Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 Official Cert Guide

Name: Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 Official Cert Guide
Price: 411 SEK
Availability: InStock

AvOmar Santos

2021

Del i serien Certification Guide

411 kr

Beställningsvara. Skickas inom 7-10 vardagar. Fri frakt över 249 kr.

Beskrivning

Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 Official Cert Guide presents you with an organized test-preparation routine using proven series elements and techniques. Do I Know This Already? quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

Stay ahead with the latest AI-driven Cisco Cybersecurity Operations Fundamentals exam updates (v1.2) and download your free digital supplement from the companion website by registering your product.

Master Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 exam topics
Assess your knowledge with chapter-opening quizzes
Review key concepts with exam preparation tasks
Practice with realistic exam questions in the practice test software

Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Leading Cisco technology expert Omar Santos shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

A test-preparation routine proven to help you pass the exam
Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section
Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
The powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
A video mentoring lesson from the authors Complete Video Course
A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time

Produktinformation

Utgivningsdatum:2021-03-05
Höjd:193 x 234 x 38 mm
Vikt:1 303 g
Språk:Engelska
Serie:Certification Guide
Antal sidor:688
Upplaga:1
Förlag:Pearson Education
EAN:9780136807834

Utforska kategorier

Nätverk och kommunikation inom Data och IT
It-certifieringar inom Data och IT

Mer om författaren

Omar Santos is an active member of the security community, where he leads several industrywide initiatives. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of the critical infrastructure. Omar is the chair of the OASIS Common Security Advisory Framework (CSAF) technical committee, the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group, and the co-lead of the DEF CON Red Team Village. Omar is the author of more than 20 books and video courses as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as TheRegister, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune Magazine, Ars Technica, and more. You can follow Omar on Twitter @santosomar.

