back

CCNA Cyber Ops (210-255 SECOPS)

Cisco Cybersecurity Operations22 H 50 M

This Cisco cybersecurity operations show covers the exam objectives for the SECFND 210-255 exam, the second exam you need to pass to be CCNA CyberOps certified.

This course has a practice test
Episodes
Episodes
  • Endpoint Threat Analysis and Computer Forensics
    • Overview
    • Read Analysis Reports
    • Read Analysis Reports Part 2
    • Read Analysis Reports Part 3
    • Describe CVSS 3.0
    • Describe CVSS 3.0 Part 2
    • Describe CVSS 3.0 Part 3
    • Understand Windows File Systems
    • Understand Windows File Systems Part 2
    • Understand Linux File Systems
    • Identify Forensic Evidence
    • Identify Forensic Evidence Part 2
  • Network Intrusion Analysis
    • Interpret Basic Regular Expressions
    • Interpret Basic Regular Expressions Part 2
    • Describe Protocol Headers
    • Describe Protocol Headers Part 2
    • Describe Protocol Headers Part 3
    • Describe IP Headers
    • Describe IP Headers Part 2
    • Describe IP Headers Part 3
    • Describe ICMP Intrusion
    • Describe ICMP Intrusion Part 2
    • Describe ICMP Intrusion Part 3
    • Describe ICMP Intrusion Part 4
    • Describe Transport Layer Headers
    • Describe Transport Layer Headers Part 2
    • Describe Transport Layer Headers Part 3
    • Describe HTTP Headers
    • Describe HTTP Headers Part 2
    • Describe HTTP Headers Part 3
    • Identify Netflow v5 Records
    • Identify Netflow v5 Records Part 2
    • Examine Intrusion Events
    • Intrusion Event Technologies
    • Intrusion Event Technologies Part 2
    • Intrusion Event Technologies Part 3
    • Intrusion Impact Analysis
    • Intrusion Impact Analysis Part 2
  • Incident Response
    • Incident Response Elements
    • Incident Response Elements Part 2
    • Describe CSIRT Goals
    • Identify Cybersec Elements and Frameworks
  • Data and Event Analysis
    • Describe Data Normalization
    • Describe 5 Tuple Correlation
    • FirePower Management Console
    • Compare and Contrast Analysis Methods
  • Incident Handling
    • Classify and Categorize Intrusions
    • Classify and Categorize Intrusions Part 2
    • Classify and Categorize Intrusions Part 3
    • Apply NIST.SP800-61 r2 To Events
    • NIST SP800-86 Evidence Handling
    • Apply VERIS Schema Categories

Overview

6 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

The Cisco Cybersecurity Operations show (Exam 210-255) will help prepare someone preparing for the 2 exams of the CCNA Cyber Ops Certification. It also aids them to get ready to begin working as an associate level analyst within a Security Operations Center (SOC) and help the candidate handle the tasks, duties and responsibilities working as an analyst in the SOC. The show will focus on introductory-level skills of basic threat analysis, event correlation, identifying malicious activities and using a playbook for incident response.

