Cisco CCNA Cyber Ops

- Bare 6 dager

This certification will retire on 23rd February 2020. Build the same skills fast on the new CCNA. Find out more.

On this 6-day accelerated CCNA Cyber Ops course, you’ll develop the skills to detect cyber security breaches and effectively respond to security incidents.

You’ll be trained by Cisco Certified Trainers who, through our unique Lecture | Lab | Review technique, will take you through key security principles and provide hands-on, practical examples. This technique will help you better retain knowledge and will ensure you are capable of applying your skills to real-life scenarios.

Les mer...

Upon completing this certification you will have:

  • the skills to prepare for more advanced job roles in cyber security operations
  • a basic understanding of Security Operations Centre (SOC) teams including an understanding of the type of metrics used to detect and respond to security incidents
  • an understanding of how to protect your organisation’s information from common attack vectors and endpoint attacks
  • knowledge in security monitoring, including identifying sources and types of data and events.
  • knowledge of how organisations are detecting and responding to cyber crime, cyber espionage, insider threats, advanced persistent threats and regulatory requirements
  • an understanding of security challenges involved with network applications

You'll also be prepared to sit exams 210-250 SECFND: Understanding Cisco Cyber security Fundamentals and 210-255 SECOPS: Implementing Cisco Cyber security Operations. You'll sit these at the Firebrand Training Centre as part of the course, covered by your Certification Guarantee.

This course, which is 40% faster than traditional training, is aimed at Security Operations Center (SOC) Analysts at an associate or beginner level. The certification does require some knowledge of basic cyber security technologies and principles.

Det vil ta deg bare et øyeblikk å se hvor billige våre kurs er...

Her er 8 grunner til hvorfor du skal gjennomføre ditt CCNA Cyber Ops hos Firebrand Training:

  1. Du blir utdannet og sertifisert på bare 6 dager. Hos oss får du din utdanning og sertifisering på rekordtid, en sertifisering du også gjennomfører der og da som en integrert del av den intensive, akselererte utdanningen.
  2. Alt er inkludert. Et engangsbeløp dekker alt kursmaterial, eksamen, kost og losji og tilbyr den mest kostnadseffektive måten å gjennomføre ditt CCNA Cyber Ops kurs og sertifisering på. Og dette uten noen uannonserte ytterligere kostnader.
  3. Du klarer sertifiseringen første gangen eller kan gå kurset om igjen kostnadsfritt. Det er vår garanti. Vi er sikre på at du vil klare din CCNA Cyber Ops sertifisering første gangen. Men skulle du mot formodning ikke gjøre det kan du innen et år komme tilbake og kun betale for eventuelle overnattinger og din eksamen. Alt annet er gratis.
  4. Du lærer deg mer.Tradisjonelle utdanningsdager varer fra kl. 09.00 til 16.00 med lange lunsj- og kaffepauser. Hos Firebrand Training får du minst 12 timers effektiv og fokusert kvalitetsutdanning hver dag sammen med din instruktør, uten private eller arbeidsrelaterte, forstyrrende momenter.
  5. Du lærer deg CCNA Cyber Ops raskere. Vi kombinerer de tre innlæringsmetodene (Presentasjon |Øving| Diskusjon) slik at vi gjennomfører kurset på en måte som sikrer at du lærer deg raskere og lettere.
  6. Du er i sikre hender.Vi har utdannet og sertifisert 72.589 personer, vi er partner med alle de store navn i bransjen og vi har vunnet atskillige utmerkelser, bla. a. "Årets Learning Partner 2010, 2011, 2012, 2013 og 2015” fra Microsoft Danmark og med en vekst på 1430 % siden 2009 er vi årets Gazelle prisvinner på Sjælland, Danmark.
  7. Du lærer deg ikke bare teorien. Vi har videreutviklet CCNA Cyber Ops kursen og tilbyr flere praktiske øvelser og sikrer på den måten, at du kan bruke dine ferdigheter for å løse daglige praktiske problemstillinger.
  8. Du lærer av de beste. Våre instruktører på CCNA Cyber Ops er de beste i bransjen og tilbyr en helt unik blanding av kunnskap, praktisk erfaring og pasjon for å lære bort.

Er du klar for kurset? Ta en GRATIS test for å måle og vurdere kunnskapsnivået ditt.

Use your Cisco Learning Credits (CLCs)

You may be entitled to free training via Cisco Learning Credits (CLCs). If you’ve bought Cisco hardware or software - check the invoice to see if you have credits waiting to be used! If you’re unsure, get in touch with us.

