CCNA Cyber Ops SECFND #210-250 Official Cert Guide

Modern organizations rely on Security Operations Center (SOC) teams to vigilantly watch security systems, rapidly detect breaches, and respond quickly and effectively. To succeed in these crucial tasks, SOCs desperately need more qualified cybersecurity professionals. Cisco's new CCNA Cyber Ops certification prepares candidates to begin a career working with associate-level cybersecurity analysts within SOCs. To earn this valuable certification, candidates must pass two exams. CCNA Cyber Ops SECFND #210-250 Official Cert Guide is Cisco's official, comprehensive self-study resource for the first of these two exams.

 

Designed for all CCNA Cyber Ops candidates, it covers every SECFND #210-250 objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find:

• Pre-chapter quizzes to assess knowledge upfront and focus your study more efficiently
• Foundation topics sections that explain concepts and configurations, and link theory to practice
• Key topics sections calling attention to every figure, table, and list you must know
• Exam Preparation sections with additional chapter review features
• Final preparation chapter providing tools and a complete final study plan
• A customizable practice test library

This guide offers comprehensive, up-to-date coverage of all SECFND #210-250 topics related to:

• Network concepts
• Security concepts
• Cryptography
• Host based analysis
• Security monitoring
• Attack methods

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

Omar is the author of over a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io, and you can follow Omar on Twitter @santosomar.

Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the U.S. government. Joseph’s current role gives him visibility into the latest trends in cyber security, from both leading vendors and customers. Examples of Joseph’s research include his RSA talk titled “Social Media Deception,” which has been quoted by many sources (search for “Emily Williams Social Engineering”), as well as his articles in PenTest Magazine regarding various security topics.

Joseph runs The Security Blogger website, a popular resource for security, hacking, and product implementation. He is the author and contributor of several publications covering various penetration testing and security topics.

You can follow Joseph at www. thesecurityblogger.com and @SecureBlogger.

Stefano De Crescenzo is a senior incident manager with the Cisco Product Security Incident Response Team (PSIRT), where he focuses on product vulnerability management and Cisco products forensics. He is the author of several blog posts and white papers about security best practices and forensics. He is an active member of the security community and has been a speaker at several security conferences.

Stefano specializes in malware detection and integrity assurance in critical infrastructure devices, and he is the author of integrity assurance guidelines for Cisco IOS, IOS-XE, and ASA.

Stefano holds a B.Sc. and M.Sc. in telecommunication engineering from Politecnico di Milano, Italy, and an M.Sc. in telecommunication from Danish Technical University, Denmark. He is currently pursuing an Executive MBA at Vlerick Business School in Belgium. He also holds a CCIE in Security #26025 and is CISSP and CISM certified.

