CCNA Cyber Ops SECFND #210-250 Official Cert Guide

Features

• Authoritative coverage of every CCNA Introducing Cisco Cyber Ops Administration (210-250 SECFND) exam topic, with all the context and practical examples you need to succeed
• Logical, well-organized, and practical coverage of developing network security infrastructure, recognizing and mitigating threats and vulnerabilities, investigating and responding to incidents, and monitoring devices to maintain integrity, confidentiality and availability
• For the first of two exams in Cisco's new Cybersecurity track, focused on "defending and guarding the castle" -- Cisco's job-focused, threat-centric security team model
• Includes realistic practice tests, plus extensive proven features
• By three of the world's leading experts in Cisco security technologies

CCNA Cyber Ops SECFND 210-250 Official Cert Guide from Cisco Press allows you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco enterprise security experts Omar Santos, Joseph Muniz, and Stefano De Crescenzo share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

• A test-preparation routine proven to help you pass the exam
• Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section
• Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
• The powerful Pearson Test Prep practice test software, with two full sample exams containing 120 well-reviewed, exam-realistic questions, customization options, and detailed performance reports
• A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
• Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

The official study guide helps you master topics on the CCNA Cyber Ops SECFND 210-250 exam, including:

• Network concepts
• Security concepts
• Cryptography
• Host-based analysis
• Security monitoring
• Attack methods

The exciting new CCNA Cyber Ops SECFND 210-250 Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

• The CCNA Cyber Ops SECFND 210-250 Premium Edition Practice Test, including four full practice exams and enhanced practice test features
• PDF and EPUB formats of the CCNA Cyber Ops SECFND 210-250 Official Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and Smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep (PTP) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

• Allows you to focus on individual topic areas or take complete, timed exams
  Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
• Provides unique sets of exam-realistic practice questions
  Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson Test Prep online system requirements:

Browsers: Chrome version 40 and above, Firefox version 35 and
above, Safari version 7, Internet Explorer 10, 11, Microsoft Edge,
Opera. Devices: Desktop and laptop computers, Tablets running on
Android and iOS, Smartphones with a minimum screen size of 4.7".
Internet access required.

Pearson Test Prep offline system requirements: Windows 10,
Windows 8.1, Windows 7, or Vista (SP2), Microsoft .NET Framework
4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM;
650 MB disk space plus 50 MB for each downloaded practice exam;
access to the Internet to register and download exam databases

About the Premium Edition eBook

Learn, prepare, and practice for CCNA Cyber Ops SECFND 210-250 exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.

• Master CCNA Cyber Ops SECFND 210-250 exam topics
• Assess your knowledge with chapter-ending quizzes
• Review key concepts with exam preparation tasks
• Practice with realistic exam questions

CCNA Cyber Ops SECFND 210-250 Official Cert Guide is a best-of-breed exam study guide from Pearson IT Certification, a leader in IT certification learning. Cisco enterprise security experts Omar Santos, Joseph Muniz, and Stefano De Crescenzo share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNA Cyber Ops SECFND #210-250 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The study guide helps you master all the topics on the CCNA Cyber Ops SECFND exam, including:

• Fundamentals of networking protocols and networking device types
• Network security devices and cloud services
• Security principles
• Access control models
• Security management concepts and techniques
• Fundamentals of cryptography and PKI
• Essentials of Virtual Private Networks (VPNs)
• Windows-based Analysis
• Linux /MAC OS X-based Analysis
• Endpoint security technologies
• Network and host telemetry
• Security monitoring operations and challenges
• Types of attacks and vulnerabilities
• Security evasion techniques

Sample Pages

Download the sample pages (includes Chapter 3 and index)

