Cisco Certified CyberOps Associate 200-201 Certification Guide

(ebook) (audiobook) (audiobook)

Autor:: Glen D. Singh

Cisco Certified CyberOps Associate 200-201 Certification Guide Glen D. Singh - okładka książki

Cisco Certified CyberOps Associate 200-201 Certification Guide Glen D. Singh - okładka audiobooka MP3

Cisco Certified CyberOps Associate 200-201 Certification Guide Glen D. Singh - okładka audiobooks CD

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 660
Dostępne formaty::      PDF

     ePub

     Mobi

Ebook

149,00 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Achieving the Cisco Certified CyberOps Associate 200-201 certification helps you to kickstart your career in cybersecurity operations. This book offers up-to-date coverage of 200-201 exam resources to fully equip you to pass on your first attempt.

The book covers the essentials of network security concepts and shows you how to perform security threat monitoring. You'll begin by gaining an in-depth understanding of cryptography and exploring the methodology for performing both host and network-based intrusion analysis. Next, you'll learn about the importance of implementing security management and incident response strategies in an enterprise organization. As you advance, you'll see why implementing defenses is necessary by taking an in-depth approach, and then perform security monitoring and packet analysis on a network. You'll also discover the need for computer forensics and get to grips with the components used to identify network intrusions. Finally, the book will not only help you to learn the theory but also enable you to gain much-needed practical experience for the cybersecurity industry.

By the end of this Cisco cybersecurity book, you'll have covered everything you need to pass the Cisco Certified CyberOps Associate 200-201 certification exam, and have a handy, on-the-job desktop reference guide.

Wybrane bestsellery

Glen D. Singh - pozostałe książki

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Oceny i opinie klientów: Cisco Certified CyberOps Associate 200-201 Certification Guide Glen D. Singh (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły książki

Tytuł oryginału:: Cisco Certified CyberOps Associate 200-201 Certification Guide
ISBN Ebooka:: 978-18-005-6348-3, 9781800563483
Data wydania ebooka:: 2021-06-04 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 23.1MB
Rozmiar pliku ePub:: 42.9MB
Rozmiar pliku Mobi:: 99.1MB

