CCNA Cybersecurity Operations Companion Guide
- By Cisco Networking Academy, Allan Johnson
- Published Jun 15, 2018 by Cisco Press. Part of the Companion Guide series.
Book
- Sorry, this book is no longer in print.
eBook (Watermarked)
- Your Price: $62.99
- List Price: $69.99
- Includes EPUB and PDF
- About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Features
- Portable, desk reference for take-home study and reference anytime, anywhere.
- Aligns to the online course chapters.
- Provides students with the only authorized, full-featured textbook for the Cisco Networking Academy course
- Book-based pedagogy that serves as additional reinforcement in helping the student learn the topics covered in the course.
- Copyright 2018
- Dimensions: 8" x 9-1/8"
- Pages: 720
- Edition: 1st
- Book
- ISBN-10: 1-58713-439-X
- ISBN-13: 978-1-58713-439-5
CCNA Cybersecurity Operations Companion Guide is the official supplemental textbook for the Cisco Networking Academy CCNA Cybersecurity Operations course.
The course emphasizes real-world practical application, while providing opportunities for you to gain the skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level security analyst working in a security operations center (SOC).
The Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the course and organize your time.
The book’s features help you focus on important concepts to succeed in this course:
· Chapter Objectives—Review core concepts by answering the focus questions listed at the beginning of each chapter.
· Key Terms—Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter.
· Glossary—Consult the comprehensive Glossary with more than 360 terms.
· Summary of Activities and Labs—Maximize your study time with this complete list of all associated practice exercises at the end of each chapter.
· Check Your Understanding—Evaluate your readiness with the end-of-chapter questions that match the style of questions you see in the online course quizzes. The answer key explains each answer.
How To—Look for this icon to study the steps you need to learn to perform certain tasks.
Interactive Activities—Reinforce your understanding of topics with dozens of exercises from the online course identified throughout the book with this icon.
Packet Tracer Activities—Explore and visualize networking concepts using Packet Tracer. There are exercises interspersed throughout the chapters and provided in the accompanying Lab Manual book.
Videos—Watch the videos embedded within the online course.
Hands-on Labs—Develop critical thinking and complex problem-solving skills by completing the labs and activities included in the course and published in the separate Lab Manual.
Online Sample Chapters
Cybersecurity and the Security Operations Center
Table of Contents
Introduction xxiv
Chapter 1 Cybersecurity and the Security Operations Center 1
Objectives 1
Key Terms 1
Introduction (1.0) 2
The Danger (1.1) 2
War Stories (1.1.1) 2
Hijacked People (1.1.1.1) 2
Ransomed Companies (1.1.1.2) 3
Nations (1.1.1.3) 3
Threat Actors (1.1.2) 4
Amateurs (1.1.2.1) 4
Hacktivists (1.1.2.2) 4
Financial Gain (1.1.2.3) 4
Trade Secrets and Global Politics (1.1.2.4) 4
How Secure Is the Internet of Things? (1.1.2.5) 4
Threat Impact (1.1.3) 5
PII and PHI (1.1.3.1) 5
Lost Competitive Advantage (1.1.3.2) 6
Politics and National Security (1.1.3.3) 6
Fighters in the War Against Cybercrime (1.2) 7
