There is a growing need for security professionals in the business world. As awareness of security threats grow, businesses of all sizes are beginning to understand the need for increased preparedness against these threats. Our CCNA Cyber Ops Boot Camp is an excellent starting point for those interested in a career in this exciting, challenging and growing field.

This boot camp builds your foundation of cybersecurity knowledge and skills — with the goal of preparing you for the responsibilities of an entry-level security analyst working in a SOC. It also prepares you to validate your new skills by earning your CCNA Cyber Ops certification.

• Two days of intense instruction with an expert instructor
• Infosec digital courseware (physical textbooks available to purchase)
• 90-day access to replays of daily lessons (Flex Pro)
• CCNA Cyber Ops exam vouchers (210-250 and 210-255)
  • In class: Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0
  • Post class: Implementing Cisco Cybersecurity Operations (SECOPS) v1.0
• 4-month subscription to Infosec Skills
• 100% Satisfaction Guarantee
• Exam Pass Guarantee (Flex Pro)

Infosec’s CCNA materials are always up to date and synchronized with the latest Cisco exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

• Network engineers
• Network administrators
• Systems administrators
• System engineers
• IT managers/directors
• Anyone looking to improve their network skills

This boot camp goes in-depth into the fundamentals of security and prepares you to pass the first (210-250) of the two exams needed earn the CCNA Cyber Ops certification. You will be introduced to fundamental security concepts, with a focus on how these concepts are presented on the test.

Topics covered in the exam include:

• Network concepts
• Security concepts
• Cryptography
• Host-based analysis
• Security monitoring
• Attack methods

After completing the bootcamp, you will receive access to the training content for the second exam (210-255) required to earn the CCNA Cyber Ops certification. With four-months unlimited access to the state-of-the art Infosec Skills online training platform, you will be able to prepare for the SECOPS exam at your own pace and also brush up your knowledge on other topics by exploring over 500 courses.

Topics covered in the exam include:

• Endpoint threat analysis and computer forensics
• Network intrusion analysis
• Incident response
• Data and event analysis
• Incident handling

CCNA Cyber Ops – Understanding Cisco Cyber Security Fundamentals (200-250)

Network concepts

• Function of the network layers as specified by the OSI and the TCP/IP network models
• Understanding the operation of the following:
  • IP
  • TCP
  • UDP
  • ICMP
• Operation of common network services
  • ARP
  • DNS
  • DHCP
• Basic operation of different network device types
  • Router
  • Switch
  • Hub
  • Bridge
  • Wireless access point (WAP)
  • Wireless LAN controller (WLC)
• Functions of common network security systems as deployed on the host, network or the cloud:
  • Firewall
  • Cisco Intrusion Prevention System (IPS)
  • Cisco Advanced Malware Protection (AMP)
  • Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
  • Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)
• IP subnets and communication within an IP subnet and between IP subnets
• Relationship between VLANs and data visibility
• Operation of ACLs applied as packet filters on the interfaces of network devices
• Deep packet inspection compared to packet filtering and stateful firewall operation
• Inline traffic interrogation compared to taps or traffic mirroring
• Characteristics of data obtained from taps or traffic mirroring compared to NetFlow in the analysis of network traffic
• Identifying potential data loss from provided traffic profiles

Security concepts

• Principles of the defense in depth strategy
• Understanding key cybersecurity risk concepts
  • Risk
  • Threat
  • Vulnerability
  • Exploit
• Understanding key terminology
  • Threat actor
  • Run book automation (RBA)
  • Chain of custody (evidentiary)
  • Reverse engineering
  • Sliding window anomaly detection
  • PII
  • PHI
• Understanding key security terminology
  • Principle of least privilege
  • Risk scoring/risk weighting
  • Risk reduction
  • Risk assessment
• Access control models
  • Discretionary access control
  • Mandatory access control
  • Nondiscretionary access control
• Understanding key network security terminology
  • Network and host antivirus
  • Agentless and agent-based protections
  • SIEM and log collection
• Understanding key security management concepts
  • Asset management
  • Configuration management
  • Mobile device management
  • Patch management
  • Vulnerability management

Cryptography

• Uses of a hash algorithm
• Uses of encryption algorithms
• Symmetric and asymmetric encryption algorithms
• Processes of digital signature creation and verification
• Understanding the operation of a PKI
• Security impact of commonly used hash algorithms
  • MD5
  • SHA-1
  • SHA-256
  • SHA-512
• Security impact of commonly used encryption algorithms and secure communications protocols
  • DES
  • 3DES
  • AES
  • AES256-CTR
  • RSA
  • DSA
  • SSH
  • SSL/TLS
• How the success or failure of a cryptographic exchange impacts security investigation
  • Understanding key items related to SSL/TLS
  • Cipher-suite
  • X.509 certificates
  • Key exchange
  • Protocol version
  • PKCS

