target

    Prerequisites: none

    SECFND: Packet Analysis

    Course Number:
    it_secfndtv_10_enus
    Lesson Objectives

    SECFND: Packet Analysis

    • use Wireshark to analyze mirrored traffic from a TAP
    • describe multiple methods to analyze network output and use Cisco NetFlow to obtain the flow information

    Overview/Description

    Discover how different types of output from packet capturing can be used and analyzed. Examine a demonstration of using Cisco NetFlow and Wireshark to obtain flow information.



    Target

    Prerequisites: none

    SECFND: Security Attack Concepts

    Course Number:
    it_secfndtv_29_enus
    Lesson Objectives

    SECFND: Security Attack Concepts

  • recognize the difference between an attack surface and vulnerability and how social engineering, phishing, and evasion methods can be used to attack a network

  • Overview/Description

    Explore various security attack concepts, including privilege escalation, social engineering, phishing, evasion methods, and remote and local attacks. Attack surface versus vulnerability is also covered.



    Target

    Prerequisites: none

    SECFND: Security Concepts

    Course Number:
    it_secfndtv_12_enus
    Lesson Objectives

    SECFND: Security Concepts

    • describe multiple security terms and compare risk, threat, vulnerability, and exploit concepts
    • describe additional security terminology, in particular, personal identifiable information (PII) and personal health information (PHI)

    Overview/Description

    Explore foundational security terms and concepts, including threats, vulnerabilities, and exploits. Chain of custody, reverse engineering, principle of least privilege, and risk scoring, reduction, and assessment are also covered.



    Target

    Prerequisites: none

    SECFND: Security Management Part 1

    Course Number:
    it_secfndtv_13_enus
    Lesson Objectives

    SECFND: Security Management Part 1

    • describe discretionary, mandatory, and nondiscretionary access controls
    • recognize terminology dealing with network and host-based antivirus, agent versus agentless protection, log management, and SIEM systems

    Overview/Description

    Explore different access control models, including discretionary, mandatory, and nondiscretionary. Examine industry-standard security concepts, including host-based antivirus, protection types, log collection, and SIEM systems.



    Target

    Prerequisites: none

    SECFND: Security Management Part 2

    Course Number:
    it_secfndtv_14_enus
    Lesson Objectives

    SECFND: Security Management Part 2

  • describe security management, including asset, configuration, patch, and vulnerability management

  • Overview/Description

    Take a detailed look at foundational security management concepts and how they are key to maintaining a secure environment. These concepts include asset, configuration, mobile device, patch, and vulnerability management.



    Target

    Prerequisites: none

    SECFND: SSL/TLS Components

    Course Number:
    it_secfndtv_17_enus
    Lesson Objectives

    SECFND: SSL/TLS Components

    • describe SSL/TLS, its components, and how it secures communications, and describe X.509 certificates
    • describe the Public Key Cryptography Standard (PKCS) and secure key exchange

    Overview/Description

    Examine the characteristics and considerations of SSL/TLS and its components. Secure key exchange, protocol versions and considerations, and Public Key Cryptography Standard are also covered.



    Target

    Prerequisites: none

    SECFND: VLANS and Data Visibility

    Course Number:
    it_secfndtv_07_enus
    Lesson Objectives

    SECFND: VLANS and Data Visibility

  • describe the use of a Virtual Local Area Network (VLAN) and recognize its usefulness on a network for segregating data

  • Overview/Description

    Explore Virtual Local Area Networks and why you may want to use one on your network. Examine a demonstration on a potential security risk and discover tips to help mitigate that risk.



    Target

    Prerequisites: none

    SECFND: Windows Host Terminology

    Course Number:
    it_secfndtv_20_enus
    Objectives:

    Overview/Description

    Explore basic Windows terminology, including processes, threads, handles, services, memory allocation, Windows Registry, and WMI.



    Target

    Prerequisites: none

    SECOPS: Analyzing Intrusion Impact

    Course Number:
    it_secopstv_15_enus
    Lesson Objectives

    SECOPS: Analyzing Intrusion Impact

    • compare and contrast impact/no-impact for false positive, false negative, true, positive, and true negative, and also define heuristics
    • interpret a provided event and host file to calculate the impact flag generated by FMC and describe the purpose of FMC

    Overview/Description

    Discover how to analyze the impact of intrusion and explore the concept of heuristics. Walk through how to interpret a provided event and explore the use of Firepower Management Center.