[MUSIC] Hello, welcome to the overview for the Cisco Cybersecurity Operations show. You'll see that during this show, we'll probably end up referring to it as CCNA SECOPS very often. And that is because this particular show matches up to the exam for, of course, your CCNA Cyber Ops certification as well. Now, let's talk about a few details on the exam as we actually get started this too, okay? If you are getting ready for the exam, we want to know a little bit about, of course, preparing and getting access to the exam as well. Let's take a look at my screen, that will help us out. Make sure you go to the Pearson VUE website, and when you do so, you, of course, can select the program. For us, it's gonna be Cisco, and that should pop up Cisco Systems. And once we do this, you, if you have not yet actually created an account, make sure you create an account over here on the right-hand side. Once you do so, of course, you'll log back in, come to the same site. From this point, you will go down to where it says View exams, so that you can find the correct exam number. And once we do so, we're gonna actually be underneath these Proctored Exams, okay? So Cisco does offer some of the other ones, but we're underneath the Proctored Exams, and we're looking for 210-255, 210-255, Implementing Cisco Cybersecurity Operations. And once you do that, notice that there's actually a couple of different languages, English and Japanese. Let's select English at this point and click Next. From that point, of course, you'll schedule the exam, which will be near you. There's a button over on the lower right-hand corner that will allow you to pick a center near you, and that's what you'll have to do. Make sure that you arrive about 15 minutes early, and that way you also bring, of course, a photo ID, and that you are ready for the exam as well. Now when we start taking a look at the details of the exam, that is what we're also here for too. The entire, of course, CCNA Cybersecurity Operations show is based around the exam objectives themselves, that you can download directly from Cisco Learning website. So make sure you do that first, okay? Notice that the exam is a 90 minute exam, and there's between 60 to 70 questions in this assessment, okay? Now, to achieve the overall certification itself, you must take two exams. The first one, of course, is the Security Fundamentals exam, and then this one on the Implementing Cisco Cybersecurity Operations. Both of those will lead you to your CCNA Cyber Ops certification, okay? Now the whole goal, of course, as we actually take a look at this particular show is, not only for you to be able to achieve your certification. But also to help prepare you as an entry level analyst in working in a security operation center. And so, the goal and the show, of course, is designed around that, and it's also designed around these exam topics. So throughout the show, we will be covering every exam topic as well. We talk about endpoint threat and computer forensics analysis, as we break it down through using these different terms using the CVSS 3.0. And we'll make sure that we cover all the details in that. We, of course, will take a look at some of the different items that pertain to the Windows file system, as well as the Linux file system. We'll also talk, of course, about evidence, and the different image types that we may also be using, in terms of making sure that we're ready to work in that security operations center. And then, of course, describe the idea of an investigation, and the threats, and the threat actors that are in place. Under the Network Intrusion Analysis, we, of course, will go through each and every one of these topics as well, including the protocol headers, in which we'll take a look at in depth. We'll also see, of course, different elements using NetFlow Version 5. We, of course, will work with Wireshark and using PCAP files as well. And we, of course, will talk about the five tuples of data as we go through this. We'll show you how to extract a file from a TCP stream given a PCAP file as well. And then, of course, different elements that are involved there, making sure we can identify them too. As we move into the third section, we'll now move into incident responses. And we will heavily focus in upon the NIST documentation here on SP800-61, or excuse me, 800-61 r2. And this will help us to go ahead and prepare, as you see, it's referred to in multiple sections throughout, of course, this third domain objectives. We, of course, will describe the idea of using CSIRT in our particular centers as well, and then, the network profiling. And then we'll look at, of course, data and event analysis. And we'll take a look at all the elements that are described right here, going from data normalization, of course, to actually comparing different analytic methods that we have in hand. And lastly, we'll also end up focusing on a couple of other NIST documents too, or at least one other one, okay? So we'll take a look at the kill chain right here in 5.1, as well as the same NIST document we referred to earlier, and then later on, another NIST document as well. And lastly, we'll talk about other schemas that are also involved in what you may find very common, inside of your security operations center. So if you are now in this process of preparing for this second exam, or for the CCNA Cyber Ops overall, I do have to actually make a particularly good recommendation to you before you proceed on, okay? You can choose to take either one of the exams in whatever order you choose to. The recommendation, of course, is that you take the Security Fundamentals first and then take, of course, the SECOPS exam second, okay? Do not be surprised to find that you'll see a lot of the elements that are in the Security Fundamentals exam also appear in the SECOPS exam as well. So just be prepared for that as you continue to go ahead and study, as well as watch the shows that we've created right here to help you too. Don't forget to take advantage of the forums that are also at the ITProTV website. But if you're ready to get started, all you have to do is actually go ahead and get forwarded into the very first video on, of course, our CCNA Cybersecurity Operations show. Thank you for watching. [MUSIC]

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.