  • Get certified 40% faster: Be trained and certified in just 6 days, instead of traditional courses which take 11 days. You'll be back at work sooner, using your new skills to defend against cyber attacks.
  • Cisco Official Curriculum: access to the most up-to-date materials Cisco offer giving you the skills and knowledge aligned to the exam.
  • Cisco Certified Trainers: Our Cisco Certified Trainers have years of industry relevant experience that can be used to support and further enhance course material. Meaning you'll develop skills and knowledge that can't be accessed through curriculum alone.
  • Lecture | Lab | Review: This technique, used throughout Firebrand’s courses, makes use of a mixture of theoretical and practical material to help you retain information and develop the skills to apply your knowledge to real-world scenarios.

This course is designed to teach you fundamental knowledge for the core skills needed in a cyber security environment including basic security principles and concepts. The second half of this course will guide students through the principles of working in a Security Operations Centre.

SECFND Exam 210-250: Understanding Cisco Cybersecurity Fundamentals

Module 1: Network Concepts

  • Describe the function of the network layers as specified by the OSI and the TCP/IP  network models
  • Describe the operation of the following
    • IP
    • TCP
    • UDP
    • ICMP
  • Describe the operation of these network services
    • ARP
    • DNS
    • DHCP
  • Describe the basic operation of these network device types
    • Router
    • Switch
    • Hub
    • Bridge
    • Wireless access point (WAP)
    • Wireless LAN controller (WLC)
  • Describe the functions of these network security systems as deployed on the host, network, or the cloud:
    • Firewall
    • Cisco Intrusion Prevention System (IPS)
    • Cisco Advanced Malware Protection (AMP)
    • Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
    • Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)
  • Describe IP subnets and communication within an IP subnet and between IP subnets
    • Describe the relationship between VLANs and data visibility
    • Describe the operation of ACLs applied as packet filters on the interfaces of network devices
    • Compare and contrast deep packet inspection with packet filtering and stateful firewall operation
    • Compare and contrast inline traffic interrogation and taps or traffic mirroring
    • Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
    • Identify potential data loss from provided traffic profiles

Module 2: Security Concepts

  • Describe the principles of the defense in depth strategy
  • Compare and contrast these concepts:
    • Risk
    • Threat
    • Vulnerability
    • Exploit
  • Describe these terms:
    • Threat actor
    • Run book automation (RBA)
    • Chain of custody (evidentiary)
    • Reverse engineering
    • Sliding window anomaly detection
    • PII
    • PHI
  • Describe these security terms:
    • Principle of least privilege
    • Risk scoring/risk weighting
    • Risk reduction
    • Risk assessment
  • Compare and contrast these access control models:
    • Discretionary access control
    • Mandatory access control
    • Nondiscretionary access control
  • Compare and contrast these terms:
    • Network and host antivirus
    • Agentless and agent-based protections
    • SIEM and log collection
  • Describe these concepts:
    • Asset management
    • Configuration management
    • Mobile device management
    • Patch management
    • Vulnerability management

Module 3: Cryptography

  • Describe the uses of a hash algorithm
  • Describe the uses of encryption algorithms
  • Compare and contrast symmetric and asymmetric encryption algorithms
  • Describe the processes of digital signature creation and verification
  • Describe the operation of a PKI
  • Describe the security impact of these commonly used hash algorithms:
    • MD5
    • SHA-1
    • SHA-256
    • SHA-512
  • Describe the security impact of these commonly used encryption algorithms and secure communications protocols:
    • DES
    • 3DES
    • AES
    • AES256-CTR
    • RSA
    • DSA
    • SSH
    • SSL/TLS
  • Describe how the success or failure of a cryptographic exchange impacts security investigation
  • Describe these items in regards to SSL/TLS:
    • Cipher-suite
    • 509 certificates
    • Key exchange
    • Protocol version
    • PKCS

Module 4: Host-Based Analysis

  • Define these terms as they pertain to Microsoft Windows
    • Processes
    • Threads
    • Memory allocation
    • Windows Registry
    • WMI
    • Handles
    • Services
  • Define these terms as they pertain to Linux
    • Processes
    • Forks
    • Permissions
    • Symlinks
    • Daemon
  • Describe the functionality of these endpoint technologies in regards to security monitoring
    • Host-based intrusion detection
    • Antimalware and antivirus
    • Host-based firewall
    • Application-level whitelisting/blacklisting
    • Systems-based sandboxing (such as Chrome, Java, Adobe reader)
  • Interpret these operating system log data to identify an event
    • Windows security event logs
    • Unix-based syslog
    • Apache access logs
    • IIS access logs

