Cisco CyberOps Associate CBROPS 200-201

Video description

9+ Hours of Video Instruction

Cisco CyberOps Associate CBROPS 200-201

Video description

9+ Hours of Video Instruction

More than nine hours of video instruction that includes explanations and demonstrations to prepare you to take the Cisco CyberOps Associate CBROPS 200-201 certification exam.

Overview

Cisco CyberOps Associate CBROPS 200-201 Complete Video Course prepares learners to take the CBROPS 200-201 exam. The course starts with the basics of security, including the CIA Triad, various security deployments, threat intelligence, malware, and analysis tools. It then details the various types of attacks and vulnerabilities, and the fundamentals of cryptography and PKI. After a foundation of cybersecurity fundamentals is laid, the course explores security monitoring and data normalization, including the 5-tuple correlation, as well as DNS, web log, deterministic, and probabilistic analysis. It then introduces NetFlow as it specifically applies to cybersecurity and incident response, as well as its various analysis tools. You will learn how to identify the different intrusion event categories and understand the MITRE ATT&CK Framework. The course then gets into the details of digital forensics, including types of evidence and the chain of custody. There are lessons explaining host-based forensics of Windows, Linux, and Mac OSX, as well as a discussion of endpoint security technologies. The course then moves into network intrusion analysis and the various ways to determine whether your system has been attacked before finishing up with “Security Policies and Procedures,” and the fundamentals of incident response.

Through detailed exploration, configuration demos, and troubleshooting implementations, this course methodically guides you through the key topics in the exam. Taught by best-selling authors Omar Santos and Ron Taylor, the Cisco CyberOps Associate CBROPS 200-201 Complete Video Course provides full coverage of the certification, so you have the knowledge you need to study for an pass the exam.

Major topics include:

Security Concepts
Security Monitoring
Host-based Analysis
Network Intrusion Analysis
Security Policies and Procedures

About the Instructors

Omar Santos is a principal engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco’s Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cybersecurity since the mid-1990s. He has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the Worldwide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Omar is an active member of the security community, where he leads several industrywide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar often delivers technical presentations at many cybersecurity conferences. He is the author of more than 20 books and video courses. You can follow Omar on any of the following:

Personal website: omarsantos.io and theartofhacking.org
Twitter: @santosomar
LinkedIn: https://www.linkedin.com/in/santosomar

Ron Taylor has been in the Information Security field for more than 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as an Incident Manager for the Cisco Product Security Incident Response Team (PSIRT). His current role is a Security Architect specializing in the Cisco security product line. He has held a number of industry certifications including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, Pentest+, and MCSE. Ron has also authored books and video courses, is an active member of the security community, Cofounder and President of the Raleigh BSides Security Conference, and a founding member of the Red Team Village at Defcon.

Twitter: @Gu5G0rman
LinkedIn: www.linkedin.com/in/-RonTaylor

Skill Level

Beginner to Intermediate

Learn How To

Presentation on key Cyber Security solutions
Covers all of the objectives in the CCNA Cyber Ops exam
Easy to follow demonstrations of cybersecurity tools, products, and solutions
Scenarios offered to help learners understand real-world applications

Who Should Take This Course

Anyone who wants to obtain their CCNA Cyber Ops certification. This includes security professionals interested in learning how to develop, manage, or improve a security operations center, a CSIRT, PSIRT, or to become a cyber security incident response expert. Anyone wishing to take the CCNA CyberOps exam would also benefit from viewing this course.

Course Requirements

The video course assumes that the learner has the skills to navigate the user interface of a PC running on Microsoft Window, Mac, or Linux and who has completed typical high school-level math courses (mainly that the reader has been exposed to binary math). The course also assumes that the reader has used PCs connected to either a home network or a network inside a school or company, but that the reader might not understand anything about the network to which the PC was connected. It is also assumed that the reader knows how to use typical Internet applications, primarily web browsers, and email clients.

Lesson Descriptions

Module 1, “Security Concepts,” covers the cybersecurity fundamentals, including the CIA Triad, comparing the various security deployments, understanding threat intelligence, malware analysis tools, RBA, and reverse engineering. It then moves into more in-depth concepts such as risk assessment, threats, vulnerabilities, and exploits. The module gets into the details of the access control process and the various types of attacks and vulnerabilities. The last lesson in Module 1 digs into the fundamentals of cryptography and the Public Key Infrastructure, or PKI. The encryption and hashing algorithms are explained, as well as the secure socket layer and digital certificates.

