Implementing Cisco Cybersecurity Operations [SECOPS]
€2995, aangeboden door Global Knowledge
OVERVIEW
This is the second course in Cisco's CCNA Cyber Ops Curriculum and is designed to provide students with an understanding of how a Security Operations Center (SOC) functions and the knowledge required in this environment. This course focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity and how to use a playbook for incident response.
OBJECTIVES
After completing this course you should be able to:
- Define a SOC and the various job roles in a SOC
- Understand SOC infrastructure tools and systems
- Learn basic incident analysis for a threat centric SOC
- Explore resources available to assist with an investigation
- Explain basic event correlation and normalization
- Describe common attack vectors
- Learn how to identifying malicious activity
- Understand the concept of a playbook
- Describe and explain an incident respond handbook
- Define types of SOC Metrics
- Understand SOC Workflow Management system and automation
AUDIENCE
Individuals interested in a career in cybersecurity,or looking to understand more about cybersecurity operations, or working towards their CCNA Cyber OPs certification.
CERTIFICATION
Recommended as preparation for the following exam(s):
- 210-255 - SECOPS
This is one of two exams required to achieve the CCNA Cyber Ops Certification
CONTENT
SOC Overview
- Defining the Security Operations Center
- Understanding NSM Tools and Data
- Understanding Incident Analysis in a Threat-Centric SOC
- Identifying Resources for Hunting Cyber Threats
Security Incident Investigations
- Understanding Event Correlation and Normalization
- Identifying Common Attack Vectors
- Identifying Malicious Activity
- Identifying Patterns of Susupicious Behavior
- Conducting Security Incident Investigations
SOC Operations
- Describing the SOC Playbook
- Understanding the SOC Metrics
- Understanding the SOC WMS and Automation
- Describing the Incident Response Plan
- Appendix A - Describing the Computer Security Incident Response Team
- Appendix B - Understanding the use of VERIS
Labs
- Guided Lab 1: Explore Network Security Monitoring Tools
- Discovery 1: Investigate Hacker Methodology
- Discovery 2: Hunt Malicious Traffic
- Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack
- Discovery 4: Investigate Browser-Based Attacks
- Discovery 5: Analyze Suspicious DNS Activity
- Discovery 6: Investigate Suspicious Activity Using Security Onion
- Discovery 7: Investigate Advanced Persistent Threats
- Discovery 8: Explore SOC Playbooks