Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

CCNA CyberOps Security E-camp

Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC’s) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats. CCNA Cyber Ops prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.

GK# 7059

Course Overview

TOP

Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0 course will provide you with an understanding of network infrastructure devices, operations and vulnerabilities of the TCP/IP protocol suite, basic information security concepts, common network application operations and attacks, the Windows and Linux operating systems, and the types of data that are used to investigate security incidents. After you have completed this course, you will have basic knowledge that is required to perform the job role of an entry-level cybersecurity analyst in a threat-centric security operations center

Implementing Cisco Cybersecurity Operations (SECOPS) v1.0 course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response

Schedule

TOP
  • Delivery Format:
  • Date:
  • Location:
  • Access Period:

$

What You'll Learn

TOP

Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0

  • Describe, compare and identify various network concepts
  • Fundamentals of TCP/IP
  • Describe and compare fundamental security concepts
  • Describe network applications and the security challenges
  • Understand basic cryptography principles.
  • Understand endpoint attacks, including interpreting log data to identify events in Windows and Linux
  • Develop knowledge in security monitoring, including identifying sources and types of data and events
  • Know various attack methods, security weaknesses, evasion methods, and remote versus local exploits

Implementing Cisco Cybersecurity Operations (SECOPS) v1.0

  • Define a SOC and the various job roles in a SOC
  • Understand SOC infrastructure tools and systems
  • Learn basic incident analysis for a threat centric SOC
  • Explore resources available to assist with an investigation
  • Explain basic event correlation and normalization
  • Describe common attack vectors
  • Learn how to identifying malicious activity
  • Understand the concept of a playbook
  • Describe and explain an incident respond handbook
  • Define types of SOC Metrics
  • Understand SOC Workflow Management system and automation

Outline

TOP
Viewing outline for:

Self-Paced Outline

This course allows learners to understand common security concepts, and start to learn the basic security techniques used in a Security Operations Center (SOC) to find threats on a network using a variety of popular security tools within a "real-life" network infrastructure.

Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0

Module 1: TCP/IP and Cryptography Concepts

  • Lesson 1: Understanding the TCP/IP Protocol Suite
  • Lesson 2: Understanding the Network Infrastructure
  • Lesson 3: Understanding Common TCP/IP Attacks
  • Lesson 4: Understanding Basic Cryptography Concepts

Module 2: Network Applications and Endpoint Security

  • Lesson 1: Describing Information Security Concepts
  • Lesson 2: Understanding Network Applications
  • Lesson 3: Understanding Common Network Application Attacks
  • Lesson 4: Understanding Windows Operating System Basics
  • Lesson 5: Understanding Linux Operating System Basics
  • Lesson 6: Understanding Common Endpoint Attacks
  • Lesson 7: Understanding Network Security Technologies
  • Lesson 8: Understanding Endpoint Security Technologies

Module 3: Security Monitoring and Analysis

  • Lesson 1: Describing Security Data Collection
  • Lesson 2: Describing Security Event Analysis

Implementing Cisco Cybersecurity Operations (SECOPS) v1.0

Module 1: SOC Overview

  • Lesson 1: Defining the Security Operations Center
  • Lesson 2: Understanding NSM Tools and Data
  • Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
  • Lesson 4: Identifying Resources for Hunting Cyber Threats

Module 2: Security Incident Investigations

  • Lesson 1: Understanding Event Correlation and Normalization
  • Lesson 2: Identifying Common Attack Vectors
  • Lesson 3: Identifying Malicious Activity
  • Lesson 4: Identifying Patterns of Suspicious Behavior
  • Lesson 5: Conducting Security Incident Investigations

Module 3: SOC Operations

  • Lesson 1: Describing the SOC Playbook
  • Lesson 2: Understanding the SOC Metrics
  • Lesson 3: Understanding the SOC WMS and Automation
  • Lesson 4: Describing the Incident Response Plan
  • Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
  • Lesson 6: Appendix B—Understanding the use of VERIS

Labs

TOP
Viewing labs for:

Self-Paced Labs

Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0

Guided Lab 1: Explore the TCP/IP Protocol Suite

Objective:

Topology

  • Task 1: Examine the Network Configuration on Inside-Win
  • Task 2: Examine the Network Configuration on Inside-Kali
  • Task 3: Verify That Peers Are Not Yet in ARP Cache
  • Task 4: Initialize the Packet Capture Process
  • Task 5: Generate and Capture Local LAN Traffic
  • Task 6: Examine Packet Summaries
  • Task 7: Examine Ethernet Headers
  • Task 8: Examine an IP Header
  • Task 9: Examine an ICMP Header and Data
  • Task 10: Capture Communication with a Remote LAN
  • Task 11: Examine How the Communication Started
  • Task 12: Examine a TCP Connection
  • Task 13: Examine the First HTTP Transactions
  • Task 14: Examine TCP Connections
  • Task 15: Compare and Contrast TCP and UDP

Challenge

Guided Lab 2: Explore the Network Infrastructure

Objective:

Topology

  • Task 1: Explore Network Switch Operation
  • Task 2: Explore VLANs
  • Task 3: Explore Trunking
  • Task 4: Explore Routing
  • Task 5: Explore NAT
  • Task 6: Explore Firewalling
  • Task 7: Explore DHCP Operation

Challenge

Guided Lab 3: Explore TCP/IP Attacks

Objective: [High-level description of what is to be accomplished in the learning lab.]