Innehållsförteckning

Introduction xxviChapter 1 Cybersecurity Fundamentals 2“Do I Know This Already?” Quiz 3Foundation Topics 8Introduction to Cybersecurity 8Cybersecurity vs. Information Security (Infosec) 8The NIST Cybersecurity Framework 9Additional NIST Guidance and Documents 9The International Organization for Standardization 10Threats, Vulnerabilities, and Exploits 10What Is a Threat? 10What Is a Vulnerability? 11What Is an Exploit? 13Risk, Assets, Threats, and Vulnerabilities 15Threat Actors 17Threat Intelligence 17Threat Intelligence Platform 19Vulnerabilities, Exploits, and Exploit Kits 20SQL Injection 21HTML Injection 22Command Injection 22Authentication-Based Vulnerabilities 22Cross-Site Scripting 25Cross-Site Request Forgery 27Cookie Manipulation Attacks 27Race Conditions 27Unprotected APIs 27Return-to-LibC Attacks and Buffer Overflows 28OWASP Top 10 29Security Vulnerabilities in Open-Source Software 29Network Security Systems 30Traditional Firewalls 30Firewalls in the Data Center 42Virtual Firewalls 44Deep Packet Inspection 44Next-Generation Firewalls 45Intrusion Detection Systems and Intrusion Prevention Systems 46Pattern Matching and Stateful Pattern-Matching Recognition 47Protocol Analysis 48Heuristic-Based Analysis 49Anomaly-Based Analysis 49Global Threat Correlation Capabilities 50Next-Generation Intrusion Prevention Systems 50Firepower Management Center 50Advanced Malware Protection 50AMP for Endpoints 50AMP for Networks 53Web Security Appliance 54Email Security Appliance 58Cisco Security Management Appliance 60Cisco Identity Services Engine 60Security Cloud-Based Solutions 62Cisco Cloud Email Security 62Cisco AMP Threat Grid 62Umbrella (OpenDNS) 63Stealthwatch Cloud 63CloudLock 64Cisco NetFlow 64Data Loss Prevention 65The Principles of the Defense-in-Depth Strategy 66Confidentiality, Integrity, and Availability: The CIA Triad 69Confidentiality 69Integrity 70Availability 70Risk and Risk Analysis 70Personally Identifiable Information and Protected Health Information 72PII 72PHI 72Principle of Least Privilege and Separation of Duties 73Principle of Least Privilege 73Separation of Duties 73Security Operations Centers 74Playbooks, Runbooks, and Runbook Automation 75Digital Forensics 76Exam Preparation Tasks 78Chapter 2 Introduction to Cloud Computing and Cloud Security 82“Do I Know This Already?” Quiz 82Foundation Topics 84Cloud Computing and the Cloud Service Models 84Cloud Security Responsibility Models 86Patch Management in the Cloud 88Security Assessment in the Cloud 88DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 88The Agile Methodology 89DevOps 90CI/CD Pipelines 90The Serverless Buzzword 92A Quick Introduction to Containers and Docker 92Container Management and Orchestration 94Understanding the Different Cloud Security Threats 95Cloud Computing Attacks 97Exam Preparation Tasks 99Chapter 3 Access Control Models 102“Do I Know This Already?” Quiz 102Foundation Topics 105Information Security Principles 105Subject and Object Definition 106Access Control Fundamentals 107Identification 107Authentication 108Authorization 110Accounting 110Access Control Fundamentals: Summary 110Access Control Process 111Asset Classification 112Asset Marking 113Access Control Policy 114Data Disposal 114Information Security Roles and Responsibilities 115Access Control Types 117Access Control Models 119Discretionary Access Control 121Mandatory Access Control 122Role-Based Access Control 123Attribute-Based Access Control 125Access Control Mechanisms 127Identity and Access Control Implementation 129Authentication, Authorization, and Accounting Protocols 130Port-Based Access Control 135Network Access Control List and Firewalling 138Identity Management and Profiling 140Network Segmentation 141Intrusion Detection and Prevention 144Antivirus and Antimalware 148Exam Preparation Tasks 149Chapter 4 Types of Attacks and Vulnerabilities 152“Do I Know This Already?” Quiz 152Foundation Topics 154Types of Attacks 154Reconnaissance Attacks 154Social Engineering 160Privilege Escalation Attacks 162Backdoors 163Buffer Overflows and Code Execution 163Man-in-the Middle Attacks 165Denial-of-Service Attacks 166Direct DDoS 166Botnets Participating in DDoS Attacks 167Reflected DDoS Attacks 167Attack Methods for Data Exfiltration 168ARP Cache Poisoning 169Spoofing Attacks 170Route Manipulation Attacks 171Password Attacks 171Wireless Attacks 172Types of Vulnerabilities 172Exam Preparation