The Modern Security Operations Center (1.2.1) 7
Elements of an SOC (1.2.1.1) 7
People in the SOC (1.2.1.2) 8
Process in the SOC (1.2.1.3) 8
Technologies in the SOC (1.2.1.4) 9
Enterprise and Managed Security (1.2.1.5)
Security vs. Availability (1.2.1.6)
Becoming a Defender (1.2.2)
Certifications (1.2.2.1)
Further Education (1.2.2.2)
Sources of Career Information (1.2.2.3)
Getting Experience (1.2.2.4)
Summary (1.3)
Practice
Check Your Understanding
Chapter 2 Windows Operating System
Objectives
Key Terms
Introduction (2.0)
Windows Overview (2.1)
Windows History (2.1.1)
Disk Operating System (2.1.1.1)
Windows Versions (2.1.1.2)
Windows GUI (2.1.1.3)
Operating System Vulnerabilities (2.1.1.4)
Windows Architecture and Operations (2.1.2)
Hardware Abstraction Layer (2.1.2.1)
User Mode and Kernel Mode (2.1.2.2)
Windows File Systems (2.1.2.3)
Windows Boot Process (2.1.2.4)
Windows Startup and Shutdown (2.1.2.5)
Processes, Threads, and Services (2.1.2.6)
Memory Allocation and Handles (2.1.2.7)
The Windows Registry (2.1.2.8)
Windows Administration (2.2)
Windows Configuration and Monitoring (2.2.1)
Run as Administrator (2.2.1.1)
Local Users and Domains (2.2.1.2)
CLI and PowerShell (2.2.1.3)
Windows Management Instrumentation (2.2.1.4)
The net Command (2.2.1.5)
Task Manager and Resource Monitor (2.2.1.6)
Networking (2.2.1.7)
Accessing Network Resources (2.2.1.8)
Windows Server (2.2.1.9)
Windows Security (2.2.2)
The netstat Command (2.2.2.1)
Event Viewer (2.2.2.2)
Windows Update Management (2.2.2.3)
Local Security Policy (2.2.2.4)
Windows Defender (2.2.2.5)
Windows Firewall (2.2.2.6)
Chapter 3 Linux Operating System
Objectives
Key Terms
Introduction (3.0)
Linux Overview (3.1)
Linux Basics (3.1.1)
What is Linux? (3.1.1.1)
The Value of Linux (3.1.1.2)
Linux in the SOC (3.1.1.3)
Linux Tools (3.1.1.4)
Working in the Linux Shell (3.1.2)
The Linux Shell (3.1.2.1)
Basic Commands (3.1.2.2)
File and Directory Commands (3.1.2.3)
Working with Text Files (3.1.2.4)
The Importance of Text Files in Linux (3.1.2.5)
Linux Servers and Clients (3.1.3)
An Introduction to Client-Server Communications (3.1.3.1)
Servers, Services, and Their Ports (3.1.3.2)
Clients (3.1.3.3)
Linux Administration (3.2)
Basic Server Administration (3.2.1)
Service Configuration Files (3.2.1.1)
Hardening Devices (3.2.1.2)
Monitoring Service Logs (3.2.1.3)
The Linux File System (3.2.2)
The File System Types in Linux (3.2.2.1)
Linux Roles and File Permissions (3.2.2.2)
Hard Links and Symbolic Links (3.2.2.3)
Linux Hosts (3.3)
Working with the Linux GUI (3.3.1)
X Window System (3.3.1.1)
The Linux GUI (3.3.1.2)
Working on a Linux Host (3.3.2)
Installing and Running Applications on a
Linux Host (3.3.2.1)
Keeping the System Up to Date (3.3.2.2)
Processes and Forks (3.3.2.3)
Malware on a Linux Host (3.3.2.4)
Rootkit Check (3.3.2.5)
Piping Commands (3.3.2.6)
Summary (3.4)
Practice
Check Your Understanding
Chapter 4 Network Protocols and Services
Objectives
Key Terms
Introduction (4.0)
Network Protocols (4.1)
Network Communications Process (4.1.1)
Views of the Network (4.1.1.1)
Client-Server Communications (4.1.1.2)
A Typical Session: Student (4.1.1.3)
A Typical Session: Gamer (4.1.1.4)
A Typical Session: Surgeon (4.1.1.5)
Tracing the Path (4.1.1.6)
Communications Protocols (4.1.2)
What Are Protocols? (4.1.2.1)
Network Protocol Suites (4.1.2.2)
The TCP/IP Protocol Suite (4.1.2.3)
Format, Size, and Timing (4.1.2.4)