    Target

    Prerequisites: none

    SECOPS: Analyzing Threat Mitigation Reports

    Course Number:
    it_secopstv_01_enus
    Lesson Objectives

    SECOPS: Analyzing Threat Mitigation Reports

    • describe the requirements for the Implementing Cisco Cybersecurity Operations (210-255) exam
    • describe malware detection and mitigation techniques and how to analyze associated reports
    • describe the importance of report analysis for threat mitigation and list some of the tools used for threat mitigation and analysis
    • analyze reports for threat mitigation and use Cuckoo to create a sandbox environment for testing malware

    Overview/Description

    Explore the processes involved in Cisco threat mitigation reporting and how to analyze these reports. Discover features of Cisco's AMP ThreadGRID Suite, including dynamic analysis, network file trajectory, and security intelligence events.



    Target

    Prerequisites: none

    SECOPS: Categorize and Classify Intrusions

    Course Number:
    it_secopstv_20_enus
    Lesson Objectives

    SECOPS: Categorize and Classify Intrusions

    • identify how to stop attacks early and handle intrusions more successfully using a formal Kill Chain process
    • describe the phases of the Kill Chain, each phases' capabilities, and associated Kill Chain tools
    • describe the use of the Diamond Model of Intrusion Analysis and how it helps handle events, and describe how to use the Kill Chain and Diamond Model together for a complete security intelligence model

    Overview/Description

    Discover the Diamond Model of Intrusion Analysis, how it can be used to handle events, and how it can be used in conjunction with Kill Chain for a complete security intelligence model.



    Target

    Prerequisites: none

    SECOPS: CSIRT Goals and Cybersec Elements

    Course Number:
    it_secopstv_17_enus
    Lesson Objectives

    SECOPS: CSIRT Goals and Cybersec Elements

    • describe Computer Security Incident Response Team (CSIRT) and its goals
    • identify server profiling elements and link data types to the PCI, HIPPA, and SOX compliance frameworks, and identify elements that must be protected according to PCI-DSS

    Overview/Description

    Discover the concept of CSIRT and its associated goals. Examine how to link data types to compliance frameworks, such as PCI, HIPPA, and SOX, and identify required protected elements for PCI-DSS.



    Target

    Prerequisites: none

    SECOPS: Data Normalization and 5-Tuple Correlation

    Course Number:
    it_secopstv_18_enus
    Lesson Objectives

    SECOPS: Data Normalization and 5-Tuple Correlation

    • describe the process of normalization, why it's required, and how to give data values a universal format for data analysis
    • describe 5-Tuple, how it correlates in events, and how it can be used to isolate and identify a compromised host in logs

    Overview/Description

    Explore the concept of data normalization and why it should be used. Discover 5-Tuple, how it correlates in events, and how it can be used to identify compromised hosts in logs.



    Target

    Prerequisites: none

    SECOPS: Examining Intrusion Events

    Course Number:
    it_secopstv_13_enus
    Lesson Objectives

    SECOPS: Examining Intrusion Events

  • use various techniques to identify and examine intrusion events

  • Overview/Description

    Explore how to interrupt common artifact elements from an event to identify an alert, identify key intrusion elements from a PCAP file, extract files from a TCP stream given a PCAP file, and work with Wireshark.



    Target

    Prerequisites: none

    SECOPS: Firepower Management Console and Analysis Methods

    Course Number:
    it_secopstv_19_enus
    Lesson Objectives

    SECOPS: Firepower Management Console and Analysis Methods

    • describe how to use Firepower Management Console to look at a threat report and identify a possible compromised host
    • compare and contrast deterministic and probabilistic analysis methods to help with data and events analysis

    Overview/Description

    Explore how to use the Firepower Management Console to examine threat analysis reports and identify possible compromised hosts. Compare and contrast deterministic and probabilistic analysis methods.