Module 2, “Security Monitoring,” starts with the fundamentals: data normalization and the 5-tuple correlation, as well as DNS, weblog, deterministic, and probabilistic analysis. NetFlow as it specifically applies to cybersecurity and incident response is introduced in this module, as well as its various analysis tools. You will learn how to identify the different intrusion event categories, and gain an understanding of the MITRE ATT&CK Framework.

Module 3, “Host-based Analysis,” gets into the details of digital forensics, including types of evidence and the chain of custody. It then details more of the host-based forensics of Windows, Linux, and Mac OSX. This module finishes with a discussion of endpoint security technologies, including firewalls, antimalware, antivirus, and systems-based sandboxing.

Module 4, “Network Intrusion Analysis,” digs into the various ways to determine whether your system has been attacked, from examining packet captures and protocol headers, to monitoring traffic, and differentiating between true and false negatives. Module 4 will walk you through all the details.

Module 5, “Security Policies and Procedures,” covers the security management side of security, including the management of assets, configuration, mobile devices, patches, and vulnerabilities, as well as explaining PII and PHI. The next lesson covers the fundamentals of incident response, including the scope of the plan and processes, how to share information and coordinate with partners, whether your company aligns with the NIST IR categories, and the structures of the incident response teams. Lastly, this module introduces the VERIS Schema and how it applies to incident response.

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more.

Learn more about Pearson Video training at http://www.informit.com/video .

