Hugendubel.info - Die B2B Online-Buchhandlung 

Merkliste
Die Merkliste ist leer.
Bitte warten - die Druckansicht der Seite wird vorbereitet.
Der Druckdialog öffnet sich, sobald die Seite vollständig geladen wurde.
Sollte die Druckvorschau unvollständig sein, bitte schliessen und "Erneut drucken" wählen.

Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

BuchKartoniert, Paperback
688 Seiten
Englisch
Pearsonerschienen am05.03.2021
Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide presents you with an organised test-preparation routine using proven series elements and techniques. Do I Know This Already? quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Master Cisco CyberOps Associate CBROPS 200-201 exam topicsAssess your knowledge with chapter-opening quizzesReview key concepts with exam preparation tasksPractice with realistic exam questions in the practice test software Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Leading Cisco technology expert Omar Santos shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.This complete study package includes A test-preparation routine proven to help you pass the examDo I Know This Already? quizzes, which enable you to decide how much time you need to spend on each sectionChapter-ending exercises, which help you drill on key concepts you must know thoroughlyThe powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reportsA video mentoring lesson from the authors Complete Video CourseA final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategiesStudy plan suggestions and templates to help you organise and optimise your study timemehr
Verfügbare Formate
BuchKartoniert, Paperback
EUR47,07
E-BookEPUBePub WasserzeichenE-Book
EUR40,49
E-BookPDF1 - PDF WatermarkE-Book
EUR40,49

Produkt

KlappentextCisco CyberOps Associate CBROPS 200-201 Official Cert Guide presents you with an organised test-preparation routine using proven series elements and techniques. Do I Know This Already? quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Master Cisco CyberOps Associate CBROPS 200-201 exam topicsAssess your knowledge with chapter-opening quizzesReview key concepts with exam preparation tasksPractice with realistic exam questions in the practice test software Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Leading Cisco technology expert Omar Santos shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.This complete study package includes A test-preparation routine proven to help you pass the examDo I Know This Already? quizzes, which enable you to decide how much time you need to spend on each sectionChapter-ending exercises, which help you drill on key concepts you must know thoroughlyThe powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reportsA video mentoring lesson from the authors Complete Video CourseA final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategiesStudy plan suggestions and templates to help you organise and optimise your study time
Details
ISBN/GTIN978-0-13-680783-4
ProduktartBuch
EinbandartKartoniert, Paperback
Verlag
Erscheinungsjahr2021
Erscheinungsdatum05.03.2021
Seiten688 Seiten
SpracheEnglisch
MasseBreite 195 mm, Höhe 237 mm, Dicke 36 mm
Gewicht1302 g
Artikel-Nr.56158844