    Target

    Prerequisites: none

    SECOPS: Handling Incident Events and Evidence

    Course Number:
    it_secopstv_21_enus
    Lesson Objectives

    SECOPS: Handling Incident Events and Evidence

    • use NIST SP800-61 r2 incident handling to process an incident event and describe the recommended incident handling process
    • describe evidence handling as documented in NIST SP800-86 and its importance in forensics
    • describe how to apply VERIS schema categories to incident handling events

    Overview/Description

    Explore how NIST SP800-61 r2 is used to process an incident event and the recommended incident handling process. Examine evidence handling, as documented in NIST SP800-86 and how to apply VERIS schema categories to incident handling events.



    Target

    Prerequisites: none

    SECOPS: HTTP Headers

    Course Number:
    it_secopstv_11_enus
    Lesson Objectives

    SECOPS: HTTP Headers

    • describe HTTP headers, HTTP basics, and various methods
    • describe PUT, DELETE, TRACE, OPTIONS, CONNECT, content-type, user agent, and referer fields in relation to HTTP headers
    • describe HTTP headers, cookies and their components, double encoding, and common characters used in web attacks

    Overview/Description

    Examine HTTP headers, including a review of the basics, the GET, POST, and HTTP methods, and HEAD. Cookies and their components, double encoding, and common characters used in web attacks are also covered.



    Target

    Prerequisites: none

    SECOPS: ICMP Intrusion

    Course Number:
    it_secopstv_08_enus
    Lesson Objectives

    SECOPS: ICMP Intrusion

    • recognize the importance of ICMP from a security standpoint and identify ICMP header information
    • recognize ICMP types and their associated attack vectors

    Overview/Description

    Discover the importance of ICMP from a security standpoint by reviewing the purpose of ICMP, ICMP types, and header information. Analyzing a packet capture of a ping sweep and recognizing attack vectors is also covered.



    Target

    Prerequisites: none

    SECOPS: ICMP Intrusion Part 2

    Course Number:
    it_secopstv_09_enus
    Lesson Objectives

    SECOPS: ICMP Intrusion Part 2

    • recognize ICMP types and their associated attack vectors, such as firewalking, OS fingerprinting, and ICMP route redirects
    • recognize ICMP types and their associated attack vectors, such as router discovery spoofing, tunneling attack, and Denial of Service

    Overview/Description

    Examine additional ICMP security considerations by exploring attacks like firewalking, OS fingerprinting, ICMP route redirects, router discovery spoofing, and Denial of Service.



    Target

    Prerequisites: none

    SECOPS: Identifying Forensic Evidence

    Course Number:
    it_secopstv_04_enus
    Lesson Objectives

    SECOPS: Identifying Forensic Evidence

    • recognize how to identify, handle, and process digital forensic evidence
    • compare and contrast best, corroborative, and indirect evidence, and describe image types and attribution

    Overview/Description

    Examine the importance of being able to identify, handle, and process digital forensic evidence. Learn about computer forensics, chain of custody, and order of volatility, as well as various evidence types.



    Target

    Prerequisites: none

    SECOPS: Identifying NetFlow v5 Records

    Course Number:
    it_secopstv_12_enus
    Lesson Objectives

    SECOPS: Identifying NetFlow v5 Records

    • describe NetFlow, including fields and flow records, and identify elements from a NetFlow v5 record security event
    • describe flow exporting and monitoring, how to cache information, and StealthWatch

    Overview/Description

    Discover the NetFlow tool and how to identify elements of a security event. Working with flow records, and using StealthWatch is also covered.



    Target

    Prerequisites: none

    SECOPS: Interpreting Regular Expressions

    Course Number:
    it_secopstv_05_enus
    Lesson Objectives

    SECOPS: Interpreting Regular Expressions

    • interpret regular expressions, describe common functions and operators, and filter the output of a Cisco router's configuration output down to pertinent data
    • filter router configuration data and transition to using regular expressions in Wireshark to filter conversations

    Overview/Description

    Explore the process of interpreting regular expressions and refresh your knowledge of RegEx functions and operators. Filter Cisco router configuration output and transitioning to Wireshark to filter conversations is also covered.



