Cisco CCNA Cyber Ops

- Only 6 Days

On this 6-day accelerated CCNA Cyber Ops course, you’ll develop the skills to detect cyber security breaches and effectively respond to security incidents.

You’ll be trained by Cisco Certified Trainers who, through our unique Lecture | Lab | Review technique, will take you through key security principles and provide hands-on, practical examples. This technique will help you better retain knowledge and will ensure you are capable of applying your skills to real-life scenarios.

Upon completing this certification you will have:

Seven reasons why you should sit your course with Firebrand Training

You'll be certified in just 6 days. With us, you’ll be trained in record time
Our course is all-inclusive. A one-off fee covers all course materials, exams, accommodation and meals. No hidden extras
Pass first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
You’ll learn more. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
You’ll be studying with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified 75078 professionals, and we’re partners with all of the big names in the business
You'll do more than study Firebrand's courseware. We use practical exercises to make sure you can apply your new knowledge to the work environment. Our instructors use demonstrations and real-world experience to keep the day interesting and engaging

Think you are ready for the course? Take a FREE practice test to assess your knowledge!

Use your Cisco Learning Credits (CLCs)

You may be entitled to free training via Cisco Learning Credits (CLCs). If you’ve bought Cisco hardware or software - check the invoice to see if you have credits waiting to be used! If you’re unsure, get in touch with us.

Get certified 40% faster: Be trained and certified in just 6 days, instead of traditional courses which take 11 days. You'll be back at work sooner, using your new skills to defend against cyber attacks.
Cisco Official Curriculum: access to the most up-to-date materials Cisco offer giving you the skills and knowledge aligned to the exam.
Cisco Certified Trainers: Our Cisco Certified Trainers have years of industry relevant experience that can be used to support and further enhance course material. Meaning you'll develop skills and knowledge that can't be accessed through curriculum alone.
Lecture | Lab | Review: This technique, used throughout Firebrand’s courses, makes use of a mixture of theoretical and practical material to help you retain information and develop the skills to apply your knowledge to real-world scenarios.

Benefits of Training with Firebrand

Distraction-free residential training - you’ll live just steps away from your classroom
A purpose-built training centre – get access to dedicated Pearson VUE Select facilities
Your Certification Guarantee – pass first time or train again free (just pay for accommodation, exams and incidental costs)
Everything you need to certify – you’ll even sit your exam on the course and return home certified
No hidden extras – one cost covers everything you need to certify

See Curriculum...

This course is designed to teach you fundamental knowledge for the core skills needed in a cyber security environment including basic security principles and concepts. The second half of this course will guide students through the principles of working in a Security Operations Centre.

SECFND Exam 210-250: Understanding Cisco Cybersecurity Fundamentals

Module 1: Network Concepts

Describe the function of the network layers as specified by the OSI and the TCP/IP network models
Describe the operation of the following

IP
TCP
UDP
ICMP

Describe the operation of these network services

ARP
DNS
DHCP

Describe the basic operation of these network device types

Router
Switch
Hub
Bridge
Wireless access point (WAP)
Wireless LAN controller (WLC)

Describe the functions of these network security systems as deployed on the host, network, or the cloud:

Firewall
Cisco Intrusion Prevention System (IPS)
Cisco Advanced Malware Protection (AMP)
Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)

Describe IP subnets and communication within an IP subnet and between IP subnets

Describe the relationship between VLANs and data visibility
Describe the operation of ACLs applied as packet filters on the interfaces of network devices
Compare and contrast deep packet inspection with packet filtering and stateful firewall operation
Compare and contrast inline traffic interrogation and taps or traffic mirroring
Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
Identify potential data loss from provided traffic profiles

Module 2: Security Concepts

Describe the principles of the defense in depth strategy
Compare and contrast these concepts:

Risk
Threat
Vulnerability
Exploit

Describe these terms:

Threat actor
Run book automation (RBA)
Chain of custody (evidentiary)
Reverse engineering
Sliding window anomaly detection
PII
PHI

Describe these security terms:

Principle of least privilege
Risk scoring/risk weighting
Risk reduction
Risk assessment

Compare and contrast these access control models:

Discretionary access control
Mandatory access control
Nondiscretionary access control

Compare and contrast these terms:

Network and host antivirus
Agentless and agent-based protections
SIEM and log collection

Describe these concepts:

Asset management
Configuration management
Mobile device management
Patch management
Vulnerability management

Module 3: Cryptography

Describe the uses of a hash algorithm
Describe the uses of encryption algorithms
Compare and contrast symmetric and asymmetric encryption algorithms
Describe the processes of digital signature creation and verification
Describe the operation of a PKI
Describe the security impact of these commonly used hash algorithms:

