CCNA Cyber Ops SECFND #210-250 Official Cert Guide Summary
CCNA Cyber Ops SECFND #210-250 Official Cert Guide by Omar Santos
CCNA Cyber Ops SECFND 210-250 Official Cert Guide from Cisco Press allows you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco enterprise security experts Omar Santos, Joseph Muniz, and Stefano De Crescenzo share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
This complete study package includes
A test-preparation routine proven to help you pass the exam
Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section
Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
The powerful Pearson Test Prep practice test software, with two full sample exams containing 120 well-reviewed, exam-realistic questions, customization options, and detailed performance reports
A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.
The official study guide helps you master topics on the CCNA Cyber Ops SECFND 210-250 exam, including:
Why buy from World of Books
Our excellent value books literally don't cost the earth
Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.
Omar is the author of over a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar's current projects can be found at omarsantos.io, and you can follow Omar on Twitter @santosomar.
Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the U.S. government. Joseph's current role gives him visibility into the latest trends in cyber security, from both leading vendors and customers. Examples of Joseph's research include his RSA talk titled "Social Media Deception," which has been quoted by many sources (search for "Emily Williams Social Engineering"), as well as his articles in PenTest Magazine regarding various security topics.
Joseph runs The Security Blogger website, a popular resource for security, hacking, and product implementation. He is the author and contributor of several publications covering various penetration testing and security topics.
You can follow Joseph at www. thesecurityblogger.com and @SecureBlogger.
Stefano De Crescenzo is a senior incident manager with the Cisco Product Security Incident Response Team (PSIRT), where he focuses on product vulnerability management and Cisco products forensics. He is the author of several blog posts and white papers about security best practices and forensics. He is an active member of the security community and has been a speaker at several security conferences.
Stefano specializes in malware detection and integrity assurance in critical infrastructure devices, and he is the author of integrity assurance guidelines for Cisco IOS, IOS-XE, and ASA.
Stefano holds a B.Sc. and M.Sc. in telecommunication engineering from Politecnico di Milano, Italy, and an M.Sc. in telecommunication from Danish Technical University, Denmark. He is currently pursuing an Executive MBA at Vlerick Business School in Belgium. He also holds a CCIE in Security #26025 and is CISSP and CISM certified.
Table of Contents
Introduction xxv Part I Network Concepts Chapter 1 Fundamentals of Networking Protocols and Networking Devices 3 "Do I Know This Already?" Quiz 3 Foundation Topics 6 TCP/IP and OSI Model 6 TCP/IP Model 6 Open System Interconnection Model 12 Layer 2 Fundamentals and Technologies 16 Ethernet LAN Fundamentals and Technologies 16 Ethernet Devices and Frame-Forwarding Behavior 20 Wireless LAN Fundamentals and Technologies 35 Internet Protocol and Layer 3 Technologies 43 IPv4 Header 45 IPv4 Fragmentation 47 IPv4 Addresses and Addressing Architecture 48 IP Addresses Assignment and DHCP 57 IP Communication Within a Subnet and Address Resolution Protocol (ARP) 60 Intersubnet IP Packet Routing 61 Routing Tables and IP Routing Protocols 64 Internet Control Message Protocol (ICMP) 69 Domain Name System (DNS) 71 IPv6 Fundamentals 75 IPv6 Header 78 IPv6 Addressing and Subnets 79 Special and Reserved IPv6 Addresses 82 IPv6 Addresses Assignment, Neighbor Discovery Protocol, and DHCPv6 83 Transport Layer Technologies and Protocols 89 Transmission Control Protocol (TCP) 90 User Datagram Protocol (UDP) 98 Exam Preparation Tasks 100 Review All Key Topics 100 Complete Tables and Lists from Memory 103 Define Key Terms 103 Q&A 103 References and Further Reading 106 Chapter 2 Network Security Devices and Cloud Services 109 "Do I Know This Already?" Quiz 109 Foundation Topics 112 Network Security Systems 112 Traditional Firewalls 112 Application Proxies 117 Network Address Translation 117 Stateful Inspection Firewalls 120 Next-Generation Firewalls 126 Personal Firewalls 128 Intrusion Detection Systems and Intrusion Prevention Systems 128 Next-Generation Intrusion Prevention Systems 133 Advance Malware Protection 133 Web Security Appliance 137 Email Security Appliance 140 Cisco Security Management Appliance 142 Cisco Identity Services Engine 143 Security Cloud-based Solutions 144 Cisco Cloud Web Security 145 Cisco Cloud Email Security 146 Cisco AMP Threat Grid 147 Cisco Threat Awareness Service 147 OpenDNS 148 CloudLock 148 Cisco NetFlow 149 What Is the Flow in NetFlow? 