    Target

    Prerequisites: none

    SECOPS: Intrusion Event Technologies

    Course Number:
    it_secopstv_14_enus
    Lesson Objectives

    SECOPS: Intrusion Event Technologies

    • describe intrusion event technologies, map provided events to source technologies, and describe DHCP server exhaustion
    • describe intrusion event technologies, including NetFlow, StealthWatch, and FMC
    • describe how alert data, NGFW, TOP information, network application control, proxy logs, and identify and access management relate to intrusion events

    Overview/Description

    Examine intrusion event technologies, including NetFlow, StealthWatch, and Cisco Firepower Management Center. Alert data, NGFW, packet capture, network application control, and Cisco ISE are also covered.



    Target

    Prerequisites: none

    SECOPS: IP Header Security

    Course Number:
    it_secopstv_07_enus
    Lesson Objectives

    SECOPS: IP Header Security

    • recognize the importance of IP headers as a source of security and network information and list IP header components
    • recognize the components of an IP packet header and possible security issues associated with them
    • describe IPv6 header security concerns

    Overview/Description

    Discover the important role IP headers and their components play in security. Examine security concerns associated with IP header components.



    Target

    Prerequisites: none

    SECOPS: Protocol Header Security

    Course Number:
    it_secopstv_06_enus
    Lesson Objectives

    SECOPS: Protocol Header Security

    • recognize the importance of ethernet headers as a security vector and describe common Layer 2 attacks
    • recognize the importance of ethernet headers and their components as a security vector and describe common Layer 2 attacks
    • analyze the packet capture from an ARP spoofing attack and analyze a DHCP starvation attack

    Overview/Description

    Discover the important roles protocol headers and their components play in security. How to analyze common Layer 2 security attacks is also covered.



    Target

    Prerequisites: none

    SECOPS: Responding to Incidents

    Course Number:
    it_secopstv_16_enus
    Lesson Objectives

    SECOPS: Responding to Incidents

    • describe incident response plans and what elements they require according to NIST.SP800-61 r2
    • link elements of an incident response plan to analysis steps in SP800-61 r2 and identify stakeholders that belong in each analysis category

    Overview/Description

    Explore incident response plans, including the elements required by NIST.SP800-61 r2. Discover how to link plan elements to analysis steps, and determine which stakeholders belong in each analysis category.

     



    Target

    Prerequisites: none

    SECOPS: Scoring with CVSS 3.0

    Course Number:
    it_secopstv_02_enus
    Lesson Objectives

    SECOPS: Scoring with CVSS 3.0

    • describe the CVSS 3.0 scoring system, including its uses, maintenance, and metrics
    • calculate a CVSS base score and describe various metrics
    • describe CVSS metrics and qualitative security rating scores

    Overview/Description

    Explore the CVSS 3.0 scoring system, how to calculate scores, and scoring metrics. Calculating a base score using exploitability metrics and working with impact metrics are also covered.



    Target

    Prerequisites: none

    SECOPS: Securing File Systems

    Course Number:
    it_secopstv_03_enus
    Lesson Objectives

    SECOPS: Securing File Systems

    • recognize the importance of file system security and how to handle Windows file systems in a forensically sound way
    • describe the impact of metadata and alternate data stream (ADS) on Windows NTFS file system security and forensics
    • recognize the importance of file system security and how to handle Linux file systems in a forensically sound way

    Overview/Description

    Discover the importance of file system security by looking at file systems supported by the Windows and Linux operating systems. File system forensics, alternate data streams, and timestamps are also covered.



    Target

    Prerequisites: none

    SECOPS: Transport Layer Headers

    Course Number:
    it_secopstv_10_enus
    Lesson Objectives

    SECOPS: Transport Layer Headers

    • describe TCP basic operations, TCP 3-way handshake, and header fields
    • describe TCP 3-way handshake and sequencing, session hijacking, and TCP checksum
    • describe invalid TCP flag combinations, UDP header breakdown, UDP flooding, and UDP max length

    Overview/Description

    Explore transport layer headers, including basic operations, 3-way handshake, header fields, session hijacking, TCP checksums, invalid TCP flag combinations, UDP flooding, and UDP max length.



    Target

    Prerequisites: none

    Close Chat Live