Topology

  • Task 1: Footprinting
  • Task 2: Fingerprinting
  • Task 3: Discrete OS Scanning
  • Task 4: Malicious Route Injection
  • Task 5: ARP Cache Poisoning

Challenge

Guided Lab 4: Explore Cryptographic Technologies

Objective:

Topology

  • Task 1: Demonstrate Hash Algorithms
  • Task 2: Examine Hash Collisions
  • Task 3: Explore MD5 and Enable Secret
  • Task 4: Demonstrate Symmetric Encryption
  • Task 5: Demonstrate Asymmetric Encryption
  • Task 6: Create a Key Pair and Digital Signature
  • Task 7: Explore Public-Key Infrastructure
  • Task 8: Capture Packets from an SSL/TLS Connection
  • Task 9: Analyze SSL/TLS Negotiation

Challenge

Guided Lab 5: Explore Network Applications

Objective:

Topology

  • Task 1: Prepare to Send an Email Manually
  • Task 2: Send an Email Manually
  • Task 3: Follow the Email Path
  • Task 4: Examine the Email
  • Task 5: Send One Email the Normal Way
  • Task 6: Examine Hypertext Markup Language
  • Task 7: Examine Cascading Style Sheets
  • Task 8: Examine JavaScript
  • Task 9: Examine PHP
  • Task 10: Examine Structured Query Language
  • Task 11: Examine URLs
  • Task 12: Capture HTTP Traffic for Analysis
  • Task 13: HTTP Requests: GET and POST

Challenge

Guided Lab 6: Explore Network Application Attacks

Objective: This lab will explore several different classes of attacks against a targeted web server.

Topology

  • Task 1: Explore Vulnerability Scanning
  • Task 2: Examine the Footprints of a Vulnerability Scan
  • Task 3: Leverage the Vulnerability Scan Results
  • Task 4: Perform an Offline Password Attack
  • Task 5: Perform an Online Password Attack
  • Task 6: Perform a Command Injection
  • Task 7: Perform an SQL Injection
  • Task 8: Account Access Via Cookie Manipulation
  • Task 9: Explore Reflected Cross-Site Scripting
  • Task 10: Explore Persistent Cross-Site Scripting

Challenge

Guided Lab 7: Explore the Windows Operating System

Objective: This lab will focus on exploring the Windows operating system and services discussed in the lesson.

Topology

  • Task 1: Prepare the Inside-Win VM
  • Task 2: Explore Processes
  • Task 3: Explore Threads
  • Task 4: Explore the Registry Database
  • Task 5: Explore Handles
  • Task 6: Explore Windows Services
  • Task 7: Explore Windows Users, Groups, and Permissions
  • Task 8: Explore Windows Network Activity from the CLI
  • Task 9: Explore Windows Network Activity from the GUI

Challenge

Guided Lab 8: Explore the Linux Operating System

Objective: This lab exercise provides you a structured experience with the Linux operating system baiscs.

Topology

  • Task 1: Bash Shell
  • Task 2: Navigate Linux Directories
  • Task 3: Basic File and Directory Operations
  • Task 4: File System Permissions
  • Task 5: Modify Permissions
  • Task 6: I/O Piping and Redirection
  • Task 7: grep Command
  • Task 8: Linux Processes
  • Task 9: netstat Command

Challenge

Guided Lab 9: Explore Endpoint Attacks

Objective:

Topology

  • Task 1: Perform Reconnaissance
  • Task 2: Exploit a Misconfiguration
  • Task 3: Exploit a Back Door
  • Task 4: Escalate a Privilege Escalation
  • Task 5: Exploit an Operating System Flaw
  • Task 6: Use a Pivot
  • Task 7: Employ Social Engineering/Phishing
  • Task 8: Establish Persistence
  • Task 9: Tunnel Exfiltrated Data

Challenge

Guided Lab 10: Explore Network Security Technologies

Objective:

Topology

  • Task 1: Examine Interface Access Policy on the ABC-ASA
  • Task 2: Demonstrate Stateful Inspection of TCP
  • Task 3: Examine Application Policy on the ABC-ASA
  • Task 4: Examine Remote Access VPNs
  • Task 5: Examine Network IDS
  • Task 6: Examine the Squid Web Proxy

Challenge

Guided Lab 11: Explore Endpoint Security

Objective: In this lab exercise, you will explore the behavior of two endpoint security applications that are part of the base Windows operating system distribution: Windows Defender and Windows Firewall.