Module 5: Security Monitoring

  • Identify the types of data provided by these technologies
    • TCP Dump
    • NetFlow
    • Next-Gen firewall
    • Traditional stateful firewall
    • Application visibility and control
    • Web content filtering
    • Email content filtering
  • Describe these types of data used in security monitoring
    • Full packet capture
    • Session data
    • Transaction data
    • Statistical data
    • Extracted content
    • Alert data
  • Describe these concepts as they relate to security monitoring
    • Access control list
    • NAT/PAT
    • Tunneling
    • TOR
    • Encryption
    • P2P
    • Encapsulation
    • Load balancing
  • Describe these NextGen IPS event types
    • Connection event
    • Intrusion event
    • Host or endpoint event
    • Network discovery event
    • NetFlow event
  • Describe the function of these protocols in the context of security monitoring
    • DNS
    • NTP
    • SMTP/POP/IMAP
    • HTTP/HTTPS

Module 6: Attack Methods

  • Compare and contrast an attack surface and vulnerability
  • Describe these network attacks
    • Denial of service
    • Distributed denial of service
    • Man-in-the-middle
  • Describe these web application attacks
    • SQL injection
    • Command injections
    • Cross-site scripting
  • Describe these attacks
    • Social engineering
    • Phishing
    • Evasion methods
  • Describe these endpoint-based attacks
    • Buffer overflows
    • Command and control (C2)
    • Malware
    • Rootkit
    • Port scanning
    • Host profiling
  • Describe these evasion methods
    • Encryption and tunneling
    • Resource exhaustion
    • Traffic fragmentation
    • Protocol-level misinterpretation
    • Traffic substitution and insertion
    • Pivot
  • Define privilege escalation
  • Compare and contrast remote exploit and a local exploit

SECOPS Exam 210-255: Implementing Cisco Cybersecurity Operations

The exam modules are as follows, below. Your Certified Cisco Systems Instructor will provide you with Cisco-recommended digital and printed content which will be used as preparation for the SECOPS exam. The instructor will facilitate study sessions, designed to best prepare you for the exam.

Module 1: Endpoint Threat Analysis and Computer Forensics

  • Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
  • Describe these terms as they are defined in the CVSS 3.0:
    • Attack vector
    • Attack complexity
    • Privileges required
    • User interaction
    • Scope
  • Describe these terms as they are defined in the CVSS 3.0
    • Confidentiality
    • Integrity
    • Availability
  • Define these items as they pertain to the Microsoft Windows file system
    • FAT32
    • NTFS
    • Alternative data streams
    • MACE
    • EFI
    • Free space
    • Timestamps on a file system
  • Define these terms as they pertain to the Linux file system
    • EXT4
    • Journaling
    • MBR
    • Swap file system
    • MAC
  • Compare and contrast three types of evidence
    • Best evidence
    • Corroborative evidence
    • Indirect evidence
  • Compare and contrast two types of image
    • Altered disk image
    • Unaltered disk image
  • Describe the role of attribution in an investigation
    • Assets
    • Threat actor

Module 2: Network Intrusion Analysis

  • Interpret basic regular expressions
  • Describe the fields in these protocol headers as they relate to intrusion analysis:
    • Ethernet frame
    • IPv4
    • IPv6
    • TCP
    • UDP
    • ICMP
    • HTTP
  • Identify the elements from a NetFlow v5 record from a security event
  • Identify these key elements in an intrusion from a given PCAP file
    • Source address
    • Destination address
    • Source port
    • Destination port
    • Protocols
    • Payloads
  • Extract files from a TCP stream when given a PCAP file and Wireshark
  • Interpret common artifact elements from an event to identify an alert
    • IP address (source / destination)
    • Client and Server Port Identity
    • Process (file or registry)
    • System (API calls)
    • Hashes
    • URI / URL
  • Map the provided events to these source technologies
    • NetFlow
    • IDS / IPS
    • Firewall
    • Network application control
    • Proxy logs
    • Antivirus
  • Compare and contrast impact and no impact for these items
    • False Positive
    • False Negative
    • True Positive
    • True Negative
  • Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