149 NetFlow vs. Full Packet Capture 151 The NetFlow Cache 151 Data Loss Prevention 152 Exam Preparation Tasks 153 Review All Key Topics 153 Complete Tables and Lists from Memory 154 Define Key Terms 154 Q&A 154 Part II Security Concepts Chapter 3 Security Principles 159 "Do I Know This Already?" Quiz 159 Foundation Topics 162 The Principles of the Defense-in-Depth Strategy 162 What Are Threats, Vulnerabilities, and Exploits? 166 Vulnerabilities 166 Threats 167 Exploits 170 Confidentiality, Integrity, and Availability: The CIA Triad 171 Confidentiality 171 Integrity 171 Availability 171 Risk and Risk Analysis 171 Personally Identifiable Information and Protected Health Information 173 PII 173 PHI 174 Principle of Least Privilege and Separation of Duties 174 Principle of Least Privilege 174 Separation of Duties 175 Security Operation Centers 175 Runbook Automation 176 Forensics 177 Evidentiary Chain of Custody 177 Reverse Engineering 178 Exam Preparation Tasks 180 Review All Key Topics 180 Define Key Terms 180 Q&A 181 Chapter 4 Introduction to Access Controls 185 "Do I Know This Already?" Quiz 185 Foundation Topics 189 Information Security Principles 189 Subject and Object Definition 189 Access Control Fundamentals 190 Identification 190 Authentication 191 Authorization 193 Accounting 193 Access Control Fundamentals: Summary 194 Access Control Process 195 Asset Classification 195 Asset Marking 196 Access Control Policy 197 Data Disposal 197 Information Security Roles and Responsibilities 197 Access Control Types 199 Access Control Models 201 Discretionary Access Control 203 Mandatory Access Control 204 Role-Based Access Control 205 Attribute-Based Access Control 207 Access Control Mechanisms 210 Identity and Access Control Implementation 212 Authentication, Authorization, and Accounting Protocols 212 Port-Based Access Control 218 Network Access Control List and Firewalling 221 Identity Management and Profiling 223 Network Segmentation 223 Intrusion Detection and Prevention 227 Antivirus and Antimalware 231 Exam Preparation Tasks 233 Review All Key Topics 233 Complete Tables and Lists from Memory 234 Define Key Terms 234 Q&A 234 References and Additional Reading 237 Chapter 5 Introduction to Security Operations Management 241 "Do I Know This Already?" Quiz 241 Foundation Topics 244 Introduction to Identity and Access Management 244 Phases of the Identity and Access Lifecycle 244 Password Management 246 Directory Management 250 Single Sign-On 252 Federated SSO 255 Security Events and Logs Management 260 Logs Collection, Analysis, and Disposal 260 Security Information and Event Manager 264 Assets Management 265 Assets Inventory 266 Assets Ownership 267 Assets Acceptable Use and Return Policies 267 Assets Classification 268 Assets Labeling 268 Assets and Information Handling 268 Media Management 269 Introduction to Enterprise Mobility Management 269 Mobile Device Management 271 Configuration and Change Management 276 Configuration Management 276 Change Management 278 Vulnerability Management 281 Vulnerability Identification 281 Vulnerability Analysis and Prioritization 290 Vulnerability Remediation 294 Patch Management 295 References and Additional Readings 299 Exam Preparation Tasks 302 Review All Key Topics 302 Complete Tables and Lists from Memory 303 Define Key Terms 303 Q&A 303 Part III Cryptography Chapter 6 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 309 "Do I Know This Already?" Quiz 309 Foundation Topics 311 Cryptography 311 Ciphers and Keys 311 Symmetric and Asymmetric Algorithms 313 Hashes 314 Hashed Message Authentication Code 316 Digital Signatures 317 Key Management 320 Next-Generation Encryption Protocols 321 IPsec and SSL 321 Fundamentals of PKI 323 Public and Private Key Pairs 323 RSA Algorithm, the Keys, and Digital Certificates 324 Certificate Authorities 324 Root and Identity Certificates 326 Authenticating and Enrolling with the CA 328 Public Key Cryptography Standards 330 Simple Certificate Enrollment Protocol 330 Revoking Digital Certificates 330 Using Digital Certificates 331 PKI Topologies 331 Exam Preparation Tasks 334 Review All Key Topics 334 Complete Tables and Lists from Memory 334 Define Key Terms 335 Q&A 335 Chapter 7 Introduction to Virtual Private