CCNA Cyber Ops SECOPS - Certification Guide 210-255 : Learn the Skills to Pass the 210-255 Certification Exam and Become a Competent SECOPS Associate.

Cover -- Title Page -- Copyright and Credits -- About Packt -- Contributors -- Table of Contents -- Preface -- Section 1: Endpoint Threat Analysis and Forensics -- Chapter 1: Classifying Threats -- Categorizing and communicating threats -- AMP Threat Grid -- Cuckoo Sandbox -- Requirements for CVSS -- Exploitability metrics -- Attack vector -- Attack complexity -- Privileges required -- User interaction -- Impact metrics -- Confidentiality -- Integrity -- Availability -- Scope -- Summary -- Questions -- Further reading -- Chapter 2: Operating System Families -- Starting the operating system -- Basic Input Output System -- Master Boot Record -- Unified Extensible Firmware Interface -- GUID Partition Table -- Booting Windows and Linux -- Filesystems -- File Allocation Table 32 -- New Technology Filesystem -- Extended Filesystem 4 -- Making, finding, accessing, and editing data -- Creating files -- Locating files -- Reading files -- Changes to files and properties -- Deleting files -- Summary -- Questions -- Further reading -- Chapter 3: Computer Forensics and Evidence Handling -- Types of evidence -- Digital forensics versus cybersecurity forensics -- Best evidence -- Direct versus indirect evidence -- Corroborative evidence -- Maintaining evidential value -- Altered disk image -- Unaltered disk image -- Chain of custody -- Attribution -- Asset attribution -- Threat actor attribution -- Summary -- Questions -- Further reading -- Section 2: Intrusion Analysis -- Chapter 4: Identifying Rogue Data from a Dataset -- Using regexes to find normal characters -- Using regexes to find characters in a set -- Using regexes to extract groups of characters -- Using regex logical operators -- Summary -- Questions -- Further reading -- Chapter 5: Warning Signs from Network Data -- Physical and data link layer (Ethernet) frame headers -- Layer 1 -- Preamble.

Start frame delimiter -- Interframe separation -- Layer 2 -- Addressing -- VLAN tagging -- Type/Length fields -- Cyclic redundancy checking -- Network layer (IPv4, IPv6, and ICMP) packet headers -- Internet Protocol (IPv4 and IPv6) -- Version -- IPv4: Internet Header Length, options, and padding -- IPv4 - Type of Service and IPv6 - Traffic Class -- IPv4 - Total Length and IPv6 - Payload Length -- IPv4 - Time-to-Live and IPv6 - Hop Limit -- IPv4 - Protocol and IPv6 - Next Header -- IPv4 - identification and flags -- Source and destination addresses -- ICMP -- Transport layer (TCP and UDP) segment and datagram headers -- TCP -- Source and destination ports -- Sequence and acknowledgment numbers -- Header length -- Flags -- Window -- Checksum -- Urgent pointer -- UDP -- Source and destination port -- Length -- Checksum -- Application layer (HTTP) headers -- Request header -- Request method name -- URI -- HTTP version -- User-Agent -- Response header -- Summary -- Questions -- Further reading -- Chapter 6: Network Security Data Analysis -- PCAP files and Wireshark -- Viewing packet details -- Extracting data using Wireshark -- Alert identification -- Network indicators -- IP address (source/destination) -- Client and server port identity -- URI/URL -- Payload indicators -- Process (file or registry) -- System (API calls) -- Hashes -- Security technologies and their reports -- Network indicators -- NetFlow -- Proxy logs -- Payload indicators -- Antivirus -- Intrusion Detection Systems/Intrusion Prevention Systems -- Firewall -- Network application control -- Evaluating alerts -- Impact flags -- Firepower Management Center priorities -- Analyzing a network and host profile -- Decisions and errors -- True Positive (red and hatched)/True Negative (green and unhatched) -- False Positives (green and hatched) -- False Negatives (red and unhatched) -- Summary.

Questions -- Further reading -- Section 3: Incident Response -- Chapter 7: Roles and Responsibilities During an Incident -- The incident response plan -- Organizational priorities -- Incident response requirement and capability -- Command-and-control -- The stages of an incident -- Preparation -- Detection and analysis -- Containment, eradication, and recovery -- Post-incident analysis (lessons learned) -- Incident response teams -- Internal CSIRT -- Coordination centers -- National CSIRT -- Analysis centers -- Vendor teams -- Managed Security Service Providers -- Summary -- Questions -- Further reading -- Chapter 8: Network and Server Profiling -- Network profiling -- Total throughput -- Session duration -- Ports used -- Critical asset address space -- Server profiling -- Listening ports -- Logged in users/service accounts -- Which users are present? -- Where are users located? -- What privileges and access rights are available? -- Running processes, tasks, and applications -- Summary -- Questions -- Further reading -- Chapter 9: Compliance Frameworks -- Payment Card Industry Data Security Standard -- Protected data elements -- Required actions -- Health Insurance Portability and Accountability Act, 1996 -- Protected health information and covered entities -- Safeguards -- Administrative safeguards -- Physical safeguards -- Technical safeguards -- Sarbanes Oxley Act, 2002 -- Summary -- Questions -- Further reading -- Section 4: Data and Event Analysis -- Chapter 10: Data Normalization and Exploitation -- Creating commonality -- Standardized formatting -- Normalizing data -- Original data -- First normal form -- Second normal form -- Third normal form -- Criticisms -- The IP 5-tuple -- 5-tuple correlation -- Isolating compromised hosts -- Pinpointing threats and victims -- Malicious file identification -- Host identification -- Summary -- Questions.

Further reading -- Chapter 11: Drawing Conclusions from the Data -- Finding a threat actor -- Deterministic and probabilistic analysis -- Data required -- Scope -- Results -- Examples -- Distinguishing and prioritizing significant alerts -- Summary -- Questions -- Further reading -- Section 5: Incident Handling -- Chapter 12: The Cyber Kill Chain Model -- Planning -- Reconnaissance -- Technology -- Personnel -- Defenses -- Weaponization -- Preparation -- Delivery -- Exploitation -- Execution -- Installation -- Command and control -- Action on objectives -- Summary -- Questions -- Further reading -- Chapter 13: Incident-Handling Activities -- VERIS -- Asset -- Actors -- Actions -- Attributes -- The phases of incident handling -- Identification -- Scoping -- Containment -- Remediation -- Lesson-based hardening -- Reporting -- Conducting an investigation -- Evidential collection order -- Data integrity and preservation -- Volatile data collection -- Summary -- Questions -- Further reading -- Section 6: Mock Exams -- Chapter 14: Mock Exam 1 -- Chapter 15: Mock Exam 2 -- Assessments -- Other Books You May Enjoy -- Index.

Cyber-attacks, in their various forms, are increasing in frequency and complexity, causing potential losses to organizations. This book equips readers with the skills required to succeed at 210-255 SECOPS exam, and for those re-sitting, to understand their score report and quickly identify the appropriate sections to concentrate on.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.