Inhalt/Kritik

Inhaltsverzeichnis
Introduction xxviChapter 1 Cybersecurity Fundamentals 2"Do I Know This Already?" Quiz 3Foundation Topics 8Introduction to Cybersecurity 8 Cybersecurity vs. Information Security (Infosec) 8 The NIST Cybersecurity Framework 9 Additional NIST Guidance and Documents 9 The International Organization for Standardization 10Threats, Vulnerabilities, and Exploits 10 What Is a Threat? 10 What Is a Vulnerability? 11 What Is an Exploit? 13 Risk, Assets, Threats, and Vulnerabilities 15 Threat Actors 17 Threat Intelligence 17 Threat Intelligence Platform 19 Vulnerabilities, Exploits, and Exploit Kits 20 SQL Injection 21 HTML Injection 22 Command Injection 22 Authentication-Based Vulnerabilities 22 Cross-Site Scripting 25 Cross-Site Request Forgery 27 Cookie Manipulation Attacks 27 Race Conditions 27 Unprotected APIs 27 Return-to-LibC Attacks and Buffer Overflows 28 OWASP Top 10 29 Security Vulnerabilities in Open-Source Software 29Network Security Systems 30 Traditional Firewalls 30 Firewalls in the Data Center 42 Virtual Firewalls 44 Deep Packet Inspection 44 Next-Generation Firewalls 45Intrusion Detection Systems and Intrusion Prevention Systems 46 Pattern Matching and Stateful Pattern-Matching Recognition 47 Protocol Analysis 48 Heuristic-Based Analysis 49 Anomaly-Based Analysis 49 Global Threat Correlation Capabilities 50 Next-Generation Intrusion Prevention Systems 50 Firepower Management Center 50Advanced Malware Protection 50 AMP for Endpoints 50 AMP for Networks 53Web Security Appliance 54Email Security Appliance 58Cisco Security Management Appliance 60Cisco Identity Services Engine 60Security Cloud-Based Solutions 62 Cisco Cloud Email Security 62 Cisco AMP Threat Grid 62 Umbrella (OpenDNS) 63 Stealthwatch Cloud 63 CloudLock 64Cisco NetFlow 64Data Loss Prevention 65The Principles of the Defense-in-Depth Strategy 66Confidentiality, Integrity, and Availability: The CIA Triad 69 Confidentiality 69 Integrity 70 Availability 70Risk and Risk Analysis 70Personally Identifiable Information and Protected Health Information 72 PII 72 PHI 72Principle of Least Privilege and Separation of Duties 73 Principle of Least Privilege 73 Separation of Duties 73Security Operations Centers 74Playbooks, Runbooks, and Runbook Automation 75Digital Forensics 76Exam Preparation Tasks 78Chapter 2 Introduction to Cloud Computing and Cloud Security 82"Do I Know This Already?" Quiz 82Foundation Topics 84Cloud Computing and the Cloud Service Models 84Cloud Security Responsibility Models 86 Patch Management in the Cloud 88 Security Assessment in the Cloud 88DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 88 The Agile Methodology 89 DevOps 90 CI/CD Pipelines 90 The Serverless Buzzword 92 A Quick Introduction to Containers and Docker 92 Container Management and Orchestration 94Understanding the Different Cloud Security Threats 95 Cloud Computing Attacks 97Exam Preparation Tasks 99Chapter 3 Access Control Models 102"Do I Know This Already?" Quiz 102Foundation Topics 105Information Security Principles 105Subject and Object Definition 106Access Control Fundamentals 107 Identification 107 Authentication 108 Authorization 110 Accounting 110 Access Control Fundamentals: Summary 110Access Control Process 111 Asset Classification 112 Asset Marking 113 Access Control Policy 114 Data Disposal 114Information Security Roles and Responsibilities 115Access Control Types 117Access Control Models 119 Discretionary Access Control 121 Mandatory Access Control 122 Role-Based Access Control 123 Attribute-Based Access Control 125Access Control Mechanisms 127Identity and Access Control Implementation 129 Authentication, Authorization, and Accounting Protocols 130 Port-Based Access Control 135 Network Access Control List and Firewalling 138 Identity Management and Profiling 140 Network Segmentation 141 Intrusion Detection and Prevention 144 Antivirus and Antimalware 148Exam Preparation Tasks 149Chapter 4 Types of Attacks and Vulnerabilities 152"Do I Know This Already?" Quiz 152Foundation Topics 154Types of Attacks 154 Reconnaissance Attacks 154 Social Engineering 160 Privilege Escalation Attacks 162 Backdoors 163 Buffer Overflows and Code Execution 163 Man-in-the Middle Attacks 165 Denial-of-Service Attacks 166 Direct DDoS 166 Botnets Participating in DDoS Attacks 167 Reflected DDoS Attacks 167 Attack Methods for Data Exfiltration 168 ARP Cache Poisoning 169 Spoofing Attacks 170 Route Manipulation Attacks 171 Password Attacks 171 Wireless Attacks 172Types of Vulnerabilities 172Exam Preparation Tasks 174Chapter 5 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 178"Do I Know This Already?" Quiz 178Foundation Topics 182Cryptography 182 Ciphers and Keys 182 Keys 183 Key Management 183Block and Stream Ciphers 183 Block