Cisco Certified CyberOps Associate (200-201) Cert Prep: 2 Security Monitoring

Explore the principles of defense in depth as you prepare for the Security Monitoring portion of the Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

Introduction

• Active security monitoring
• Prepare for Cisco CBROPS exam
• Setting up your test environment

1. Understanding Attacks

• Recognizing attack surfaces
• Identifying vulnerability testing
• Attacking the network
• Describing web application attacks
• Hacking the human
• Investigating endpoint-based attacks
• Challenge: Research and identify social engineering attacks
• Solution: Research and identify social engineering attacks

2. Examining System Data

• Exploring CLI tools
• Analyzing data with NetFlow
• Monitoring traffic with a stateful firewall
• Deploying a next-generation firewall
• Having application visibility and control
• Filtering web and email content
• Challenge: Using NetFlow in Packet Tracer
• Solution: Using NetFlow in Packet Tracer

3. Comparing Data Types Used in Security Monitoring

• Obtaining a packet capture with Wireshark
• Understanding conversations and endpoints
• Visualizing session and transactional data
• Analyzing statistical data
• Sending alert data
• Investigating an IDS alert
• Challenge: Using Wireshark to examine DNS traffic
• Solution: Using Wireshark to examine DNS traffic

4. Limiting Data Visibility

• Using an access control list
• Concealing the network using NAT/PAT
• Evading and hiding techniques
• Tunneling and encapsulation
• Using encryption to hide

5. Using Certificates

• Protecting data and networks
• Ensuring trust on the Internet
• Examining an X.509 certificate
• Describing certificate classes
• Grasping the public key cryptography standards (PKCS)
• Managing keys using IKE
• Outlining the different protocol versions
• Configuring the cipher suite
• Challenge: Certificate Authority Stores
• Solution: Certificate Authority Stores

Conclusion

• Next steps