Module 3: Incident Response

  • Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
  • Map elements to these steps of analysis based on the NIST.SP800-61 r2
    • Preparation
    • Detection and analysis
    • Containment, eradication, and recovery
    • Post-incident analysis (lessons learned)
  • Map the organisation stakeholders against the NIST IR categories (C2M2, SP800-61 r2)
    • Preparation
    • Detection and analysis
    • Containment, eradication, and recovery
    • Post-incident analysis (lessons learned)
  • Describe the goals of the given CSIRT
    • Internal CSIRT
    • National CSIRT
    • Coordination centers
    • Analysis centers
    • Vendor teams
    • Incident response providers (MSSP)
  • Identify these elements used for network profiling
    • Total throughput
    • Session duration
    • Ports used
    • Critical asset address space
  • Identify these elements used for server profiling
    • Listening ports
    • Logged in users/service accounts
    • Running processes
    • Running tasks
    • Applications
  • Map data types to these compliance frameworks
    • PCI
    • HIPPA (Health Insurance Portability and Accountability Act)
    • SOX
  • Identify data elements that must be protected with regards to a specific standard (PCI-DSS)

Module 4: Data and Event Analysis

  • Describe the process of data normalisation
  • Interpret common data values into a universal format
  • Describe 5-tuple correlation
  • Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs
  • Describe the retrospective analysis method to find a malicious file, provided file analysis report
  • Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
  • Map DNS logs and HTTP logs together to find a threat actor
  • Map DNS, HTTP, and threat intelligence data together
  • Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower   management console
  • Compare and contrast deterministic and probabilistic analysis

Module 5: Incident Handling

  • Classify intrusion events into these categories as defined in the diamond model of intrusion
    • Reconnaissance
    • Weaponisation
    • Delivery
    • Exploitation
    • Installation
    • Command and control
    • Action on objectives
  • Apply the NIST.SP800-61 r2 incident handling process to an event
  • Define these activities as they relate to incident handling
    • Identification
    • Scoping
    • Containment
    • Remediation
    • Lesson-based hardening
    • Reporting
  • Describe these concepts as they are documented in NIST SP800-86
    • Evidence collection order
    • Data integrity
    • Data preservation
    • Volatile data collection
  • Apply the VERIS schema categories to a given incident

Exam 210-250 SECFND: Understanding Cisco Cyber security Fundamentals

This exam will test your understanding of cyber security’s basic principles, foundational knowledge, and core skills needed to grasp the more advanced associate-level materials in the 210-255 SECFND exam.

  • Questions: 55-60 in total
  • Duration: 90 minutes
  • Available Languages: English

Exam 210-255 SECOPS: Implementing Cisco Cyber security Operations

This exam will test your knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a SOC.

  • Questions: 55-60 in total
  • Duration: 90 minutes
  • Available Languages: English

Passes in both exams are required to achieve certification.

As part of your accelerated course, you'll receive the following official Cisco digital courseware which includes the accompanying official Cisco lab access:

  • Understanding Cisco Cyber Security Fundamentals (SECFND) v1.0

You will also be provided with supplemental digital and printed materials to be used as preparation for the SECOPS exam, including guidelines from NIST and the CVSS specification document.

Your Certified Cisco Systems Instructor will also provide you with supplementary material to support your exam practice.

There are no official prerequisites for this course, but it is recommended that you have previously studied Cisco's ICND1 or CompTIA's Security+ certification.

Cisco CCNA Cyber Ops Kursdatoer

Cisco - CCNA Cyber Ops

Start

Slutt

Kapasitet

Registrer deg

24/2/2020 (Mandag)

29/2/2020 (Lørdag)

Ledige plasser

Registrer deg

Vi har lært opp 72.589 personer på 12 år. Vi ba dem om å anmelde vår akselererte opplæring. Akkurat nå har 96,77% angitt at Firebrand overgikk forventningene:

"Great Experience, Knowledge & environment. Instructor is very helpful and encouraging. I'll recommend it to my friends. "
Ahmed Khan, NHS. (25/3/2019 til 30/3/2019)

"The instructor was excellent at preparing students to pass the exam, ensuring all key topics were covered and understood by the students."
Anonymous. (25/3/2019 til 30/3/2019)

"This was an intense course with little opportunity for rest, however the content was excellent and delivery was thorough, so it was well worth the effort."
A.R.. (30/7/2018 til 5/8/2018)

"On my arrival I was made to feel extremely welcome . The aims and objectives were clearly explained. The training is fast pace and you must come here with an understanding that you will be consumed with the training."
J.P.. (30/7/2018 til 5/8/2018)

"Long days, but very good."
Brendan Tether, network rail. (30/7/2018 til 5/8/2018)

Siste anmeldelser fra studenten vår