Ciphers 184 Stream Ciphers 184Symmetric and Asymmetric Algorithms 184 Symmetric Algorithms 184 Asymmetric Algorithms 185 Elliptic Curve 186 Quantum Cryptography 187 More Encryption Types 187Hashes 189 Hashed Message Authentication Code 191Digital Signatures 192 Digital Signatures in Action 192Next-Generation Encryption Protocols 195IPsec and SSL/TLS 196 IPsec 196 Secure Sockets Layer and Transport Layer Security 196 SSH 198Fundamentals of PKI 199 Public and Private Key Pairs 199 RSA Algorithm, the Keys, and Digital Certificates 199 Certificate Authorities 200Root and Identity Certificates 202 Root Certificate 202 Identity Certificates 204 X.500 and X.509v3 204 Authenticating and Enrolling with the CA 205 Public Key Cryptography Standards 206 Simple Certificate Enrollment Protocol 206Revoking Digital Certificates 207Using Digital Certificates 207 PKI Topologies 208 Cross-Certifying CAs 208Exam Preparation Tasks 209Chapter 6 Introduction to Virtual Private Networks (VPNs) 212"Do I Know This Already?" Quiz 212Foundation Topics 214What Are VPNs? 214Site-to-Site vs. Remote-Access VPNs 215An Overview of IPsec 216 IKEv1 Phase 1 217 IKEv1 Phase 2 220 IKEv2 222SSL VPNs 225 SSL VPN Design Considerations 227Exam Preparation Tasks 229Chapter 7 Introduction to Security Operations Management 232"Do I Know This Already?" Quiz 232Foundation Topics 235Introduction to Identity and Access Management 235 Phases of the Identity and Access Life Cycle 235 Password Management 236 Directory Management 241 Single Sign-On 243 Federated SSO 246Security Events and Log Management 251 Log Collection, Analysis, and Disposal 251 Security Information and Event Manager 255 Security Orchestration, Automation, and Response (SOAR) 257 SOC Case Management (Ticketing) Systems 257Asset Management 257 Asset Inventory 258 Asset Ownership 259 Asset Acceptable Use and Return Policies 259 Asset Classification 260 Asset Labeling 260 Asset and Information Handling 260 Media Management 260Introduction to Enterprise Mobility Management 261 Mobile Device Management 263Configuration and Change Management 268 Configuration Management 268 Change Management 270Vulnerability Management 273 Vulnerability Identification 273 Vulnerability Analysis and Prioritization 282 Vulnerability Remediation 286Patch Management 287Exam Preparation Tasks 291Chapter 8 Fundamentals of Intrusion Analysis 294"Do I Know This Already?" Quiz 294Foundation Topics 299Introduction to Incident Response 299The Incident Response Plan 301The Incident Response Process 302 The Preparation Phase 302 The Detection and Analysis Phase 302 Containment, Eradication, and Recovery 303 Post-Incident Activity (Postmortem) 304Information Sharing and Coordination 304Incident Response Team Structure 307 Computer Security Incident Response Teams 307 Product Security Incident Response Teams 309 National CSIRTs and Computer Emergency Response Teams 314 Coordination Centers 315 Incident Response Providers and Managed Security Service Providers (MSSPs) 315Common Artifact Elements and Sources of Security Events 316 The 5-Tuple 317 File Hashes 320 Tips on Building Your Own Lab 321 False Positives, False Negatives, True Positives, and True Negatives 326Understanding Regular Expressions 327Protocols, Protocol Headers, and Intrusion Analysis 330How to Map Security Event Types to Source Technologies 333Exam Preparation Tasks 335Chapter 9 Introduction to Digital Forensics 338"Do I Know This Already?" Quiz 338Foundation Topics 341Introduction to Digital Forensics 341The Role of Attribution in a Cybersecurity Investigation 342The Use of Digital Evidence 342 Defining Digital Forensic Evidence 343 Understanding Best, Corroborating, and Indirect or Circumstantial Evidence 343 Collecting Evidence from Endpoints and Servers 344 Using Encryption 345 Analyzing Metadata 345 Analyzing Deleted Files 346 Collecting Evidence from Mobile Devices 346 Collecting Evidence from Network Infrastructure Devices 346Evidentiary Chain of Custody 348Reverse Engineering 351Fundamentals of Microsoft Windows Forensics 353 Processes, Threads, and Services 353 Memory Management 356 Windows Registry 357 The Windows File System 359 FAT 360 NTFS 361Fundamentals of Linux Forensics 362 Linux Processes 362 Ext4 366 Journaling 366 Linux MBR and Swap File System 366Exam Preparation Tasks 367Chapter 10 Network Infrastructure Device Telemetry and Analysis 370"Do I Know This Already?" Quiz 370Foundation Topics 373Network Infrastructure Logs 373 Network Time Protocol and Why It Is Important 374 Configuring Syslog in a Cisco Router or Switch 376Traditional Firewall Logs 378 Console Logging 378 Terminal Logging 379 ASDM Logging 379 Email Logging 379 Syslog Server Logging 379 SNMP Trap Logging 379 Buffered Logging 379 Configuring Logging on the Cisco ASA 379Syslog in Large-Scale Environments 381 Splunk 381 Graylog 381 Elasticsearch, Logstash, and Kibana (ELK) Stack 382Next-Generation Firewall and Next-Generation IPS Logs 385NetFlow Analysis 395 What Is a Flow in NetFlow? 