CCNA Cyber Ops SECFND #210-250 Official Cert Guide

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.Omar is the author of over a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io, and you can follow Omar on Twitter @santosomar.Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the U.S. government. Joseph’s current role gives him visibility into the latest trends in cyber security, from both leading vendors and customers. Examples of Joseph’s research include his RSA talk titled “Social Media Deception,” which has been quoted by many sources (search for “Emily Williams Social Engineering”), as well as his articles in PenTest Magazine regarding various security topics.Joseph runs The Security Blogger website, a popular resource for security, hacking, and product implementation. He is the author and contributor of several publications covering various penetration testing and security topics.You can follow Joseph at www. thesecurityblogger.com and @SecureBlogger.Stefano De Crescenzo is a senior incident manager with the Cisco Product Security Incident Response Team (PSIRT), where he focuses on product vulnerability management and Cisco products forensics. He is the author of several blog posts and white papers about security best practices and forensics. He is an active member of the security community and has been a speaker at several security conferences.Stefano specializes in malware detection and integrity assurance in critical infrastructure devices, and he is the author of integrity assurance guidelines for Cisco IOS, IOS-XE, and ASA.Stefano holds a B.Sc. and M.Sc. in telecommunication engineering from Politecnico di Milano, Italy, and an M.Sc. in telecommunication from Danish Technical University, Denmark. He is currently pursuing an Executive MBA at Vlerick Business School in Belgium. He also holds a CCIE in Security #26025 and is CISSP and CISM certified.

• Introduction xxvPart I Network ConceptsChapter 1 Fundamentals of Networking Protocols and Networking Devices 3“Do I Know This Already?” Quiz 3Foundation Topics 6TCP/IP and OSI Model 6TCP/IP Model 6Open System Interconnection Model 12Layer 2 Fundamentals and Technologies 16Ethernet LAN Fundamentals and Technologies 16Ethernet Devices and Frame-Forwarding Behavior 20Wireless LAN Fundamentals and Technologies 35Internet Protocol and Layer 3 Technologies 43IPv4 Header 45IPv4 Fragmentation 47IPv4 Addresses and Addressing Architecture 48IP Addresses Assignment and DHCP 57IP Communication Within a Subnet and Address Resolution Protocol (ARP) 60Intersubnet IP Packet Routing 61Routing Tables and IP Routing Protocols 64Internet Control Message Protocol (ICMP) 69Domain Name System (DNS) 71IPv6 Fundamentals 75IPv6 Header 78IPv6 Addressing and Subnets 79Special and Reserved IPv6 Addresses 82IPv6 Addresses Assignment, Neighbor Discovery Protocol, andDHCPv6 83Transport Layer Technologies and Protocols 89Transmission Control Protocol (TCP) 90User Datagram Protocol (UDP) 98Exam Preparation Tasks 100Review All Key Topics 100Complete Tables and Lists from Memory 103Define Key Terms 103Q&A 103References and Further Reading 106Chapter 2 Network Security Devices and Cloud Services 109“Do I Know This Already?” Quiz 109Foundation Topics 112Network Security Systems 112Traditional Firewalls 112Application Proxies 117Network Address Translation 117Stateful Inspection Firewalls 120Next-Generation Firewalls 126Personal Firewalls 128Intrusion Detection Systems and Intrusion Prevention Systems 128Next-Generation Intrusion Prevention Systems 133Advance Malware Protection 133Web Security Appliance 137Email Security Appliance 140Cisco Security Management Appliance 142Cisco Identity Services Engine 143Security Cloud-based Solutions 144Cisco Cloud Web Security 145Cisco Cloud Email Security 146Cisco AMP Threat Grid 147Cisco Threat Awareness Service 147OpenDNS 148CloudLock 148Cisco NetFlow 149What Is the Flow in NetFlow? 