Tasks 174Chapter 5 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 178“Do I Know This Already?” Quiz 178Foundation Topics 182Cryptography 182Ciphers and Keys 182Keys 183Key Management 183Block and Stream Ciphers 183Block Ciphers 184Stream Ciphers 184Symmetric and Asymmetric Algorithms 184Symmetric Algorithms 184Asymmetric Algorithms 185Elliptic Curve 186Quantum Cryptography 187More Encryption Types 187Hashes 189Hashed Message Authentication Code 191Digital Signatures 192Digital Signatures in Action 192Next-Generation Encryption Protocols 195IPsec and SSL/TLS 196IPsec 196Secure Sockets Layer and Transport Layer Security 196SSH 198Fundamentals of PKI 199Public and Private Key Pairs 199RSA Algorithm, the Keys, and Digital Certificates 199Certificate Authorities 200Root and Identity Certificates 202Root Certificate 202Identity Certificates 204X.500 and X.509v3 204Authenticating and Enrolling with the CA 205Public Key Cryptography Standards 206Simple Certificate Enrollment Protocol 206Revoking Digital Certificates 207Using Digital Certificates 207PKI Topologies 208Cross-Certifying CAs 208Exam Preparation Tasks 209Chapter 6 Introduction to Virtual Private Networks (VPNs) 212“Do I Know This Already?” Quiz 212Foundation Topics 214What Are VPNs? 214Site-to-Site vs. Remote-Access VPNs 215An Overview of IPsec 216IKEv1 Phase 1 217IKEv1 Phase 2 220IKEv2 222SSL VPNs 225SSL VPN Design Considerations 227Exam Preparation Tasks 229Chapter 7 Introduction to Security Operations Management 232“Do I Know This Already?” Quiz 232Foundation Topics 235Introduction to Identity and Access Management 235Phases of the Identity and Access Life Cycle 235Password Management 236Directory Management 241Single Sign-On 243Federated SSO 246Security Events and Log Management 251Log Collection, Analysis, and Disposal 251Security Information and Event Manager 255Security Orchestration, Automation, and Response (SOAR) 257SOC Case Management (Ticketing) Systems 257Asset Management 257Asset Inventory 258Asset Ownership 259Asset Acceptable Use and Return Policies 259Asset Classification 260Asset Labeling 260Asset and Information Handling 260Media Management 260Introduction to Enterprise Mobility Management 261Mobile Device Management 263Configuration and Change Management 268Configuration Management 268Change Management 270Vulnerability Management 273Vulnerability Identification 273Vulnerability Analysis and Prioritization 282Vulnerability Remediation 286Patch Management 287Exam Preparation Tasks 291Chapter 8 Fundamentals of Intrusion Analysis 294“Do I Know This Already?” Quiz 294Foundation Topics 299Introduction to Incident Response 299The Incident Response Plan 301The Incident Response Process 302The Preparation Phase 302The Detection and Analysis Phase 302Containment, Eradication, and Recovery 303Post-Incident Activity (Postmortem) 304Information Sharing and Coordination 304Incident Response Team Structure 307Computer Security Incident Response Teams 307Product Security Incident Response Teams 309National CSIRTs and Computer Emergency Response Teams 314Coordination Centers 315Incident Response Providers and Managed Security Service Providers (MSSPs) 315Common Artifact Elements and Sources of Security Events 316The 5-Tuple 317File Hashes 320Tips on Building Your Own Lab 321False Positives, False Negatives, True Positives, and True Negatives 326Understanding Regular Expressions 327Protocols, Protocol Headers, and Intrusion Analysis 330How to Map Security Event Types to Source Technologies 333Exam Preparation Tasks 335Chapter 9 Introduction to Digital Forensics 338“Do I Know This Already?” Quiz 338Foundation Topics 341Introduction to Digital Forensics 341The Role of Attribution in a Cybersecurity Investigation 342The Use of Digital Evidence 342Defining Digital Forensic Evidence 343Understanding Best, Corroborating, and Indirect or Circumstantial Evidence 343Collecting Evidence from Endpoints and Servers 344Using Encryption 345Analyzing Metadata 345Analyzing Deleted Files 346Collecting Evidence from Mobile Devices 346Collecting Evidence from Network Infrastructure Devices 346Evidentiary Chain of Custody 348Reverse Engineering 351Fundamentals of Microsoft Windows Forensics 353Processes, Threads, and Services 353Memory Management 356Windows Registry 357The Windows File System 359FAT 360NTFS 361Fundamentals of Linux Forensics 362Linux Processes 362Ext4 366Journaling 366Linux MBR and Swap File System 