Cisco Certified CyberOps Associate (200-201) Cert Prep: 3 Host-Based Analysis

Explore the principles of defense in depth as you prepare for the Host-Based Analysis portion of the Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

Introduction

• Securing the endpoints
• Prepare for Cisco CBROPS exam v1.0
• Set up your test environment

1. Outlining the Window OS

• Visualize the Windows architecture
• Dissect the Windows file system
• Working with Windows Registry
• Running a Windows OS
• Manage network settings
• Use netstat
• Monitor the Windows OS

2. Discovering the Linux OS

• Recognize the value of a Linux OS
• Interact with a Linux OS
• Use the Linux file system
• Monitor log files
• Avoid malware on a Linux host
• Harden the OS

3. Monitoring the Endpoints

• Outline the network architecture
• Provide defense in depth
• Simple Network Management Protocol
• Understand NTP
• Challenge: Configure NTP
• Solution: Configure NTP

4. Examining Network Security Data

• Understand data types used in security monitoring
• Challenge: Configure SNMP
• Solution: Configure SNMP
• Generate a malware analysis report
• Compare HIDS with NIDS
• Use a sandbox to evaluate malicious activity

5. Responding to Cybersecurity Incidents

• Cyber attribution
• Outline the digital forensic investigation
• Compare different types of evidence
• Preserve the chain of custody

Conclusion

• Next steps