Kategorie:
Hacking » Bezpieczeństwo sieci
Sieci komputerowe » Cisco

Spis treści książki

Cisco Certified CyberOps Associate 200-201 Certification Guide
Contributors
About the author
About the reviewers
Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Code in Action
- Download the color images
- Conventions used
- Get in touch
- Reviews
Section 1: Network and Security Concepts
Chapter 1: Exploring Networking Concepts
- Technical requirements
- The functions of the network layers
  - The OSI reference model
  - The TCP/IP protocol suite
- Understanding the purpose of various network protocols
  - Transmission Control Protocol
  - User Datagram Protocol
  - Internet Protocol
  - The Internet Control Message Protocol
  - Lab inspecting ICMP messages with Wireshark
- Summary
- Questions
- Further reading
Chapter 2: Exploring Network Components and Security Systems
- Technical requirements
- Exploring various network services
  - Address Resolution Protocol
  - Domain Name System
  - Dynamic Host Configuration Protocol
- Discovering the role and operations of network devices
  - Hubs
  - Switches
  - Layer 3 switches
  - Routers
  - Wireless Access Point (WAP)
  - Wireless LAN Controller (WLC)
- Describing the functions of Cisco network security systems
  - Firewall
  - Cisco Intrusion Prevention System (IPS)
  - Web Security Appliance
  - Email Security Appliance
  - Cisco Advanced Malware Protection
- Summary
- Questions
- Further reading
Chapter 3: Discovering Security Concepts
- Introducing the principles of defense in depth
  - Confidentiality
  - Integrity
  - Availability
  - Combining the three pillars
- Exploring security terminologies
  - Threats, vulnerabilities, and exploits
  - Identifying threat actors
  - Understanding runbook automation
  - Chain of custody
  - Reverse engineering
  - PII and PHI
  - Understanding risk
- Exploring access control models
  - Discretionary access control
  - Mandatory access control
  - Rule-based access control
  - Time-based access control
  - Role-based access control
  - Authentication, authorization, and accounting
- Understanding security deployment
- Summary
- Questions
Section 2: Principles of Security Monitoring
Chapter 4: Understanding Security Principles
- Technical requirements
- Understanding a security operation center
  - Types of SOC
  - Elements of an SOC
- Understanding the security tools used to inspect data types on a network
  - Attack surface and vulnerability
  - tcpdump
  - NetFlow
  - Application visibility and control
  - Web content filtering
  - Email content filtering
- Understanding the impact of data visibility through networking technologies
  - Access control lists
  - NAT and PAT
  - Tunneling, encapsulation, and encryption
  - Peer-to-Peer (P2P) and TOR
  - Load balancing
  - Next-gen IPS event types
- Understanding how threat actors transport malicious code
  - The domain name system
  - The Network Time Protocol
  - Web-based traffic
  - Email-based traffic
- Delving into data types used during security monitoring
  - Session data
  - Transaction data
  - Full packet capture
  - Statistical data
  - Extracted content (metadata)
  - Alert data
- Summary
- Questions
- Further reading
Chapter 5: Identifying Attack Methods
- Understanding network-based attacks
  - Denial of Service
  - Protocol-based attacks
  - Distributed Denial of Service
  - Man-in-the-middle
- Exploring web application attacks
  - SQL injection
  - Command injection
  - Cross-site scripting
  - Cross-site request forgery
- Delving into social engineering attacks
  - Key elements of social engineering
  - Types of social engineering attacks
- Understanding endpoint-based attacks
  - Buffer overflows
  - Command and control (C2)
  - Malware and ransomware
- Interpreting evasion and obfuscation techniques
- Summary
- Questions
- Further reading
Chapter 6: Working with Cryptography and PKI
- Technical requirements
- Understanding the need for cryptography
  - Elements of cryptography
- Types of ciphers
  - Substitution cipher
  - Transposition cipher
- Understanding cryptanalysis
- Understanding the hashing process
  - Describing hashing algorithms
  - Lab Comparing hashes
- Exploring symmetric encryption algorithms
  - Symmetric algorithms
- Delving into asymmetric encryption algorithms
- Understanding PKI
  - Components of PKI
  - PKI trust system
  - Lab Observing the exchange of digital certificates
- Using cryptography in wireless security
- Summary
- Questions
- Further reading
Section 3: Host and Network-Based Analysis
Chapter 7: Delving into Endpoint Threat Analysis
- Technical requirements
- Understanding endpoint security technologies
  - Anti-malware and antivirus
  - Host-based firewall
  - Host-based intrusion detection
  - Application-level whitelisting/blacklisting
  - Systems-based sandboxing
- Understanding Microsoft Windows components
  - Processes, threads, and services
  - The Windows paging file
  - Windows registry
  - Windows Management Instrumentation
  - Monitoring tools
- Exploring Linux components
  - Linux Terminal
  - Viewing directories
  - Log files
  - Monitoring resources
- Summary
- Questions
- Further reading
Chapter 8: Interpreting Endpoint Security
- Technical requirements
- Exploring the Microsoft Windows filesystem
  - Filesystems
  - Alternate data streams
- Delving into the Linux filesystem
- Understanding the CVSS
  - CVSS metrics
- Working with malware analysis tools
  - Lab exercise Building a malware analysis sandbox
- Summary
- Questions
Chapter 9: Exploring Computer Forensics
- Technical requirements
- Understanding the need for computer forensics
  - Understanding the process of digital forensics
  - Understanding the chain of custody
  - Understanding volatility of evidence
- Understanding types of evidence
- Contrasting tampered and untampered disk images
  - Lab capturing a disk image on Linux
  - Lab using FTK Imager to capture a disk image on Microsoft Windows
- Tools commonly used during a forensics investigation