Introduction

Cisco CyberOps Associate CBROPS 200-201: Introduction

Module 1: Security Concepts

Module introduction

Lesson 1: Cybersecurity Fundamentals

Learning objectives

1.1 Describing the CIA Triad

1.2 Comparing Security Deployments: Network, Endpoint, and Application Security Systems

1.3 Comparing Security Deployments: Agentless and Agent-based Protections

1.4 Comparing Security Deployments: Legacy Antivirus and Antimalware

1.5 Comparing Security Deployments: SIEM, SOAR, and Log Management

1.6 Defining Threat Intelligence

1.7 Defining Threat Hunting

1.8 Understanding Malware Analysis

1.9 Interpreting the Output Report of a Malware Analysis Tool

1.10 Understanding the Different Threat Actor Types

1.11 Defining Run Book Automation (RBA)

1.12 Defining Reverse Engineering

1.13 Understanding the Sliding Window Anomaly Detection

Lesson 2: Comparing Additional Security Concepts

Learning objectives

2.1 Performing Risk Assessment

2.2 Comparing Threats, Vulnerabilities, and Exploits

2.3 Understanding Authentication, Authorization, and Accounting

2.4 Examining the Access Control Process: Terminology and Data Classification

2.5 Examining the Access Control Process: Data States and Policy Roles

2.6 Examining the Access Control Process: Security and Access Control Classification

2.7 Understanding Discretionary Access Control

2.8 Understanding Mandatory Access Control

2.9 Understanding Role-based Access Control

2.10 Understanding Attribute-based Access Control

2.11 Understanding Rule-based Access Control

2.12 Understanding Time-based Access Control

Lesson 3: Types of Attacks and Vulnerabilities

Learning objectives

3.1 Surveying Types of Vulnerabilities

3.2 Understanding Passive Reconnaissance and Social Engineering

3.3 Understanding Active Reconnaissance Port Scanning and Host Profiling

3.4 Understanding Privilege Escalation and Code Execution Attacks

3.5 Understanding Backdoors and Man-in-the-Middle Attacks

3.6 Understanding Denial of Service Attacks

3.7 Surveying Attack Methods for Data Exfiltration

3.8 Understanding ARP Cache Poisoning and Route Manipulation Attacks

3.9 Understanding Password Attacks

3.10 Understanding Wireless Attacks

3.11 Exploring Security Evasion Techniques

3.12 Identifying the Challenges of Data Visibility in Detection

3.13 Identifying Potential Data Loss from Provided Traffic Profiles

3.14 Comparing Rule-based Detection vs. Behavioral and Statistical Detection

Lesson 4: Fundamentals of Cryptography and PKI

Learning objectives

4.1 Understanding the Basic Components of Cryptography

4.2 Introducing Public Key Infrastructure

4.3 Deciphering Encryption Algorithms

4.4 Understanding Hashing Algorithms

4.5 Examining Secure Socket Layer and Transport Layer Security

4.6 Examining Digital Certificates

Module 2: Security Monitoring

Module introduction

Lesson 5: Fundamentals of Security Monitoring

Learning objectives

5.1 Describing Endpoint-based Attacks

5.2 Understanding Data Normalization

5.3 Deconstructing Universal Data Formats

5.4 Understanding the 5-tuple Correlation

5.5 Performing DNS Analysis

5.6 Performing Web Log Analysis

5.7 Performing Deterministic and Probabilistic Analysis

5.8 Understanding Security Monitoring Fundamentals

5.9 Surveying Security Monitoring Tools

5.10 Grasping Security Monitoring Operational Challenges

Lesson 6: NetFlow and IPFIX

Learning objectives

6.1 Introducing NetFlow

6.2 Understanding NetFlow for Cyber Security and Incident Response

6.3 Examining NetFlow Analysis Tools

6.4 Introducing IPFIX

Lesson 7: Intrusion Event Categories

Learning objectives

7.1 Identifying and Mitigating Reconnaissance

7.2 Identifying and Mitigating Weaponization

7.3 Identifying and Mitigating Delivery

7.4 Identifying and Mitigating Exploitation

7.5 Identifying and Mitigating Installation

7.6 Identifying and Mitigating Command and Control

7.7 Understanding Action on Objectives

7.8 Understanding the MITRE ATT Framework

Module 3: Host-based Analysis

Module introduction

Lesson 8: Digital Forensics Fundamentals

Learning objectives

8.1 Examining Types of Evidence

8.2 Understanding Chain of Custody

8.3 Understanding Evidence Collection

8.4 Handling Evidence

8.5 Examining Asset and Threat Actor Attribution

Lesson 9: Host Forensics Basics

Learning objectives

9.1 Understanding Windows Forensics Basics

9.2 Surveying Windows Forensics: Application Processes

9.3 Surveying Windows Forensics: Memory

9.4 Surveying Windows Forensics: The Windows Registry

9.5 Surveying Windows Forensics: Hard Drives, FAT, and NTFS

9.6 Understanding Linux and MAC OS X Forensics Basics

9.7 Examining Web Server Logs

Lesson 10: Endpoint Security Technologies

Learning objectives

10.1 Examining Host-based Intrusion Detection

10.2 Exploring Antimalware and Antivirus

10.3 Understanding Host-based Firewalls

10.4 Exploring Application-level AllowLists/BlockLists

10.5 Exploring Systems-based Sandboxing

Module 4: Network Intrusion Analysis

Module introduction

Lesson 11: Intrusion Analysis

Learning objectives

11.1 Introducing Intrusion Analysis Fundamentals

11.2 Examining Packet Captures

11.3 Examining Protocol Headers

11.4 Analyzing Security Device Data

11.5 Differentiating False Positives, False Negatives, True Positives, and True Negatives

11.6 Comparing Inline Traffic Interrogation and Taps or Traffic Monitoring

11.7 Extracting Files from a TCP Stream When Given a PCAP File and Wireshark

11.8 Interpreting Common Artifact Elements from an Event to Identify an Alert

Module 5: Security Policies and Procedures

Module introduction

Lesson 12: Security Management Concepts

Learning objectives

12.1 Understanding Asset Management

12.2 Understanding Configuration Management

12.3 Understanding Mobile Device Management

12.4 Understanding Patch Management

12.5 Understanding Vulnerability Management

12.6 Introducing PII and PHI

12.7 Describing the Relationship of SOC Metrics to Scope Analysis

Lesson 13: Incident Response Fundamentals

Learning objectives

13.1 Describing Concepts as Documented in NIST.SP800-86

13.2 Mapping the Organization Stakeholders Against the NIST IR Categories

13.3 Scoping the Incident Response Plan and Process

13.4 Understanding Information Sharing and Coordination

13.5 Identifying the Incident Response Team Structure

13.6 Analyzing Computer Incident Response Teams (CSIRTs)

13.7 Analyzing Product Security Incident Response Teams (PSIRTs)

13.8 Surveying Coordination Centers

13.9 Analyzing Managed Security Service Providers Incident Response Teams

13.10 Introducing the Vocabulary for Event Recording and Incident Sharing (VERIS)

13.11 Applying the VERIS Schema to Incident Handling

13.12 Surveying the VERIS Incident Recording Tool and Other Resources

Summary

Cisco CyberOps Associate CBROPS 200-201: Summary

Start your Free Trial

Self paced

Go to the Course
We have partnered with providers to bring you collection of courses, When you buy through links on our site, we may earn an affiliate commission from provider.