Cisco CCNA Cyber Operations

Course Description:

Security Operation Centers (SOC's) is Place Where a Team of People Constantly Monitor and Analyze Presence of any CyberSecurity Threat in the Organization.

Strict Vigil of all Security Systems is needed to check any sign Security Breaches. CCNA Cyber Op's Prepares Candidates To Work in SOC

Candidates must be Well Versed with Relevant Security Technologies including Firewall IDS-IPS Routers and Switches. Horizon Computers No.1 In Next Generation Security Training Offers CCNA Cyber Op's Certification Training Conducted by Experts Security Trainers at Vashi Vile Parle and Pune Center

"Difficulty Level - Intermediate to Advance"

Course Pre-requisite:

Ideally Candidates must be CCNA R&S and Security Qualified

Course Duration :

40 Hours
Batch Option: Both Regular and Weekend Options

Course Major Objectives:

    Following are The Major Objectives of the Course
  • Learn How to Best Detect and Respond to Security incident
  • Develop Critical Thinking and Problem-Solving Skills using Real Networking and Security Appliances
  • Gain Job Ready Practical Skills Required in SOC
  • Full Preparation of CCNA Cyber Ops Certification Exam

All Courses Idea

CCNA Cyberops is available in Horizon Computers Vashi, Vile Parle, Pune
Session Topic Sub-TopicContents
1 Network Concepts IDescribe the function of the network layers as specified by the OSI and the TCP/IP network models
Describe the operation of these network services
  • ARP
  • DNS
  • DHCP
Describe the basic operation of these network device types
  • Router
  • Switch
  • Hub
  • Bridge
  • Wireless access point (WAP)
  • Wireless LAN controller (WLC)
Describe the functions of these network security systems as deployed on the host, network, or the cloud:
  • Firewall
  • Cisco Intrusion Prevention System (IPS)
  • Cisco Advanced Malware Protection (AMP)
  • Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
  • Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)
Describe IP subnets and communication within an IP subnet and between IP subnets
Describe the relationship between VLANs and data visibility
Describe the operation of ACLs applied as packet filters on the interfaces of network devices
Compare and contrast deep packet inspection with packet filtering and stateful firewall operation
Compare and contrast inline traffic interrogation and taps or traffic mirroring
Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
Identify potential data loss from provided traffic profiles
2 Security Concepts Describe the principles of the defense in depth strategy
Compare and contrast these concepts
  • Risk
  • Threat
  • Vulnerability
  • Exploit
Describe these terms
  • Threat actor
  • Run book automation (RBA)
  • Chain of custody (evidentiary)
  • Reverse engineering
  • Sliding window anomaly detection
  • PII
  • PHI
Describe these security terms
  • Principle of least privilege
  • Risk scoring/risk weighting
  • Risk reduction
  • Risk assessment
Compare and contrast these access control models
  • Discretionary access control
  • Mandatory access control
  • Nondiscretionary access control
Compare and contrast these terms
  • Network and host antivirus
  • Agentless and agent-based protections
  • SIEM and log collection
Describe these concepts
  • Asset management
  • Configuration management
  • Mobile device management
  • Patch management
  • Vulnerability management
3 Cryptography Describe the uses of a hash algorithm
Describe the uses of encryption algorithms
Compare and contrast symmetric and asymmetric encryption algorithms
Describe the processes of digital signature creation and verification
Describe the operation of a PKI
Describe the security impact of these commonly used hash algorithms
  • MD5
  • SHA-1
  • SHA-256
  • SHA-512
Describe the security impact of these commonly used encryption algorithms and secure communications protocols
  • DES
  • 3DES
  • AES
  • AES256-CTR
  • RSA
  • DSA
  • SSH
  • SSL/TLS
Describe how the success or failure of a cryptographic exchange impacts security investigation
Describe these items in regards to SSL/TLS
  • Cipher-suite
  • X.509 certificates
  • Key exchange
  • Protocol version
  • PKCS
4 Host-Based Analysis Define these terms as they pertain to Microsoft Windows
  • Processes
  • Threads
  • Memory allocation
  • Windows Registry
  • WMI
  • Handles
  • Services
Define these terms as they pertain to Linux
  • Processes
  • Forks
  • Permissions
  • Symlinks
  • Daemon
Describe the functionality of these endpoint technologies in regards to security monitoring
  • Host-based intrusion detection
  • Antimalware and antivirus
  • Host-based firewall
  • Application-level whitelisting/blacklisting
  • Systems-based sandboxing (such as Chrome, Java, Adobe reader)
Interpret these operating system log data to identify an event
  • Windows security event logs
  • Unix-based syslog
  • Apache access logs
  • IIS access logs
5 Security Monitoring Identify the types of data provided by these technologies
  • TCP Dump
  • NetFlow
  • Next-Gen firewall
  • Traditional stateful firewall
  • Application visibility and control
  • Web content filtering
  • Email content filtering
Describe these types of data used in security monitoring
  • Full packet capture
  • Session data
  • Transaction data
  • Statistical data
  • Extracted content
  • Alert data
Describe these concepts as they relate to security monitoring
  • Access control list
  • NAT/PAT
  • Tunneling
  • TOR
  • Encryption
  • P2P
  • Encapsulation