    Introduction xxv
Part I Network Concepts
Chapter 1 Fundamentals of Networking Protocols and Networking Devices 3
    “Do I Know This Already?” Quiz 3
    Foundation Topics 6
    TCP/IP and OSI Model 6
        TCP/IP Model 6
        Open System Interconnection Model 12
    Layer 2 Fundamentals and Technologies 16
        Ethernet LAN Fundamentals and Technologies 16
        Ethernet Devices and Frame-Forwarding Behavior 20
        Wireless LAN Fundamentals and Technologies 35
    Internet Protocol and Layer 3 Technologies 43
        IPv4 Header 45
        IPv4 Fragmentation 47
        IPv4 Addresses and Addressing Architecture 48
        IP Addresses Assignment and DHCP 57
        IP Communication Within a Subnet and Address Resolution Protocol (ARP) 60
        Intersubnet IP Packet Routing 61
        Routing Tables and IP Routing Protocols 64
    Internet Control Message Protocol (ICMP) 69
    Domain Name System (DNS) 71
    IPv6 Fundamentals 75
        IPv6 Header 78
        IPv6 Addressing and Subnets 79
        Special and Reserved IPv6 Addresses 82
        IPv6 Addresses Assignment, Neighbor Discovery Protocol, and
        DHCPv6 83
    Transport Layer Technologies and Protocols 89
        Transmission Control Protocol (TCP) 90
        User Datagram Protocol (UDP) 98
    Exam Preparation Tasks 100
    Review All Key Topics 100
    Complete Tables and Lists from Memory 103
    Define Key Terms 103
    Q&A 103
    References and Further Reading 106
Chapter 2 Network Security Devices and Cloud Services 109
    “Do I Know This Already?” Quiz 109
    Foundation Topics 112
    Network Security Systems 112
        Traditional Firewalls 112
        Application Proxies 117
        Network Address Translation 117
        Stateful Inspection Firewalls 120
        Next-Generation Firewalls 126
        Personal Firewalls 128
        Intrusion Detection Systems and Intrusion Prevention Systems 128
        Next-Generation Intrusion Prevention Systems 133
        Advance Malware Protection 133
        Web Security Appliance 137
        Email Security Appliance 140
        Cisco Security Management Appliance 142
        Cisco Identity Services Engine 143
    Security Cloud-based Solutions 144
        Cisco Cloud Web Security 145
        Cisco Cloud Email Security 146
        Cisco AMP Threat Grid 147
        Cisco Threat Awareness Service 147
        OpenDNS 148
        CloudLock 148
    Cisco NetFlow 149
        What Is the Flow in NetFlow? 149
        NetFlow vs. Full Packet Capture 151
        The NetFlow Cache 151
    Data Loss Prevention 152
    Exam Preparation Tasks 153
    Review All Key Topics 153
    Complete Tables and Lists from Memory 154
    Define Key Terms 154
    Q&A 154
Part II Security Concepts
Chapter 3 Security Principles 159
    “Do I Know This Already?” Quiz 159
    Foundation Topics 162
    The Principles of the Defense-in-Depth Strategy 162
    What Are Threats, Vulnerabilities, and Exploits? 166
        Vulnerabilities 166
        Threats 167
        Exploits 170
    Confidentiality, Integrity, and Availability: The CIA Triad 171
        Confidentiality 171
        Integrity 171
        Availability 171
    Risk and Risk Analysis 171
    Personally Identifiable Information and Protected Health Information 173
        PII 173
        PHI 174
    Principle of Least Privilege and Separation of Duties 174
        Principle of Least Privilege 174
        Separation of Duties 175
    Security Operation Centers 175
        Runbook Automation 176
    Forensics 177
        Evidentiary Chain of Custody 177
        Reverse Engineering 178
    Exam Preparation Tasks 180
    Review All Key Topics 180
    Define Key Terms 180
    Q&A 181
Chapter 4 Introduction to Access Controls 185
    “Do I Know This Already?” Quiz 185
    Foundation Topics 189
    Information Security Principles 189
    Subject and Object Definition 189
    Access Control Fundamentals 190
        Identification 190
        Authentication 191
        Authorization 193
        Accounting 193
        Access Control Fundamentals: Summary 194
    Access Control Process 195
        Asset Classification 195
        Asset Marking 196
        Access Control Policy 197
        Data Disposal 197
    Information Security Roles and Responsibilities 197
    Access Control Types 199
    Access Control Models 201
        Discretionary Access Control 203
        Mandatory Access Control 204
        Role-Based Access Control 205
        Attribute-Based Access Control 207
    Access Control Mechanisms 210
    Identity and Access Control Implementation 212
        Authentication, Authorization, and Accounting Protocols 212
        Port-Based Access Control 218
        Network Access Control List and Firewalling 221
        Identity Management and Profiling 223
    Network Segmentation 223
        Intrusion Detection and Prevention 227
        Antivirus and Antimalware 231
    Exam Preparation Tasks 233
    Review All Key Topics 233
    Complete Tables and Lists from Memory 234
    Define Key Terms 234
    Q&A 234
    References and Additional Reading 237
Chapter 5 Introduction to Security Operations Management 241
    “Do I Know This Already?” Quiz 241
    Foundation Topics 244
    Introduction to Identity and Access Management 244
        Phases of the Identity and Access Lifecycle 244
        Password Management 246
        Directory Management 250
        Single Sign-On 252
        Federated SSO 255
    Security Events and Logs Management 260
        Logs Collection, Analysis, and Disposal 260
        Security Information and Event Manager 264
    Assets Management 265
        Assets Inventory 266
        Assets Ownership 267
        Assets Acceptable Use and Return Policies 267
        Assets Classification 268
        Assets Labeling 268
        Assets and Information Handling 268
        Media Management 269
    Introduction to Enterprise Mobility Management 269
        Mobile Device Management 271
    Configuration and Change Management 276
        Configuration Management 276
        Change Management 278
    Vulnerability Management 281
        Vulnerability Identification 281
        Vulnerability Analysis and Prioritization 290
        Vulnerability Remediation 294
    Patch Management 295
