Cisco Certified CyberOps Associate (200-201) Cert Prep: 4 Network Intrusion Analysis

Cybersecurity specialists are in high demand. This course prepares you to fill these roles as it covers the Network Intrusion Analysis portion of the Cisco CBROPS exam.

Introduction

• Evaluating intrusion alerts
• Prepare for Cisco CBROPS exam v1.0
• Setting up your test environment

1. Working with Network Security Data

• Comparing methods to examine traffic
• Comparing IPS and IDS
• Recognizing alerts and events
• Monitoring traffic
• Interpreting IDS/IPS alerts
• Challenge: Install the CyberOps workstation
• Solution: Install the CyberOps workstation

2. Evaluating Alerts and Log Files

• Being application aware
• Evaluating antivirus alerts
• Viewing web proxy logs
• Challenge: Regular expressions
• Solution: Regular expressions

3. Using Wireshark to Evaluate Traffic

• Understanding the OSI model
• Tapping into the network
• Creating an Ethernet frame
• Identifying key elements from a pcap
• Extracting objects from a pcap
• Challenge: Log file analysis
• Solution: Log file analysis

4. Diving into TCP/IP Headers

• Understanding TCP
• Moving through the TCP handshake and teardown
• Recognizing User Datagram Protocol
• Viewing IPv4
• Investigating IPv6
• Grasping ICMP
• Discovering ICMPv6

5. Visualizing Application Data

• Analyzing HTTP
• Dissecting DNS
• Using ARP
• Outlining email threats
• Detecting malware by examining artifacts
• Confirming malware by examining artifacts

Conclusion

• Next steps