399 The NetFlow Cache 400 NetFlow Versions 401 IPFIX 402 IPFIX Architecture 403 IPFIX Mediators 404 IPFIX Templates 404 Commercial NetFlow Analysis Tools 404 Big Data Analytics for Cybersecurity Network Telemetry 411 Cisco Application Visibility and Control (AVC) 413Network Packet Capture 414 tcpdump 415 Wireshark 417Network Profiling 418 Throughput 419 Measuring Throughput 421 Used Ports 423 Session Duration 424 Critical Asset Address Space 424Exam Preparation Tasks 427Chapter 11 Endpoint Telemetry and Analysis 430"Do I Know This Already?" Quiz 430Foundation Topics 435Understanding Host Telemetry 435 Logs from User Endpoints 435 Logs from Servers 440Host Profiling 441 Listening Ports 441 Logged-in Users/Service Accounts 445 Running Processes 448 Applications Identification 450Analyzing Windows Endpoints 454 Windows Processes and Threads 454 Memory Allocation 456 The Windows Registry 458 Windows Management Instrumentation 460 Handles 462 Services 463 Windows Event Logs 466Linux and macOS Analysis 468 Processes in Linux 468 Forks 471 Permissions 472 Symlinks 479 Daemons 480 Linux-Based Syslog 481 Apache Access Logs 484 NGINX Logs 485Endpoint Security Technologies 486 Antimalware and Antivirus Software 486 Host-Based Firewalls and Host-Based Intrusion Prevention 488 Application-Level Whitelisting and Blacklisting 490 System-Based Sandboxing 491 Sandboxes in the Context of Incident Response 493Exam Preparation Tasks 494Chapter 12 Challenges in the Security Operations Center (SOC) 496"Do I Know This Already?" Quiz 496Foundation Topics 499Security Monitoring Challenges in the SOC 499 Security Monitoring and Encryption 500 Security Monitoring and Network Address Translation 501 Security Monitoring and Event Correlation Time Synchronization 502 DNS Tunneling and Other Exfiltration Methods 502 Security Monitoring and Tor 504 Security Monitoring and Peer-to-Peer Communication 505Additional Evasion and Obfuscation Techniques 506 Resource Exhaustion 508 Traffic Fragmentation 509 Protocol-Level Misinterpretation 510 Traffic Timing, Substitution, and Insertion 511 Pivoting 512Exam Preparation Tasks 517Chapter 13 The Art of Data and Event Analysis 520"Do I Know This Already?" Quiz 520Foundation Topics 522Normalizing Data 522 Interpreting Common Data Values into a Universal Format 523Using the 5-Tuple Correlation to Respond to Security Incidents 523Using Retrospective Analysis and Identifying Malicious Files 525 Identifying a Malicious File 526Mapping Threat Intelligence with DNS and Other Artifacts 527Using Deterministic Versus Probabilistic Analysis 527Exam Preparation Tasks 528Chapter 14 Classifying Intrusion Events into Categories 530"Do I Know This Already?" Quiz 530Foundation Topics 532Diamond Model of Intrusion 532Cyber Kill Chain Model 539 Reconnaissance 540 Weaponization 543 Delivery 544 Exploitation 545 Installation 545 Command and Control 546 Action on Objectives 547The Kill Chain vs. MITRE's ATT&CK 548Exam Preparation Tasks 550Chapter 15 Introduction to Threat Hunting 552"Do I Know This Already?" Quiz 552Foundation Topics 554What Is Threat Hunting? 554 Threat Hunting vs. Traditional SOC Operations vs. Vulnerability Management 555The Threat-Hunting Process 556 Threat-Hunting Maturity Levels 557Threat Hunting and MITRE's ATT&CK 558 Automated Adversarial Emulation 563Threat-Hunting Case Study 567Threat Hunting, Honeypots, Honeynets, and Active Defense 571Exam Preparation Tasks 571Chapter 16 Final Preparation 574Hands-on Activities 574Suggested Plan for Final Review and Study 574Summary 575Glossary of Key Terms 577Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 592Appendix B Understanding Cisco Cybersecurity Operations Fundamentals CBROPS 200-201 Exam Updates 614Online ElementsAppendix C Study PlannerGlossary of Key Terms9780136807834 TOC 10/13/2020mehr

Autor


Omar Santos is an active member of the security community, where he leads several industrywide initiatives. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of the critical infrastructure. Omar is the chair of the OASIS Common Security Advisory Framework (CSAF) technical committee, the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group, and the co-lead of the DEF CON Red Team Village.




Omar is the author of more than 20 books and video courses as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities.




Omar has been quoted by numerous media outlets, such as TheRegister, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune Magazine, Ars Technica, and more. You can follow Omar on Twitter @santosomar.