149NetFlow vs. Full Packet Capture 151The NetFlow Cache 151Data Loss Prevention 152Exam Preparation Tasks 153Review All Key Topics 153Complete Tables and Lists from Memory 154Define Key Terms 154Q&A 154Part II Security ConceptsChapter 3 Security Principles 159“Do I Know This Already?” Quiz 159Foundation Topics 162The Principles of the Defense-in-Depth Strategy 162What Are Threats, Vulnerabilities, and Exploits? 166Vulnerabilities 166Threats 167Exploits 170Confidentiality, Integrity, and Availability: The CIA Triad 171Confidentiality 171Integrity 171Availability 171Risk and Risk Analysis 171Personally Identifiable Information and Protected Health Information 173PII 173PHI 174Principle of Least Privilege and Separation of Duties 174Principle of Least Privilege 174Separation of Duties 175Security Operation Centers 175Runbook Automation 176Forensics 177Evidentiary Chain of Custody 177Reverse Engineering 178Exam Preparation Tasks 180Review All Key Topics 180Define Key Terms 180Q&A 181Chapter 4 Introduction to Access Controls 185“Do I Know This Already?” Quiz 185Foundation Topics 189Information Security Principles 189Subject and Object Definition 189Access Control Fundamentals 190Identification 190Authentication 191Authorization 193Accounting 193Access Control Fundamentals: Summary 194Access Control Process 195Asset Classification 195Asset Marking 196Access Control Policy 197Data Disposal 197Information Security Roles and Responsibilities 197Access Control Types 199Access Control Models 201Discretionary Access Control 203Mandatory Access Control 204Role-Based Access Control 205Attribute-Based Access Control 207Access Control Mechanisms 210Identity and Access Control Implementation 212Authentication, Authorization, and Accounting Protocols 212Port-Based Access Control 218Network Access Control List and Firewalling 221Identity Management and Profiling 223Network Segmentation 223Intrusion Detection and Prevention 227Antivirus and Antimalware 231Exam Preparation Tasks 233Review All Key Topics 233Complete Tables and Lists from Memory 234Define Key Terms 234Q&A 234References and Additional Reading 237Chapter 5 Introduction to Security Operations Management 241“Do I Know This Already?” Quiz 241Foundation Topics 244Introduction to Identity and Access Management 244Phases of the Identity and Access Lifecycle 244Password Management 246Directory Management 250Single Sign-On 252Federated SSO 255Security Events and Logs Management 260Logs Collection, Analysis, and Disposal 260Security Information and Event Manager 264Assets Management 265Assets Inventory 266Assets Ownership 267Assets Acceptable Use and Return Policies 267Assets Classification 268Assets Labeling 268Assets and Information Handling 268Media Management 269Introduction to Enterprise Mobility Management 269Mobile Device Management 271Configuration and Change Management 276Configuration Management 276Change Management 278Vulnerability Management 281Vulnerability Identification 281Vulnerability Analysis and Prioritization 290Vulnerability Remediation 294Patch Management 295References and Additional Readings 299Exam Preparation Tasks 302Review All Key Topics 302Complete Tables and Lists from Memory 303Define Key Terms 303Q&A 303Part III CryptographyChapter 6 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 309“Do I Know This Already?” Quiz 309Foundation Topics 311Cryptography 311Ciphers and Keys 311Symmetric and Asymmetric Algorithms 313Hashes 314Hashed Message Authentication Code 316Digital Signatures 317Key Management 320Next-Generation Encryption Protocols 321IPsec and SSL 321Fundamentals of PKI 323Public and Private Key Pairs 323RSA Algorithm, the Keys, and Digital Certificates 324Certificate Authorities 324Root and Identity Certificates 326Authenticating and Enrolling with the CA 328Public Key Cryptography Standards 330Simple Certificate Enrollment Protocol 330Revoking Digital Certificates 330Using Digital Certificates 331PKI Topologies 331Exam Preparation Tasks 334Review All Key Topics 334Complete Tables and Lists from Memory 334Define Key Terms 335Q&A 335Chapter 7 Introduction to Virtual Private Networks (VPNs) 339“Do I Know This Already?” Quiz 339Foundation Topics 341What Are VPNs? 341Site-to-site vs. Remote-Access VPNs 341An