  • Load balancing
Describe these NextGen IPS event types
  • Connection event
  • Intrusion event
  • Host or endpoint event
  • Network discovery event
  • NetFlow event
Describe the function of these protocols in the context of security monitoring
  • DNS
  • NTP
  • SMTP/POP/IMAP
  • HTTP/HTTPS
6 Attack Methods Compare and contrast an attack surface and vulnerability
Describe these network attacks
  • Denial of service
  • Distributed denial of service
  • Man-in-the-middle
Describe these web application attacks
  • SQL injection
  • Command injections
  • Cross-site scripting
Describe these attacks
  • Social engineering
  • Phishing
  • Evasion methods
Describe these endpoint-based attacks
  • Buffer overflows
  • Command and control (C2)
  • Malware
  • Rootkit
  • Port scanning
  • Host profiling
Describe these evasion methods
  • Encryption and tunneling
  • Resource exhaustion
  • Traffic fragmentation
  • Protocol-level misinterpretation
  • Pivot
Define privilege escalation
Compare and contrast remote exploit and a local exploit
CCNA Cyberops is available in Horizon Computers Vashi, Vile Parle, Pune
Session Topic Sub-TopicContents
1 Endpoint Threat Analysis and Computer Forensics Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
Describe these terms as they are defined in the CVSS 3.0:
  • Attack vector
  • Attack complexity
  • Privileges required
  • User interaction
  • Scope
Describe these terms as they are defined in the CVSS 3.0
  • Confidentiality
  • Integrity
  • Availability
Define these items as they pertain to the Microsoft Windows file system
  • FAT32
  • NTFS
  • Alternative data streams
  • MACE
  • EFI
  • Free space
  • Timestamps on a file system
Define these terms as they pertain to the Linux file system
  • EXT4
  • Journaling
  • MBR
  • Swap file system
  • MAC
Compare and contrast three types of evidence
  • Best evidence
  • Corroborative evidence
  • Indirect evidence
Compare and contrast two types of image
  • Altered disk image
  • Unaltered disk image
Describe the role of attribution in an investigation
  • Assets
  • Threat actor
2 Network Intrusion Analysis Interpret basic regular expressions
Describe the fields in these protocol headers as they relate to intrusion analysis
  • Ethernet frame
  • IPv4
  • IPv6
  • TCP
  • UDP
  • ICMP
  • HTTP
Identify the elements from a NetFlow v5 record from a security event
Identify these key elements in an intrusion from a given PCAP file
  • Source address
  • Destination address
  • Source port
  • Destination port
  • Protocols
  • Payloads
  • Extract files from a TCP stream when given a PCAP file and Wireshark
Interpret common artifact elements from an event to identify an alert
  • IP address (source / destination)
  • Client and Server Port Identity
  • Process (file or registry)
  • System (API calls)
  • Hashes
  • URI / URL
Map the provided events to these source technologies
  • NetFlow
  • IDS / IPS
  • Firewall
  • Network application control
  • Proxy logs
  • Antivirus
Compare and contrast impact and no impact for these items
  • False Positive
  • False Negative
  • True Positive
  • True Negative
Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)
3 Incident Response Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
Map elements to these steps of analysis based on the NIST.SP800-61 r2
  • Preparation
  • Detection and analysis
  • Containment, eradication, and recovery
  • Post-incident analysis (lessons learned)
Describe the goals of the given CSIRT
  • Internal CSIRT
  • National CSIRT
  • Coordination centers
  • Analysis centers
  • Vendor teams
  • Incident response providers (MSSP)
Identify these elements used for network profiling
  • Total throughput
  • Session duration
  • Ports used
  • Critical asset address space
Identify these elements used for server profiling
  • Listening ports
  • Logged in users/service accounts
  • Running processes
  • Running tasks
  • Applications
Map data types to these compliance frameworks
  • PCI
  • HIPPA (Health Insurance Portability and Accountability Act)
  • SOX
Identify data elements that must be protected with regards to a specific standard (PCI- DSS)
4 Data and Event Analysis Describe the process of data normalization
Interpret common data values into a universal format
Interpret common Describe 5-tuple correlation
Interpret common Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs
Interpret common Describe the retrospective analysis method to find a malicious file, provided file analysis report
Interpret common Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
Interpret common Map DNS logs and HTTP logs together to find a threat actor
Interpret common Map DNS, HTTP, and threat intelligence data together
Interpret common Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
Interpret common Compare and contrast deterministic and probabilistic analysis
5 Incident Handling Classify intrusion events into these categories as defined by the Cyber Kill Chain Model
  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and control
  • Action on objectives
Apply the NIST.SP800-61 r2 incident handling process to an event
Define these activities as they relate to incident handling
  • Identification
  • Scoping
  • Containment
  • Remediation
  • Lesson-based hardening
  • Reporting
Describe these concepts as they are documented in NIST SP800-86
  • Evidence collection order
  • Data integrity
  • Data preservation
  • Volatile data collection
Apply the VERIS schema categories to a given incident