Host-based analysis

• Understanding important terminology related to Microsoft Windows OS
  • Processes
  • Threads
  • Memory allocation
  • Windows Registry
  • WMI
  • Handles
  • Services
• Understanding key terminology pertaining to Linux
  • Processes
  • Forks
  • Permissions
  • Symlinks
  • Daemon
• Functionality of endpoint technologies in regards to security monitoring
  • Host-based intrusion detection
  • Antimalware and antivirus
  • Host-based firewall
  • Application-level whitelisting/blacklisting
  • Systems-based sandboxing (such as Chrome, Java, Adobe reader)
• Interpreting operating system log data to identify an event
  • Windows security event logs
  • Unix-based syslog
  • Apache access logs
  • IIS access logs

Security monitoring

• Identifying the types of data provided by common security technologies
  • TCP Dump
  • NetFlow
  • Next-Gen firewall
  • Traditional stateful firewall
  • Application visibility and control
  • Web content filtering
  • Email content filtering
• Types of data used in security monitoring
  • Full packet capture
  • Session data
  • Transaction data
  • Statistical data
  • Extracted content
  • Alert data
• Understanding security monitoring concepts
  • Access control list
  • NAT/PAT
  • Tunneling
  • TOR
  • Encryption
  • P2P
  • Encapsulation
  • Load balancing
• NextGen IPS event types
  • Connection event
  • Intrusion event
  • Host or endpoint event
  • Network discovery event
  • NetFlow event
• Function of common protocols in the context of security monitoring
  • DNS
  • NTP
  • SMTP/POP/IMAP
  • HTTP/HTTPS

Attack methods

• Difference between an attack surface and vulnerability
• Common network attacks
  • Denial of service
  • Distributed denial of service
  • Man-in-the-middle
• Common web application attacks
  • SQL injection
  • Command injections
  • Cross-site scripting
• Social engineering, phishing, and evasion methods
• Common endpoint-based attacks
  • Buffer overflows
  • Command and control (C2)
  • Malware
  • Rootkit
  • Port scanning
  • Host profiling
• Common evasion methods
  • Encryption and tunneling
  • Resource exhaustion
  • Traffic fragmentation
  • Protocol-level misinterpretation
  • Traffic substitution and insertion
  • Pivot
• Privilege escalation
• Difference between remote exploits and local exploits

CCNA Cyber Ops – Implementing Cisco Cybersecurity Operations (210-255)

Endpoint threat analysis and computer forensics

• Interpreting the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
• Understanding important terminology as defined in the CVSS 3.0 (attack vector, attack complexity, scope, etc.)
• Understanding key concepts pertaining to the Microsoft Windows file system (FAT32, NTFS, alternative data streams, etc.)
• Understanding key concepts pertaining to the Linux file system (EXT4, journaling, MBR, etc.)
• Three types of evidence (best, corroborative, indirect)
• Altered and unaltered disk image
• Role of attribution in an investigation

Network intrusion analysis

• Interpreting basic regular expressions
• Understanding the fields in common protocol headers (Ethernet frame, IPv4, IPv6, HTTP, etc.) as they relate to intrusion analysis
• Identifying the elements from a NetFlow v5 record from a security event
• Identifying key elements (source address/port, destination address/port, payload, etc.) in an intrusion from a PCAP file
• Extracting files from a TCP stream with Wireshark
• Interpreting common artifact elements from an event to identify an alert
• Mapping events to common source technologies (NetFlow, IDS/IPS, firewall, etc.)
• Evaluating impact of true/false positives/negatives
• Interpreting an intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

Incident response

• Essential elements of an incident response plan as stated in NIST.SP800-61 r2
• Mapping elements to steps of analysis based on the NIST.SP800-61 r2
• Mapping the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61r2)
• Goals of different types of CSIRT (internal CSIRT, national CSIRT, coordination center, etc.)
• Understanding elements used for network profiling (total throughput, session duration, ports used, etc.)
• Understanding elements used for server profiling (listening ports, logged in users/service accounts, running processes, etc.)
• Mapping data types to compliance frameworks: PCI, HIPAA, SOX Act
• Identifying data elements that must be protected with regards to a specific standard (PCIDSS)

Data and event analysis

• Process of data normalization
• Interpreting common data values into a universal format
• 5-tuple correlation
• 5-tuple approach to isolate a compromised host in a grouped set of logs
• Using retrospective analysis method to find a malicious file
• Identifying potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
• Mapping DNS logs and HTTP logs together to find a threat actor
• Mapping DNS, HTTP and threat intelligence data together
• Identifying a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
• Differences between deterministic and probabilistic analysis

Incident handling

• Understanding types of intrusion events into these categories as defined by the Cyber Kill Chain Model
• Applying the NIST.SP800-61 r2 incident handling process to an event
• Incident handling activities
• Understanding evidence concepts as documented in NIST SP800-86 (evidence collection order, data integrity, data preservation, volatile data collection)
• Applying the VERIS schema categories to an incident