Unicast, Multicast, and Broadcast (4.1.2.5)
Reference Models (4.1.2.6)
Three Addresses (4.1.2.7)
Encapsulation (4.1.2.8)
Scenario: Sending and Receiving a Web Page (4.1.2.9)
Ethernet and Internet Protocol (IP) (4.2)
Ethernet (4.2.1)
The Ethernet Protocol (4.2.1.1)
The Ethernet Frame (4.2.1.2)
MAC Address Format (4.2.1.3)
IPv4 (4.2.2)
IPv4 Encapsulation (4.2.2.1)
IPv4 Characteristics (4.2.2.2)
The IPv4 Packet (4.2.2.4)
IPv4 Addressing Basics (4.2.3)
IPv4 Address Notation (4.2.3.1)
IPv4 Host Address Structure (4.2.3.2)
IPv4 Subnet Mask and Network Address (4.2.3.3)
Subnetting Broadcast Domains (4.2.3.4)
Types of IPv4 Addresses (4.2.4)
IPv4 Address Classes and Default Subnet Masks (4.2.4.1)
Reserved Private Addresses (4.2.4.2)
The Default Gateway (4.2.5)
Host Forwarding Decision (4.2.5.1)
Default Gateway (4.2.5.2)
Using the Default Gateway (4.2.5.3)
IPv6 (4.2.6)
Need for IPv6 (4.2.6.1)
IPv6 Size and Representation (4.2.6.2)
IPv6 Address Formatting (4.2.6.3)
IPv6 Prefix Length (4.2.6.4)
Connectivity Verification (4.3)
ICMP (4.3.1)
ICMPv4 Messages (4.3.1.1)
ICMPv6 RS and RA Messages (4.3.1.2)
Ping and Traceroute Utilities (4.3.2)
Ping: Testing the Local Stack (4.3.2.1)
Ping: Testing Connectivity to the Local LAN (4.3.2.2)
Ping: Testing Connectivity to Remote Host (4.3.2.3)
Traceroute: Testing the Path (4.3.2.4)
ICMP Packet Format (4.3.2.5)
Address Resolution Protocol (4.4)
MAC and IP (4.4.1)
Destination on the Same Network (4.4.1.1)
Destination on a Remote Network (4.4.1.2)
ARP (4.4.2)
Introduction to ARP (4.4.2.1)
ARP Functions (4.4.2.2)
Removing Entries from an ARP Table (4.4.2.6)
ARP Tables on Networking Devices (4.4.2.7)
ARP Issues (4.4.3)
ARP Broadcasts (4.4.3.1)
ARP Spoofing (4.4.3.2)
The Transport Layer (4.5)
Transport Layer Characteristics (4.5.1)
Transport Layer Protocol Role in Network Communication (4.5.1.1)
Transport Layer Mechanisms (4.5.1.2)
TCP Local and Remote Ports (4.5.1.3)
Socket Pairs (4.5.1.4)
TCP vs. UDP (4.5.1.5)
TCP and UDP Headers (4.5.1.6)
Transport Layer Operation (4.5.2)
TCP Port Allocation (4.5.2.1)
A TCP Session Part I: Connection Establishment and Termination (4.5.2.2)
A TCP Session Part II: Data Transfer (4.5.2.6)
A UDP Session (4.5.2.9)
Network Services (4.6)
DHCP (4.6.1)
DHCP Overview (4.6.1.1)
DHCPv4 Message Format (4.6.1.2)
DNS (4.6.2)
DNS Overview (4.6.2.1)
The DNS Domain Hierarchy (4.6.2.2)
The DNS Lookup Process (4.6.2.3)
DNS Message Format (4.6.2.4)
Dynamic DNS (4.6.2.5)
The WHOIS Protocol (4.6.2.6)
NAT (4.6.3)
NAT Overview (4.6.3.1)
NAT-Enabled Routers (4.6.3.2)
Port Address Translation (4.6.3.3)
File Transfer and Sharing Services (4.6.4)
FTP and TFTP (4.6.4.1)
SMB (4.6.4.2)
Email (4.6.5)
Email Overview (4.6.5.1)
SMTP (4.6.5.2)
POP3 (4.6.5.3)
IMAP (4.6.5.4)
HTTP (4.6.6)
HTTP Overview (4.6.6.1)
The HTTP URL (4.6.6.2)
The HTTP Protocol (4.6.6.3)
HTTP Status Codes (4.6.6.4)
Summary (4.7)
Practice
Check Your Understanding
Chapter 5 Network Infrastructure
Objectives
Key Terms
Introduction (5.0)
Network Communication Devices (5.1)
Network Devices (5.1.1)
End Devices (5.1.1.1)
Routers (5.1.1.3)
Router Operation (5.1.1.5)
Routing Information (5.1.1.6)
Hubs, Bridges, LAN Switches (5.1.1.8)
Switching Operation (5.1.1.9)
VLANs (5.1.1.11)
STP (5.1.1.12)
Multilayer Switching (5.1.1.13)
Wireless Communications (5.1.2)
Protocols and Features (5.1.2.2)
Wireless Network Operations (5.1.2.3)