Overview of IPsec 343IKEv1 Phase 1 343IKEv1 Phase 2 345IKEv2 348SSL VPNs 348SSL VPN Design Considerations 351Exam Preparation Tasks 353Review All Key Topics 353Complete Tables and Lists from Memory 353Define Key Terms 353Q&A 353Part IV Host-Based AnalysisChapter 8 Windows-Based Analysis 357“Do I Know This Already?” Quiz 357Foundation Topics 360Process and Threads 360Memory Allocation 362Windows Registration 364Windows Management Instrumentation 366Handles 368Services 369Windows Event Logs 372Exam Preparation Tasks 375Review All Key Topics 375Define Key Terms 375Q&A 375References and Further Reading 377Chapter 9 Linux- and Mac OS X—Based Analysis 379“Do I Know This Already?” Quiz 379Foundation Topics 382Processes 382Forks 384Permissions 385Symlinks 390Daemons 391UNIX-Based Syslog 392Apache Access Logs 396Exam Preparation Tasks 398Review All Key Topics 398Complete Tables and Lists from Memory 398Define Key Terms 398Q&A 399References and Further Reading 400Chapter 10 Endpoint Security Technologies 403“Do I Know This Already?” Quiz 403Foundation Topics 406Antimalware and Antivirus Software 406Host-Based Firewalls and Host-Based Intrusion Prevention 408Application-Level Whitelisting and Blacklisting 410System-Based Sandboxing 411Exam Preparation Tasks 414Review All Key Topics 414Complete Tables and Lists from Memory 414Define Key Terms 414Q&A 414Part V Security Monitoring and Attack MethodsChapter 11 Network and Host Telemetry 419“Do I Know This Already?” Quiz 419Foundation Topics 422Network Telemetry 422Network Infrastructure Logs 422Traditional Firewall Logs 426Syslog in Large Scale Environments 430Next-Generation Firewall and Next-Generation IPS Logs 437NetFlow Analysis 445Cisco Application Visibility and Control (AVC) 469Network Packet Capture 470Wireshark 473Cisco Prime Infrastructure 474Host Telemetry 477Logs from User Endpoints 477Logs from Servers 481Exam Preparation Tasks 483Review All Key Topics 483Complete Tables and Lists from Memory 483Define Key Terms 483Q&A 484Chapter 12 Security Monitoring Operational Challenges 487“Do I Know This Already?” Quiz 487Foundation Topics 490Security Monitoring and Encryption 490Security Monitoring and Network Address Translation 491Security Monitoring and Event Correlation Time Synchronization 491DNS Tunneling and Other Exfiltration Methods 491Security Monitoring and Tor 493Security Monitoring and Peer-to-Peer Communication 494Exam Preparation Tasks 495Review All Key Topics 495Define Key Terms 495Q&A 495Chapter 13 Types of Attacks and Vulnerabilities 499“Do I Know This Already?” Quiz 499Foundation Topics 502Types of Attacks 502Reconnaissance Attacks 502Social Engineering 504Privilege Escalation Attacks 506Backdoors 506Code Execution 506Man-in-the Middle Attacks 506Denial-of-Service Attacks 507Attack Methods for Data Exfiltration 510ARP Cache Poisoning 511Spoofing Attacks 512Route Manipulation Attacks 513Password Attacks 513Wireless Attacks 514Types of Vulnerabilities 514Exam Preparation Tasks 518Review All Key Topics 518Define Key Terms 518Q&A 518Chapter 14 Security Evasion Techniques 523“Do I Know This Already?” Quiz 523Foundation Topics 526Encryption and Tunneling 526Key Encryption and Tunneling Concepts 531Resource Exhaustion 531Traffic Fragmentation 532Protocol-Level Misinterpretation 533Traffic Timing, Substitution, and Insertion 535Pivoting 536Exam Preparation Tasks 541Review All Key Topics 541Complete Tables and Lists from Memory 541Define Key Terms 541Q&A 541References and Further Reading 543Part VI Final PreparationChapter 15 Final Preparation 545Tools for Final Preparation 545Pearson Cert Practice Test Engine and Questions on the Website 545Customizing Your Exams 547Updating Your Exams 547The Cisco Learning Network 548Memory Tables 548Chapter-Ending Review Tools 549Suggested Plan for Final Review/Study 549Summary 549Part VII AppendixesAppendix A Answers to the “Do I Know This Already?” Quizzes and Q&AQuestions 551Glossary 571Elements Available on the Book WebsiteAppendix B Memory TablesAppendix C Memory Tables Answer KeyAppendix D Study Planner9781587147029, TOC, 3/9/2017