366Exam Preparation Tasks 367Chapter 10 Network Infrastructure Device Telemetry and Analysis 370“Do I Know This Already?” Quiz 370Foundation Topics 373Network Infrastructure Logs 373Network Time Protocol and Why It Is Important 374Configuring Syslog in a Cisco Router or Switch 376Traditional Firewall Logs 378Console Logging 378Terminal Logging 379ASDM Logging 379Email Logging 379Syslog Server Logging 379SNMP Trap Logging 379Buffered Logging 379Configuring Logging on the Cisco ASA 379Syslog in Large-Scale Environments 381Splunk 381Graylog 381Elasticsearch, Logstash, and Kibana (ELK) Stack 382Next-Generation Firewall and Next-Generation IPS Logs 385NetFlow Analysis 395What Is a Flow in NetFlow? 399The NetFlow Cache 400NetFlow Versions 401IPFIX 402IPFIX Architecture 403IPFIX Mediators 404IPFIX Templates 404Commercial NetFlow Analysis Tools 404Big Data Analytics for Cybersecurity Network Telemetry 411Cisco Application Visibility and Control (AVC) 413Network Packet Capture 414tcpdump 415Wireshark 417Network Profiling 418Throughput 419Measuring Throughput 421Used Ports 423Session Duration 424Critical Asset Address Space 424Exam Preparation Tasks 427Chapter 11 Endpoint Telemetry and Analysis 430“Do I Know This Already?” Quiz 430Foundation Topics 435Understanding Host Telemetry 435Logs from User Endpoints 435Logs from Servers 440Host Profiling 441Listening Ports 441Logged-in Users/Service Accounts 445Running Processes 448Applications Identification 450Analyzing Windows Endpoints 454Windows Processes and Threads 454Memory Allocation 456The Windows Registry 458Windows Management Instrumentation 460Handles 462Services 463Windows Event Logs 466Linux and macOS Analysis 468Processes in Linux 468Forks 471Permissions 472Symlinks 479Daemons 480Linux-Based Syslog 481Apache Access Logs 484NGINX Logs 485Endpoint Security Technologies 486Antimalware and Antivirus Software 486Host-Based Firewalls and Host-Based Intrusion Prevention 488Application-Level Whitelisting and Blacklisting 490System-Based Sandboxing 491Sandboxes in the Context of Incident Response 493Exam Preparation Tasks 494Chapter 12 Challenges in the Security Operations Center (SOC) 496“Do I Know This Already?” Quiz 496Foundation Topics 499Security Monitoring Challenges in the SOC 499Security Monitoring and Encryption 500Security Monitoring and Network Address Translation 501Security Monitoring and Event Correlation Time Synchronization 502DNS Tunneling and Other Exfiltration Methods 502Security Monitoring and Tor 504Security Monitoring and Peer-to-Peer Communication 505Additional Evasion and Obfuscation Techniques 506Resource Exhaustion 508Traffic Fragmentation 509Protocol-Level Misinterpretation 510Traffic Timing, Substitution, and Insertion 511Pivoting 512Exam Preparation Tasks 517Chapter 13 The Art of Data and Event Analysis 520“Do I Know This Already?” Quiz 520Foundation Topics 522Normalizing Data 522Interpreting Common Data Values into a Universal Format 523Using the 5-Tuple Correlation to Respond to Security Incidents 523Using Retrospective Analysis and Identifying Malicious Files 525Identifying a Malicious File 526Mapping Threat Intelligence with DNS and Other Artifacts 527Using Deterministic Versus Probabilistic Analysis 527Exam Preparation Tasks 528Chapter 14 Classifying Intrusion Events into Categories 530“Do I Know This Already?” Quiz 530Foundation Topics 532Diamond Model of Intrusion 532Cyber Kill Chain Model 539Reconnaissance 540Weaponization 543Delivery 544Exploitation 545Installation 545Command and Control 546Action on Objectives 547The Kill Chain vs. MITRE’s ATT&CK 548Exam Preparation Tasks 550Chapter 15 Introduction to Threat Hunting 552“Do I Know This Already?” Quiz 552Foundation Topics 554What Is Threat Hunting? 554Threat Hunting vs. Traditional SOC Operations vs. Vulnerability Management 555The Threat-Hunting Process 556Threat-Hunting Maturity Levels 557Threat Hunting and MITRE’s ATT&CK 558Automated Adversarial Emulation 563Threat-Hunting Case Study 567Threat Hunting, Honeypots, Honeynets, and Active Defense 571Exam Preparation Tasks 571Chapter 16 Final Preparation 574Hands-on Activities 574Suggested Plan for Final Review and Study 574Summary 575Glossary of Key Terms 577Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 592Appendix B Understanding Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 Exam Updates 614Online ElementsAppendix C Study PlannerGlossary of Key Terms9780136807834 TOC 10/13/2020