The Client to AP Association Process (5.1.2.4)
Wireless Devices: AP, LWAP, WLC (5.1.2.6)
Network Security Infrastructure (5.2)
Security Devices (5.2.1)
Firewalls (5.2.1.2)
Firewall Type Descriptions (5.2.1.3)
Packet Filtering Firewalls (5.2.1.4)
Stateful Firewalls (5.2.1.5)
Next-Generation Firewalls (5.2.1.6)
Intrusion Protection and Detection Devices (5.2.1.8)
Advantages and Disadvantages of IDS and IPS (5.2.1.9)
Types of IPS (5.2.1.10)
Specialized Security Appliances (5.2.1.11)
Security Services (5.2.2)
Traffic Control with ACLs (5.2.2.2)
ACLs: Important Features (5.2.2.3)
SNMP (5.2.2.5)
NetFlow (5.2.2.6)
Port Mirroring (5.2.2.7)
Syslog Servers (5.2.2.8)
NTP (5.2.2.9)
AAA Servers (5.2.2.10)
VPN (5.2.2.11)
Network Representations (5.3)
Network Topologies (5.3.1)
Overview of Network Components (5.3.1.1)
Physical and Logical Topologies (5.3.1.2)
WAN Topologies (5.3.1.3)
LAN Topologies (5.3.1.4)
The Three-Layer Network Design Model (5.3.1.5)
Common Security Architectures (5.3.1.7)
Summary (5.4)
Practice
Check Your Understanding
Chapter 6 Principles of Network Security
Objectives
Key Terms
Introduction (6.0)
Attackers and Their Tools (6.1)
Who Is Attacking Our Network (6.1.1)
Threat, Vulnerability, and Risk (6.1.1.1)
Hacker vs. Threat Actor (6.1.1.2)
Evolution of Threat Actors (6.1.1.3)
Cybercriminals (6.1.1.4)
Cybersecurity Tasks (6.1.1.5)
Cyber Threat Indicators (6.1.1.6)
Threat Actor Tools (6.1.2)
Introduction of Attack Tools (6.1.2.1)
Evolution of Security Tools (6.1.2.2)
Categories of Attacks (6.1.2.3)
Common Threats and Attacks (6.2)
Malware (6.2.1)
Types of Malware (6.2.1.1)
Viruses (6.2.1.2)
Trojan Horses (6.2.1.3)
Trojan Horse Classification (6.2.1.4)
Worms (6.2.1.5)
Worm Components (6.2.1.6)
Ransomware (6.2.1.7)
Other Malware (6.2.1.8)
Common Malware Behaviors (6.2.1.9)
Common Network Attacks (6.2.2)
Types of Network Attacks (6.2.2.1)
Reconnaissance Attacks (6.2.2.2)
Sample Reconnaissance Attacks (6.2.2.3)
Access Attacks (6.2.2.4)
Types of Access Attacks (6.2.2.5)
Social Engineering Attacks (6.2.2.6)
Phishing Social Engineering Attacks (6.2.2.7)
Strengthening the Weakest Link (6.2.2.8)
Denial-of-Service Attacks (6.2.2.10)
DDoS Attacks (6.2.2.11)
Example DDoS Attack (6.2.2.12)
Buffer Overflow Attack (6.2.2.13)
Evasion Methods (6.2.2.14)
Summary (6.3)
Practice
Check Your Understanding
Chapter 7 Network Attacks: A Deeper Look
Objectives
Key Terms
Introduction (7.0)
Network Monitoring and Tools (7.1)
Introduction to Network Monitoring (7.1.1)
Network Security Topology (7.1.1.1)
Monitoring the Network (7.1.1.2)
Network TAPs (7.1.1.3)
Traffic Mirroring and SPAN (7.1.1.4)
Introduction to Network Monitoring Tools (7.1.2)
Network Security Monitoring Tools (7.1.2.1)
Network Protocol Analyzers (7.1.2.2)
NetFlow (7.1.2.3)
SIEM (7.1.2.4)
SIEM Systems (7.1.2.5)
Attacking the Foundation (7.2)
IP Vulnerabilities and Threats (7.2.1)
IPv4 and IPv6 (7.2.1.1)
The IPv4 Packet Header (7.2.1.2)
The IPv6 Packet Header (7.2.1.3)
IP Vulnerabilities (7.2.1.4)
ICMP Attacks (7.2.1.5)
DoS Attacks (7.2.1.6)
Amplification and Reflection Attacks (7.2.1.7)
DDoS Attacks (7.2.1.8)
Address Spoofing Attacks (7.2.1.9)
TCP and UDP Vulnerabilities (7.2.2)
TCP (7.2.2.1)
TCP Attacks (7.2.2.2)
UDP and UDP Attacks (7.2.2.3)
Attacking What We Do (7.3)
IP Services (7.3.1)
ARP Vulnerabilities (7.3.1.1)
ARP Cache Poisoning (7.3.1.2)
DNS Attacks (7.3.1.3)
DNS Tunneling (7.3.1.4)
DHCP (7.3.1.5)