Topology

  • Task 1: Explore Windows Defender
  • Task 2: Explore Windows Firewall
  • Task 3: Explore IPtables and TCP wrappers

Challenge

Guided Lab 12: Explore Security Data for Analysis

Objective: This lab focuses on the analysis of event data for investigation of a security event.

Topology

  • Task 1: Explore Alert Data
  • Task 2: Extracted Content
  • Task 3: Sandbox Analysis
  • Task 4: Transaction Data
  • Task 5: Session Data
  • Task 6: Full Packet Capture

Challenge

Implementing Cisco Cybersecurity Operations (SECOPS) v1.0

Guided Lab 1: Explore Network Security Monitoring Tools

Objective:

Topology

  • Task 1: Prepare the Lab Environment
  • Task 2: Analyze Alerts
  • Task 3: Extract Content from Packet Captures
  • Task 4: Analyze Malware
  • Task 5: Search Bro Data Using ELSA

Challenge

Discovery 1: Investigate Hacker Methodology

Objective:

Topology

  • Task 1: Scanning and Analyzing Reconnaissance Activity
  • Task 2: Analyzing the Weaponization, Delivery, and Exploitation Phases of the Kill Chain Model
  • Task 3: Persistence on the Target Machine
  • Task 4: Host-Based Analysis
  • Task 5: Identifying Data Exfiltration

Challenge

Discovery 2: Hunt Malicious Traffic

Objective:

Topology

  • Task 1: Threat Simulation
  • Task 2: Combing Network Traffic with ELSA
  • Task 3: Pivot to Wireshark with capME!
  • Task 4: Analyzing Exfiltration Data
  • Task 5: Confirm A Backdoor

Challenge

Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack

Objective: [High-level description of what is to be accomplished in the learning lab.]

Topology

  • Task 1: Examine OSSEC Alerts
  • Task 2: Find and Correlate Additional Activity

Challenge

Discovery 4: Investigate Browser-Based Attacks

Objective:

Topology

  • Task 1: Setting up Security Onion
  • Task 2: SQL Injection
  • Task 3: Cross Site Scripting Attack
  • Task 4: Local File Inclusion and Directory Traversal

Challenge

Discovery 5: Analyze Suspicious DNS Activity

Objective:

Topology

  • Task 1: Investigate DNS Fast Fluxing
  • Task 2: Perform DNS Exfiltration
  • Task 3: Analyze DNS Exfiltration Activities

Challenge

Discovery 6: Investigate Suspicious Activity Using Security Onion

Objective:

Topology

  • Task 1: Identify Suspicious Domain Names
  • Task 2: Identify Suspicious User Agents
  • Task 3: Upload Malware to Malwr.com

Challenge

Discovery 7: Investigate Advanced Persistent Threats

Objective:

Topology

  • Task 1: Investigate Sguil Alerts
  • Task 2: Investigate Suspicious Packet Captures
  • Task 3: Implement New Custom Snort Rule

Challenge

Discovery 8: Explore SOC Playbooks

Objective:

Topology

  • Task 1: Access ELSA on the Security Onion VM
  • Task 2: Play: 404s Indicating Web Recon
  • Task 3: Play: Posts to Dynamic DNS Sites
  • Task 4: Play: DNS over TCP
  • Task 5: Play: HTTP Header Host Field Containing IP Address
  • Task 6: Play: Known Botnet C2 Domains (Manual Play)
  • Task 7: Play: Explore the Raw Bro Log Files
  • Task 8: Play: Known Botnet C2 Domains (Semi-Automated Play)
  • Task 9: Play: Malicious Files (Manual Play)
  • Task 10: Play: Malicious Files (Semi-Automated Play)
  • Task 11: Play: Large File Transfers (Semi-Automated Play)

Challenge

Prerequisites

TOP

Basic technical competency (possess one or more of the following):

  • Cisco certification (Cisco CCENT certification or higher)
  • Relevant industry certification [(ISC)2, CompTIA Security+, EC-Council, GIAC, ISACA]
  • Cisco Networking Academy letter of completion (CCNA 1 and CCNA 2)
  • Windows expertise: Microsoft (Microsoft Specialist, MCSA, MCSE), CompTIA (A+, Network+, Server+)
  • Linux expertise: CompTIA (Linux+), Linux Professional Institute (LPI) certification, Linux Foundation (LFCS, LFCE), Red Hat (RHCSA, RHCE, RHCA), Oracle Linux (OCA, OCP)

It is strongly recommended, but not required, that students have the following knowledge and skills:

  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)

Who Should Attend

TOP
  • Security Operations Center – Security Analyst
  • Computer/Network Defense Analysts
  • Computer Network Defense Infrastructure Support Personnel
  • Future Incident Responders and Security Operations Center (SOC) personnel.
  • Students beginning a career, entering the cybersecurity field.
  • Cisco Channel Partners

Vendor Credits

TOP

This course can be purchased with Cisco Learning Credits (CLCs).

Course Delivery

This course is available in the following formats:

Self-Paced

On-demand content enables you to train on your own schedule.



Request this course in a different delivery format.
Enroll