back

CyberSec First Responder (CFR-310)

Network Defense and Incident Response13 H 17 M

The CyberSec First Responder certification shows that a cyber security professional knows how to prevent and investigate security incidents.

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
This course has a practice test
Episodes
Episodes
  • Threats and Attacks
    • Overview
    • Threat Targets
    • Threat Actors
    • Threat Motives
    • Threat Intentions
    • Attack Phases
    • Attack Vectors
    • Technique Criteria
    • Impact of Attacks
    • Footprinting
    • Network and Port Scanning
    • Vulnerability Scanning
    • Penetration Testing
    • Web App Scanning
    • Enumeration
  • Gaining Access
    • Exploitation Frameworks
    • Client-Side Attacks
    • Server-Side Attacks
    • Mobile Threats
    • Web Attacks
    • Password Attack
    • Wireless Attacks
    • Social Engineering
    • Man-In-The-Middle
    • Malware
    • Out-of-Band Attacks
    • Denial of Service
  • Post-Exploitation
    • Command and Control
    • Data Exfiltration
    • Pivoting
    • Lateral Movement
    • Persistence
    • Keylogging
    • Anti-Forensics
    • Covering Your Tracks
  • Threat Research and Incident Prep
    • Threat Research and Incident Prep
  • Data Collection and Analysis
    • Network Data Collection and Analysis
    • Host Data Collection and Analysis
    • Anomaly Detection
    • Indicators of Compromise
    • Log Analysis Tools
  • Incident Response Techniques
    • Containment
    • Asset Discovery
    • Windows Incident Response Tools
    • Linux Incident Response Tools
    • Incident Response Process
    • Incident Response Preparation
    • Compliance and Standards
    • Frameworks and Best-Practices
    • Forensic Concepts
  • Vulnerability Assessments
    • Common Vulnerable Areas
    • Vulnerability Assessments

Overview

5 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

This course covers network defense and incident response methods, tactics, and procedures that are in alignment with industry frameworks such as NIST 800-61r2 (Computer Security Incident Handling Guide), US-CERT's National Cyber Incident Response Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents.

[MUSIC] Greetings everyone, I am Daniel Lowrie with ITPROTV and I'm going to take you through what you're going to need to know and learn in the cybersec first responders series before the CFR 3 10 exam. Let me tell you a little bit about myself. I've been in systems and networking and also security for over 20 years now, so I'm gonna bring that knowledge to the table and act as your subject matter expert throughout this series. I will be joined by a host and they will be acting as the learner for you. So those questions that you're probably thinking about as we go through this, they'll be answering and asking, we're asking that for you as we move along. Now. Let me tell you a little bit about the exam itself and I think the best way to do that is just to jump into certain excesses website and take a look at the information they get through us there. You can see for the cybersec first responder this is the Blue team certification for cybersecurity. It's got a lot of information here. I think one of the most important things is that it says that it is a comprehensive certification designed to validate the knowledge and skills required to protect these critical information systems before, during and after an incident. And I think that's probably a very important thing, but a very key idea to how we're gonna move and progress through the series of stuff that we're trying to help you make sure you know, all the things you need to know for the exam and that you're going to validate skills you probably already have because as you, as we get down into, we'll see that you're probably working in that role anyway. You see this is also DOD8570 or 8140 compliance. So if you need a certification that is that meets that compliance specification, the CFR will do that for you. All right. A couple of the things we need to know. Let's see here. Let's let's move down through and take a look at what the exam will actually look like. Kind of gives you some information like target candidate, which are individuals with between three and five years of experience working in a computing environment as part of the of assert or C search or maybe you work in a sock and you protect critical information systems before, during and after incidents. Like I said, a little bit of validation. Some of the common job roles that you'll see that lend itself to the certification. And then of course, the exam description is probably the most important part for us, things that we need to know again, successful candidate has the knowledge. It's going to certify that, that you have the knowledge, skills and abilities to require to deal with the changing threat landscape. And we'll be able to assess risk and vulnerabilities, acquire data, perform analysis, continually, communicate and determine scope, recommend remediation and accurately report those results. It's going to be 100 questions, 120 minutes, multiple choice, multiple response. Let's see what else serious will be done at Pearson Vue Centers. So if you want to take the exam, we're gonna go to a Pearson Vue Center and sit in a Proctor testing booth. You need a 70 to 71% passing score and it's going to depend on the exam form that you're actually delivered at the time of the exam. Very important. One other thing I want to kind of go through is the goals of this and how this series is gonna be structured and a helpful thing for that is if you come right here under exam details and click this exam blueprint, you'll find inside that document the domains that make up the CFR study guide. Right? So we have threats and attacks, data collection and analysis, incident response methods, tools and techniques, the incident response process and vulnerability assessments. So five domains breaking it up on what you're going to be responsible for when it comes to the exam itself. So very good stuff. And what I'm gonna do is I'm gonna take each one of these. I'm gonna look through, I'm going to basically take your outline and we're gonna make episodes out of each one of those modules so that we make sure to hit on every point you'll need to be successful on the exam. So that's that's my goal as the subject matter experts. A couple of resources that could be helpful in this as you follow along with me is have maybe some virtualization, right? So spin up your favorite virtual box or VM ware workstation or fusion or whatever the case may be and I would highly recommend a collie Lennox distribution and maybe one or two Windows machines as well just so that you can play around this stuff, get some hands on from there any other resources that you'll need. I'll make sure to give you that information per those episodes, that being said, I'm pretty excited about this series. It's gonna be a lot of fun. We're going to take a look at threats from the attacking side. We're gonna take a look at defense obviously from the Blue team side of things and we're gonna get a really well rounded perspective of what you need to do to be successful as a first responder, as an incident responder and how you can validate those skills and knowledge that you already have for your job you're already at, or maybe a new one in the future. So I'm really excited again and I will see you in the upcoming series. [MUSIC]