- Understanding the role of attribution in an investigation
- Summary
- Questions
- Further reading
Chapter 10: Performing Intrusion Analysis
- Technical requirements
- Identifying intrusion events based on source technologies
  - IDS/IPS
  - Firewall
  - Network application control
  - Proxy logs
  - Antivirus
  - Elements of NetFlow and transactional data
- Stateful and deep packet firewall operations
  - DPI firewall
  - Stateful firewall
  - Packet filtering
- Comparing inline traffic interrogation techniques
- Understanding impact and no impact on intrusion
- Protocol headers in intrusion analysis
  - Ethernet frame
  - IPv4 and IPv6
  - TCP
  - UDP
  - ICMP
  - SMTP
  - HTTP and HTTPS
  - ARP
- Packet analysis using a PCAP file and Wireshark
  - Lab packet analysis using Wireshark
- Summary
- Questions
- Further reading
Section 4: Security Policies and Procedures
Chapter 11: Security Management Techniques
- Technical requirements
- Identifying common artifact elements
- Interpreting basic regular expressions
  - Lab using regexes to find specific data values
- Understanding asset management
- Delving into configuration and mobile device management
- Exploring patch and vulnerability management
- Summary
- Questions
- Further reading
Chapter 12: Dealing with Incident Response
- Understanding the incident handling process
  - Understanding the phases of incident handling
- Exploring CSIRT teams and their responsibilities
- Delving into network and server profiling
  - Network profiling
  - Server profiling
- Comparing compliance frameworks
  - PCI DSS
  - HIPAA
  - SOX
- Summary
- Questions
- Further reading
Chapter 13: Implementing Incident Handling
- Understanding the NIST SP 800-86 components
  - Evidence collection order and volatility
  - Data acquisition and integrity
- Sharing information using VERIS
- Exploring the Cyber Kill Chain
  - Reconnaissance
  - Weaponization
  - Delivery
  - Exploitation
  - Installation
  - Command and Control (C2)
  - Actions on objectives
- Delving into the Diamond Model of Intrusion Analysis
- Identifying protected data in a network
  - Personally Identifiable Information (PII)
  - Personal Security Information (PSI)
  - Protected Health Information (PHI)
  - Intellectual property
- Summary
- Questions
- Further reading
Chapter 14: Implementing Cisco Security Solutions
- Technical requirements
- Implementing AAA in a Cisco environment
  - Part 1 Configuring IP addresses on host devices
  - Part 2 Configuring RADIUS and TACACS+ services
  - Part 3 Configuring local AAA on the R1 router
  - Part 4 Configuring server-based AAA using RADIUS
  - Part 5 Configuring server-based AAA using TACACS+
  - Part 6 Verification
- Deploying a zone-based firewall
  - Part 1 Configuring IP addresses on PC 1 and the web server
  - Part 2 Enabling the security technology license on the HQ router
  - Part 3 Configuring IP addresses and routes on HQ and ISP routers
  - Part 4 Creating security zones
  - Part 5 Identifying traffic
  - Part 6 Creating a policy map to define the action of matching traffic
  - Part 7 Identifying the zone pair and match policy
  - Part 8 Assigning the security zones to the interface
  - Part 9 Verification
- Configuring an IPS
  - Part 1 Configuring IP addresses on end devices
  - Part 2 Enabling the security technology license on the HQ router
  - Part 4 Configuring the IPS signature storage location and rule on HQ
  - Part 5 Configuring the logging of IPS events
  - Part 6 Configuring IPS with signature categories
  - Part 7 Applying the IPS rule to an interface
  - Part 8 Creating an alert and dropping inbound ICMP Echo Reply packets
  - Part 3 Configuring IP addresses and routes on HQ and ISP routers
  - Part 9 Verification
- Summary
- Further reading
Chapter 15: Working with Cisco Security Solutions
- Technical requirements
- Implementing secure protocols on Cisco devices
  - Part 1 Configuring IP addresses on host devices
  - Part 2 Configuring the Syslog and NTP servers
  - Part 3 Configuring hostnames, banners, and IP addresses on routers
  - Part 4 Configuring OSPFv2 routing with authentication
  - Part 5 Configuring NTP with authentication
  - Part 6 Configuring Syslog
  - Part 7 Implementing secure remote access using SSH
  - Part 8 Verification
- Deploying Layer 2 security controls
  - Part 1 Configuring end devices and the DHCP server
  - Part 2 Securing STP
  - Part 3 Configuring DHCP snooping with ARP inspection
  - Part 4 Verification
- Configuring a Cisco ASA firewall
  - Part 1 Configuring the ISP router and end devices
  - Part 2 Performing basic ASA configurations
  - Part 3 Configuring security zones and interfaces
  - Part 4 Assigning the physical interfaces to a security zone
  - Part 5 Configuring routing and NAT
  - Part 6 Configuring the Cisco MPF
  - Part 7 Configuring DHCP and remote access
  - Part 8 Configuring the DMZ
  - Part 9 Verification
- Summary
Chapter 16: Real-World Implementation and Best Practices
- Technical requirements
- Implementing an open source SIEM tool
  - Part 1 Creating a virtual environment
  - Part 2 Installing OSSIM
  - Part 3 Getting started with AlienVault OSSIM
- Implementing tools to perform the active scanning of assets
  - Part 1 Setting up Kali Linux
  - Part 2 Acquiring and installing Nessus
  - Part 3 Performing a vulnerability scan
- Using open source breach and attack simulation tools
  - Part 1 Installing Infection Monkey
  - Part 2 Setting up C2
  - Part 3 Breach and attack reporting
- Implementing an open source honeypot platform
  - Part 1 Creating the virtual environment
  - Part 2 Installing the honeypot platform
  - Part 3 Initializing the honeypot and its applications
  - Part 4 Accessing the honeypot dashboard
- Summary
Chapter 17: Mock Exam 1
Chapter 18: Mock Exam 2
- Questions
Assessment
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 12
- Chapter 13
- Chapter 17
- Chapter 18
- Why subscribe?
Other Books You May Enjoy
- Packt is searching for authors like you
- Leave a review - let other readers know what you think

pokaż cały spis treści