Table of Contents

Introduction xxv
Part I Network Concepts
Chapter 1 Fundamentals of Networking Protocols and Networking Devices 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
TCP/IP and OSI Model 6
TCP/IP Model 6
Open System Interconnection Model 12
Layer 2 Fundamentals and Technologies 16
Ethernet LAN Fundamentals and Technologies 16
Ethernet Devices and Frame-Forwarding Behavior 20
Wireless LAN Fundamentals and Technologies 35
Internet Protocol and Layer 3 Technologies 43
IPv4 Header 45
IPv4 Fragmentation 47
IPv4 Addresses and Addressing Architecture 48
IP Addresses Assignment and DHCP 57
IP Communication Within a Subnet and Address Resolution Protocol (ARP) 60
Intersubnet IP Packet Routing 61
Routing Tables and IP Routing Protocols 64
Internet Control Message Protocol (ICMP) 69
Domain Name System (DNS) 71
IPv6 Fundamentals 75
IPv6 Header 78
IPv6 Addressing and Subnets 79
Special and Reserved IPv6 Addresses 82
IPv6 Addresses Assignment, Neighbor Discovery Protocol, and
DHCPv6 83
Transport Layer Technologies and Protocols 89
Transmission Control Protocol (TCP) 90
User Datagram Protocol (UDP) 98
Exam Preparation Tasks 100
Review All Key Topics 100
Complete Tables and Lists from Memory 103
Define Key Terms 103
Q&A 103
References and Further Reading 106
Chapter 2 Network Security Devices and Cloud Services 109
“Do I Know This Already?” Quiz 109
Foundation Topics 112
Network Security Systems 112
Traditional Firewalls 112
Application Proxies 117
Network Address Translation 117
Stateful Inspection Firewalls 120
Next-Generation Firewalls 126
Personal Firewalls 128
Intrusion Detection Systems and Intrusion Prevention Systems 128
Next-Generation Intrusion Prevention Systems 133
Advance Malware Protection 133
Web Security Appliance 137
Email Security Appliance 140
Cisco Security Management Appliance 142
Cisco Identity Services Engine 143
Security Cloud-based Solutions 144
Cisco Cloud Web Security 145
Cisco Cloud Email Security 146
Cisco AMP Threat Grid 147
Cisco Threat Awareness Service 147
OpenDNS 148
CloudLock 148
Cisco NetFlow 149
What Is the Flow in NetFlow? 149
NetFlow vs. Full Packet Capture 151
The NetFlow Cache 151
Data Loss Prevention 152
Exam Preparation Tasks 153
Review All Key Topics 153
Complete Tables and Lists from Memory 154
Define Key Terms 154
Q&A 154
Part II Security Concepts
Chapter 3 Security Principles 159
“Do I Know This Already?” Quiz 159
Foundation Topics 162
The Principles of the Defense-in-Depth Strategy 162
What Are Threats, Vulnerabilities, and Exploits? 166
Vulnerabilities 166
Threats 167
Exploits 170
Confidentiality, Integrity, and Availability: The CIA Triad 171
Confidentiality 171
Integrity 171
Availability 171
Risk and Risk Analysis 171
Personally Identifiable Information and Protected Health Information 173
PII 173
PHI 174
Principle of Least Privilege and Separation of Duties 174
Principle of Least Privilege 174
Separation of Duties 175
Security Operation Centers 175
Runbook Automation 176
Forensics 177
Evidentiary Chain of Custody 177
Reverse Engineering 178
Exam Preparation Tasks 180
Review All Key Topics 180
Define Key Terms 180
Q&A 181
Chapter 4 Introduction to Access Controls 185
“Do I Know This Already?” Quiz 185
Foundation Topics 189
Information Security Principles 189
Subject and Object Definition 189
Access Control Fundamentals 190
Identification 190
Authentication 191
Authorization 193
Accounting 193
Access Control Fundamentals: Summary 194
Access Control Process 195
Asset Classification 195
Asset Marking 196
Access Control Policy 197
Data Disposal 197