    References and Additional Readings 299
    Exam Preparation Tasks 302
    Review All Key Topics 302
    Complete Tables and Lists from Memory 303
    Define Key Terms 303
    Q&A 303
Part III Cryptography
Chapter 6 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 309
    “Do I Know This Already?” Quiz 309
    Foundation Topics 311
    Cryptography 311
        Ciphers and Keys 311
        Symmetric and Asymmetric Algorithms 313
        Hashes 314
        Hashed Message Authentication Code 316
        Digital Signatures 317
        Key Management 320
        Next-Generation Encryption Protocols 321
        IPsec and SSL 321
    Fundamentals of PKI 323
        Public and Private Key Pairs 323
        RSA Algorithm, the Keys, and Digital Certificates 324
        Certificate Authorities 324
        Root and Identity Certificates 326
        Authenticating and Enrolling with the CA 328
        Public Key Cryptography Standards 330
        Simple Certificate Enrollment Protocol 330
        Revoking Digital Certificates 330
        Using Digital Certificates 331
        PKI Topologies 331
    Exam Preparation Tasks 334
    Review All Key Topics 334
    Complete Tables and Lists from Memory 334
    Define Key Terms 335
    Q&A 335
Chapter 7 Introduction to Virtual Private Networks (VPNs) 339
    “Do I Know This Already?” Quiz 339
    Foundation Topics 341
    What Are VPNs? 341
    Site-to-site vs. Remote-Access VPNs 341
    An Overview of IPsec 343
        IKEv1 Phase 1 343
        IKEv1 Phase 2 345
        IKEv2 348
    SSL VPNs 348
        SSL VPN Design Considerations 351
    Exam Preparation Tasks 353
    Review All Key Topics 353
    Complete Tables and Lists from Memory 353
    Define Key Terms 353
    Q&A 353
Part IV Host-Based Analysis
Chapter 8 Windows-Based Analysis 357
    “Do I Know This Already?” Quiz 357
    Foundation Topics 360
    Process and Threads 360
    Memory Allocation 362
    Windows Registration 364
    Windows Management Instrumentation 366
    Handles 368
    Services 369
    Windows Event Logs 372
    Exam Preparation Tasks 375
    Review All Key Topics 375
    Define Key Terms 375
    Q&A 375
    References and Further Reading 377
Chapter 9 Linux- and Mac OS X—Based Analysis 379
    “Do I Know This Already?” Quiz 379
    Foundation Topics 382
    Processes 382
    Forks 384
    Permissions 385
    Symlinks 390
    Daemons 391
    UNIX-Based Syslog 392
    Apache Access Logs 396
    Exam Preparation Tasks 398
    Review All Key Topics 398
    Complete Tables and Lists from Memory 398
    Define Key Terms 398
    Q&A 399
    References and Further Reading 400
Chapter 10 Endpoint Security Technologies 403
    “Do I Know This Already?” Quiz 403
    Foundation Topics 406
    Antimalware and Antivirus Software 406
    Host-Based Firewalls and Host-Based Intrusion Prevention 408
    Application-Level Whitelisting and Blacklisting 410
    System-Based Sandboxing 411
    Exam Preparation Tasks 414
    Review All Key Topics 414
    Complete Tables and Lists from Memory 414
    Define Key Terms 414
    Q&A 414
Part V Security Monitoring and Attack Methods
Chapter 11 Network and Host Telemetry 419
    “Do I Know This Already?” Quiz 419
    Foundation Topics 422
    Network Telemetry 422
        Network Infrastructure Logs 422
        Traditional Firewall Logs 426
        Syslog in Large Scale Environments 430
        Next-Generation Firewall and Next-Generation IPS Logs 437
        NetFlow Analysis 445
        Cisco Application Visibility and Control (AVC) 469
        Network Packet Capture 470
        Wireshark 473
        Cisco Prime Infrastructure 474
    Host Telemetry 477
        Logs from User Endpoints 477
        Logs from Servers 481
    Exam Preparation Tasks 483
    Review All Key Topics 483
    Complete Tables and Lists from Memory 483
    Define Key Terms 483
    Q&A 484
Chapter 12 Security Monitoring Operational Challenges 487
    “Do I Know This Already?” Quiz 487
    Foundation Topics 490
    Security Monitoring and Encryption 490
    Security Monitoring and Network Address Translation 491
    Security Monitoring and Event Correlation Time Synchronization 491
    DNS Tunneling and Other Exfiltration Methods 491
    Security Monitoring and Tor 493
    Security Monitoring and Peer-to-Peer Communication 494
    Exam Preparation Tasks 495
    Review All Key Topics 495
    Define Key Terms 495
    Q&A 495
Chapter 13 Types of Attacks and Vulnerabilities 499
    “Do I Know This Already?” Quiz 499
    Foundation Topics 502
    Types of Attacks 502
        Reconnaissance Attacks 502
        Social Engineering 504
        Privilege Escalation Attacks 506
        Backdoors 506
        Code Execution 506
        Man-in-the Middle Attacks 506
        Denial-of-Service Attacks 507
        Attack Methods for Data Exfiltration 510
        ARP Cache Poisoning 511
        Spoofing Attacks 512
        Route Manipulation Attacks 513
        Password Attacks 513
        Wireless Attacks 514
    Types of Vulnerabilities 514
    Exam Preparation Tasks 518
    Review All Key Topics 518
    Define Key Terms 518
    Q&A 518
Chapter 14 Security Evasion Techniques 523
    “Do I Know This Already?” Quiz 523
    Foundation Topics 526
    Encryption and Tunneling 526
        Key Encryption and Tunneling Concepts 531
    Resource Exhaustion 531
    Traffic Fragmentation 532
    Protocol-Level Misinterpretation 533
    Traffic Timing, Substitution, and Insertion 535
    Pivoting 536
    Exam Preparation Tasks 541
    Review All Key Topics 541
    Complete Tables and Lists from Memory 541
    Define Key Terms 541
    Q&A 541
    References and Further Reading 543
Part VI Final Preparation
Chapter 15 Final Preparation 545
    Tools for Final Preparation 545
        Pearson Cert Practice Test Engine and Questions on the Website 545
        Customizing Your Exams 547
        Updating Your Exams 547
        The Cisco Learning Network 548
        Memory Tables 548
        Chapter-Ending Review Tools 549
    Suggested Plan for Final Review/Study 549
    Summary 549
Part VII Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A
Questions 551
Glossary 571
Elements Available on the Book Website
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
9781587147029, TOC, 3/9/2017