Networks (VPNs) 339 "Do I Know This Already?" Quiz 339 Foundation Topics 341 What Are VPNs? 341 Site-to-site vs. Remote-Access VPNs 341 An Overview of IPsec 343 IKEv1 Phase 1 343 IKEv1 Phase 2 345 IKEv2 348 SSL VPNs 348 SSL VPN Design Considerations 351 Exam Preparation Tasks 353 Review All Key Topics 353 Complete Tables and Lists from Memory 353 Define Key Terms 353 Q&A 353 Part IV Host-Based Analysis Chapter 8 Windows-Based Analysis 357 "Do I Know This Already?" Quiz 357 Foundation Topics 360 Process and Threads 360 Memory Allocation 362 Windows Registration 364 Windows Management Instrumentation 366 Handles 368 Services 369 Windows Event Logs 372 Exam Preparation Tasks 375 Review All Key Topics 375 Define Key Terms 375 Q&A 375 References and Further Reading 377 Chapter 9 Linux- and Mac OS X-Based Analysis 379 "Do I Know This Already?" Quiz 379 Foundation Topics 382 Processes 382 Forks 384 Permissions 385 Symlinks 390 Daemons 391 UNIX-Based Syslog 392 Apache Access Logs 396 Exam Preparation Tasks 398 Review All Key Topics 398 Complete Tables and Lists from Memory 398 Define Key Terms 398 Q&A 399 References and Further Reading 400 Chapter 10 Endpoint Security Technologies 403 "Do I Know This Already?" Quiz 403 Foundation Topics 406 Antimalware and Antivirus Software 406 Host-Based Firewalls and Host-Based Intrusion Prevention 408 Application-Level Whitelisting and Blacklisting 410 System-Based Sandboxing 411 Exam Preparation Tasks 414 Review All Key Topics 414 Complete Tables and Lists from Memory 414 Define Key Terms 414 Q&A 414 Part V Security Monitoring and Attack Methods Chapter 11 Network and Host Telemetry 419 "Do I Know This Already?" Quiz 419 Foundation Topics 422 Network Telemetry 422 Network Infrastructure Logs 422 Traditional Firewall Logs 426 Syslog in Large Scale Environments 430 Next-Generation Firewall and Next-Generation IPS Logs 437 NetFlow Analysis 445 Cisco Application Visibility and Control (AVC) 469 Network Packet Capture 470 Wireshark 473 Cisco Prime Infrastructure 474 Host Telemetry 477 Logs from User Endpoints 477 Logs from Servers 481 Exam Preparation Tasks 483 Review All Key Topics 483 Complete Tables and Lists from Memory 483 Define Key Terms 483 Q&A 484 Chapter 12 Security Monitoring Operational Challenges 487 "Do I Know This Already?" Quiz 487 Foundation Topics 490 Security Monitoring and Encryption 490 Security Monitoring and Network Address Translation 491 Security Monitoring and Event Correlation Time Synchronization 491 DNS Tunneling and Other Exfiltration Methods 491 Security Monitoring and Tor 493 Security Monitoring and Peer-to-Peer Communication 494 Exam Preparation Tasks 495 Review All Key Topics 495 Define Key Terms 495 Q&A 495 Chapter 13 Types of Attacks and Vulnerabilities 499 "Do I Know This Already?" Quiz 499 Foundation Topics 502 Types of Attacks 502 Reconnaissance Attacks 502 Social Engineering 504 Privilege Escalation Attacks 506 Backdoors 506 Code Execution 506 Man-in-the Middle Attacks 506 Denial-of-Service Attacks 507 Attack Methods for Data Exfiltration 510 ARP Cache Poisoning 511 Spoofing Attacks 512 Route Manipulation Attacks 513 Password Attacks 513 Wireless Attacks 514 Types of Vulnerabilities 514 Exam Preparation Tasks 518 Review All Key Topics 518 Define Key Terms 518 Q&A 518 Chapter 14 Security Evasion Techniques 523 "Do I Know This Already?" Quiz 523 Foundation Topics 526 Encryption and Tunneling 526 Key Encryption and Tunneling Concepts 531 Resource Exhaustion 531 Traffic Fragmentation 532 Protocol-Level Misinterpretation 533 Traffic Timing, Substitution, and Insertion 535 Pivoting 536 Exam Preparation Tasks 541 Review All Key Topics 541 Complete Tables and Lists from Memory 541 Define Key Terms 541 Q&A 541 References and Further Reading 543 Part VI Final Preparation Chapter 15 Final Preparation 545 Tools for Final Preparation 545 Pearson Cert Practice Test Engine and Questions on the Website 545 Customizing Your Exams 547 Updating Your Exams 547 The Cisco Learning Network 548 Memory Tables 548 Chapter-Ending Review Tools 549 Suggested Plan for Final Review/Study 549 Summary 549 Part VII Appendixes Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Questions 551 Glossary 571 Elements Available on the Book Website Appendix B Memory Tables Appendix C Memory Tables Answer Key Appendix D Study Planner 9781587147029, TOC, 3/9/2017
CCNA Cyber Ops SECFND #210-250 Official Cert Guide by Omar Santos
Pearson Education (US)
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a new book - be the first to read this copy. With untouched pages and a perfect binding, your brand new copy is ready to be opened for the first time.