MD5
SHA-1
SHA-256
SHA-512

Describe the security impact of these commonly used encryption algorithms and secure communications protocols:

DES
3DES
AES
AES256-CTR
RSA
DSA
SSH
SSL/TLS

Describe how the success or failure of a cryptographic exchange impacts security investigation
Describe these items in regards to SSL/TLS:

Cipher-suite
509 certificates
Key exchange
Protocol version
PKCS

Module 4: Host-Based Analysis

Define these terms as they pertain to Microsoft Windows

Processes
Threads
Memory allocation
Windows Registry
WMI
Handles
Services

Define these terms as they pertain to Linux

Processes
Forks
Permissions
Symlinks
Daemon

Describe the functionality of these endpoint technologies in regards to security monitoring

Host-based intrusion detection
Antimalware and antivirus
Host-based firewall
Application-level whitelisting/blacklisting
Systems-based sandboxing (such as Chrome, Java, Adobe reader)

Interpret these operating system log data to identify an event

Windows security event logs
Unix-based syslog
Apache access logs
IIS access logs

Module 5: Security Monitoring

Identify the types of data provided by these technologies

TCP Dump
NetFlow
Next-Gen firewall
Traditional stateful firewall
Application visibility and control
Web content filtering
Email content filtering

Describe these types of data used in security monitoring

Full packet capture
Session data
Transaction data
Statistical data
Extracted content
Alert data

Describe these concepts as they relate to security monitoring

Access control list
NAT/PAT
Tunneling
TOR
Encryption
P2P
Encapsulation
Load balancing

Describe these NextGen IPS event types

Connection event
Intrusion event
Host or endpoint event
Network discovery event
NetFlow event

Describe the function of these protocols in the context of security monitoring

DNS
NTP
SMTP/POP/IMAP
HTTP/HTTPS

Module 6: Attack Methods

Compare and contrast an attack surface and vulnerability
Describe these network attacks

Denial of service
Distributed denial of service
Man-in-the-middle

Describe these web application attacks

SQL injection
Command injections
Cross-site scripting

Describe these attacks

Social engineering
Phishing
Evasion methods

Describe these endpoint-based attacks

Buffer overflows
Command and control (C2)
Malware
Rootkit
Port scanning
Host profiling

Describe these evasion methods

Encryption and tunneling
Resource exhaustion
Traffic fragmentation
Protocol-level misinterpretation
Traffic substitution and insertion
Pivot

Define privilege escalation
Compare and contrast remote exploit and a local exploit

SECOPS Exam 210-255: Implementing Cisco Cybersecurity Operations

The exam modules are as follows, below. Your Certified Cisco Systems Instructor will provide you with Cisco-recommended digital and printed content which will be used as preparation for the SECOPS exam. The instructor will facilitate study sessions, designed to best prepare you for the exam.

Module 1: Endpoint Threat Analysis and Computer Forensics

Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
Describe these terms as they are defined in the CVSS 3.0:

Attack vector
Attack complexity
Privileges required
User interaction
Scope

Describe these terms as they are defined in the CVSS 3.0

Confidentiality
Integrity
Availability

Define these items as they pertain to the Microsoft Windows file system

FAT32
NTFS
Alternative data streams
MACE
EFI
Free space
Timestamps on a file system

Define these terms as they pertain to the Linux file system

EXT4
Journaling
MBR
Swap file system
MAC

Compare and contrast three types of evidence

Best evidence
Corroborative evidence
Indirect evidence

Compare and contrast two types of image

Altered disk image
Unaltered disk image

Describe the role of attribution in an investigation

Assets
Threat actor

Module 2: Network Intrusion Analysis

Interpret basic regular expressions
Describe the fields in these protocol headers as they relate to intrusion analysis:

Ethernet frame
IPv4
IPv6
TCP
UDP
ICMP
HTTP

Identify the elements from a NetFlow v5 record from a security event
Identify these key elements in an intrusion from a given PCAP file

Source address
Destination address
Source port
Destination port
Protocols
Payloads

Extract files from a TCP stream when given a PCAP file and Wireshark
Interpret common artifact elements from an event to identify an alert

IP address (source / destination)
Client and Server Port Identity
Process (file or registry)
System (API calls)
Hashes
URI / URL

Map the provided events to these source technologies

NetFlow
IDS / IPS
Firewall
Network application control
Proxy logs
Antivirus

Compare and contrast impact and no impact for these items

False Positive
False Negative
True Positive
True Negative

Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

Module 3: Incident Response

Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
Map elements to these steps of analysis based on the NIST.SP800-61 r2

Preparation
Detection and analysis
Containment, eradication, and recovery
Post-incident analysis (lessons learned)