Information Security Roles and Responsibilities 197
Access Control Types 199
Access Control Models 201
Discretionary Access Control 203
Mandatory Access Control 204
Role-Based Access Control 205
Attribute-Based Access Control 207
Access Control Mechanisms 210
Identity and Access Control Implementation 212
Authentication, Authorization, and Accounting Protocols 212
Port-Based Access Control 218
Network Access Control List and Firewalling 221
Identity Management and Profiling 223
Network Segmentation 223
Intrusion Detection and Prevention 227
Antivirus and Antimalware 231
Exam Preparation Tasks 233
Review All Key Topics 233
Complete Tables and Lists from Memory 234
Define Key Terms 234
Q&A 234
References and Additional Reading 237
Chapter 5 Introduction to Security Operations Management 241
“Do I Know This Already?” Quiz 241
Foundation Topics 244
Introduction to Identity and Access Management 244
Phases of the Identity and Access Lifecycle 244
Password Management 246
Directory Management 250
Single Sign-On 252
Federated SSO 255
Security Events and Logs Management 260
Logs Collection, Analysis, and Disposal 260
Security Information and Event Manager 264
Assets Management 265
Assets Inventory 266
Assets Ownership 267
Assets Acceptable Use and Return Policies 267
Assets Classification 268
Assets Labeling 268
Assets and Information Handling 268
Media Management 269
Introduction to Enterprise Mobility Management 269
Mobile Device Management 271
Configuration and Change Management 276
Configuration Management 276
Change Management 278
Vulnerability Management 281
Vulnerability Identification 281
Vulnerability Analysis and Prioritization 290
Vulnerability Remediation 294
Patch Management 295
References and Additional Readings 299
Exam Preparation Tasks 302
Review All Key Topics 302
Complete Tables and Lists from Memory 303
Define Key Terms 303
Q&A 303
Part III Cryptography
Chapter 6 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 309
“Do I Know This Already?” Quiz 309
Foundation Topics 311
Cryptography 311
Ciphers and Keys 311
Symmetric and Asymmetric Algorithms 313
Hashes 314
Hashed Message Authentication Code 316
Digital Signatures 317
Key Management 320
Next-Generation Encryption Protocols 321
IPsec and SSL 321
Fundamentals of PKI 323
Public and Private Key Pairs 323
RSA Algorithm, the Keys, and Digital Certificates 324
Certificate Authorities 324
Root and Identity Certificates 326
Authenticating and Enrolling with the CA 328
Public Key Cryptography Standards 330
Simple Certificate Enrollment Protocol 330
Revoking Digital Certificates 330
Using Digital Certificates 331
PKI Topologies 331
Exam Preparation Tasks 334
Review All Key Topics 334
Complete Tables and Lists from Memory 334
Define Key Terms 335
Q&A 335
Chapter 7 Introduction to Virtual Private Networks (VPNs) 339
“Do I Know This Already?” Quiz 339
Foundation Topics 341
What Are VPNs? 341
Site-to-site vs. Remote-Access VPNs 341
An Overview of IPsec 343
IKEv1 Phase 1 343
IKEv1 Phase 2 345
IKEv2 348
SSL VPNs 348
SSL VPN Design Considerations 351
Exam Preparation Tasks 353
Review All Key Topics 353
Complete Tables and Lists from Memory 353
Define Key Terms 353
Q&A 353
Part IV Host-Based Analysis
Chapter 8 Windows-Based Analysis 357
“Do I Know This Already?” Quiz 357
Foundation Topics 360
Process and Threads 360
Memory Allocation 362
Windows Registration 364
Windows Management Instrumentation 366
Handles 368
Services 369
Windows Event Logs 372
Exam Preparation Tasks 375
Review All Key Topics 375
Define Key Terms 375
Q&A 375
References and Further Reading 377
Chapter 9 Linux- and Mac OS X—Based Analysis 379