Map the organisation stakeholders against the NIST IR categories (C2M2, SP800-61 r2)

Preparation
Detection and analysis
Containment, eradication, and recovery
Post-incident analysis (lessons learned)

Describe the goals of the given CSIRT

Internal CSIRT
National CSIRT
Coordination centers
Analysis centers
Vendor teams
Incident response providers (MSSP)

Identify these elements used for network profiling

Total throughput
Session duration
Ports used
Critical asset address space

Identify these elements used for server profiling

Listening ports
Logged in users/service accounts
Running processes
Running tasks
Applications

Map data types to these compliance frameworks

PCI
HIPPA (Health Insurance Portability and Accountability Act)
SOX

Identify data elements that must be protected with regards to a specific standard (PCI-DSS)

Module 4: Data and Event Analysis

Describe the process of data normalisation
Interpret common data values into a universal format
Describe 5-tuple correlation
Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs
Describe the retrospective analysis method to find a malicious file, provided file analysis report
Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
Map DNS logs and HTTP logs together to find a threat actor
Map DNS, HTTP, and threat intelligence data together
Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
Compare and contrast deterministic and probabilistic analysis

Module 5: Incident Handling

Classify intrusion events into these categories as defined in the diamond model of intrusion

Reconnaissance
Weaponisation
Delivery
Exploitation
Installation
Command and control
Action on objectives

Apply the NIST.SP800-61 r2 incident handling process to an event
Define these activities as they relate to incident handling

Identification
Scoping
Containment
Remediation
Lesson-based hardening
Reporting

Describe these concepts as they are documented in NIST SP800-86

Evidence collection order
Data integrity
Data preservation
Volatile data collection

Apply the VERIS schema categories to a given incident

See Exam Track...

Exam 210-250 SECFND: Understanding Cisco Cyber security Fundamentals

This exam will test your understanding of cyber security’s basic principles, foundational knowledge, and core skills needed to grasp the more advanced associate-level materials in the 210-255 SECFND exam.

Questions: 55-60 in total
Duration: 90 minutes
Available Languages: English

Exam 210-255 SECOPS: Implementing Cisco Cyber security Operations

This exam will test your knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a SOC.

Questions: 55-60 in total
Duration: 90 minutes
Available Languages: English

Passes in both exams are required to achieve certification.

See What's Included...

As part of your accelerated course, you'll receive the following official Cisco digital courseware which includes the accompanying official Cisco lab access:

Understanding Cisco Cyber Security Fundamentals (SECFND) v1.0

You will also be provided with supplemental digital and printed materials to be used as preparation for the SECOPS exam, including guidelines from NIST and the CVSS specification document.

Your Certified Cisco Systems Instructor will also provide you with supplementary material to support your exam practice.

Your accelerated course includes:

Accommodation
Meals, unlimited snacks, beverages, tea and coffee
Onsite exams
Examination vouchers*
Practice tests**
Certification Guarantee***
Courseware
Up-to 12 hours of instructor-led training each day
24-hour lab access
Hands-on training through Lecture | Lab | Review^TM
Digital courseware (if available)

* Exam vouchers may not be included for Apprentices and will require a separate purchase by an employer due to ESFA guidelines
** Some exceptions apply.
*** Pass first time or train again free (just pay for accommodation, exams and incidental costs)

See Prerequisites...

There are no official prerequisites for this course, but it is recommended that you have previously studied Cisco's ICND1 or CompTIA's Security+ certification.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.

See Dates...

Cisco Course Dates

Cisco - CCNA Cyber Ops
Start	Finish	Status	Book now
9/3/2020 (Monday)	14/3/2020 (Saturday)	Limited availability	Book now

Here's the Firebrand Training review section. Since 2001 we've trained exactly 75078 students and asked them all to review our Accelerated Learning. Currently, 96.79% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.

"Great Experience, Knowledge & environment. Instructor is very helpful and encouraging. I'll recommend it to my friends. "
Ahmed Khan, NHS. (25/3/2019 to 30/3/2019)

"The instructor was excellent at preparing students to pass the exam, ensuring all key topics were covered and understood by the students."
Anonymous. (25/3/2019 to 30/3/2019)

"This was an intense course with little opportunity for rest, however the content was excellent and delivery was thorough, so it was well worth the effort."
A.R.. (30/7/2018 to 5/8/2018)

"On my arrival I was made to feel extremely welcome . The aims and objectives were clearly explained. The training is fast pace and you must come here with an understanding that you will be consumed with the training."
J.P.. (30/7/2018 to 5/8/2018)

"Long days, but very good."
Brendan Tether, network rail. (30/7/2018 to 5/8/2018)