“Do I Know This Already?” Quiz 379
Foundation Topics 382
Processes 382
Forks 384
Permissions 385
Symlinks 390
Daemons 391
UNIX-Based Syslog 392
Apache Access Logs 396
Exam Preparation Tasks 398
Review All Key Topics 398
Complete Tables and Lists from Memory 398
Define Key Terms 398
Q&A 399
References and Further Reading 400
Chapter 10 Endpoint Security Technologies 403
“Do I Know This Already?” Quiz 403
Foundation Topics 406
Antimalware and Antivirus Software 406
Host-Based Firewalls and Host-Based Intrusion Prevention 408
Application-Level Whitelisting and Blacklisting 410
System-Based Sandboxing 411
Exam Preparation Tasks 414
Review All Key Topics 414
Complete Tables and Lists from Memory 414
Define Key Terms 414
Q&A 414
Part V Security Monitoring and Attack Methods
Chapter 11 Network and Host Telemetry 419
“Do I Know This Already?” Quiz 419
Foundation Topics 422
Network Telemetry 422
Network Infrastructure Logs 422
Traditional Firewall Logs 426
Syslog in Large Scale Environments 430
Next-Generation Firewall and Next-Generation IPS Logs 437
NetFlow Analysis 445
Cisco Application Visibility and Control (AVC) 469
Network Packet Capture 470
Wireshark 473
Cisco Prime Infrastructure 474
Host Telemetry 477
Logs from User Endpoints 477
Logs from Servers 481
Exam Preparation Tasks 483
Review All Key Topics 483
Complete Tables and Lists from Memory 483
Define Key Terms 483
Q&A 484
Chapter 12 Security Monitoring Operational Challenges 487
“Do I Know This Already?” Quiz 487
Foundation Topics 490
Security Monitoring and Encryption 490
Security Monitoring and Network Address Translation 491
Security Monitoring and Event Correlation Time Synchronization 491
DNS Tunneling and Other Exfiltration Methods 491
Security Monitoring and Tor 493
Security Monitoring and Peer-to-Peer Communication 494
Exam Preparation Tasks 495
Review All Key Topics 495
Define Key Terms 495
Q&A 495
Chapter 13 Types of Attacks and Vulnerabilities 499
“Do I Know This Already?” Quiz 499
Foundation Topics 502
Types of Attacks 502
Reconnaissance Attacks 502
Social Engineering 504
Privilege Escalation Attacks 506
Backdoors 506
Code Execution 506
Man-in-the Middle Attacks 506
Denial-of-Service Attacks 507
Attack Methods for Data Exfiltration 510
ARP Cache Poisoning 511
Spoofing Attacks 512
Route Manipulation Attacks 513
Password Attacks 513
Wireless Attacks 514
Types of Vulnerabilities 514
Exam Preparation Tasks 518
Review All Key Topics 518
Define Key Terms 518
Q&A 518
Chapter 14 Security Evasion Techniques 523
“Do I Know This Already?” Quiz 523
Foundation Topics 526
Encryption and Tunneling 526
Key Encryption and Tunneling Concepts 531
Resource Exhaustion 531
Traffic Fragmentation 532
Protocol-Level Misinterpretation 533
Traffic Timing, Substitution, and Insertion 535
Pivoting 536
Exam Preparation Tasks 541
Review All Key Topics 541
Complete Tables and Lists from Memory 541
Define Key Terms 541
Q&A 541
References and Further Reading 543
Part VI Final Preparation
Chapter 15 Final Preparation 545
Tools for Final Preparation 545
Pearson Cert Practice Test Engine and Questions on the Website 545
Customizing Your Exams 547
Updating Your Exams 547
The Cisco Learning Network 548
Memory Tables 548
Chapter-Ending Review Tools 549
Suggested Plan for Final Review/Study 549
Summary 549
Part VII Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A
Questions 551
Glossary 571
Elements Available on the Book Website
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
9781587147029, TOC, 3/9/2017

Errata

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata