CCNA Cyber Ops SECFND 210-250 official cert guide

Introduction xxvPart I Network ConceptsChapter 1 Fundamentals of Networking Protocols and Networking Devices 3    "Do I Know This Already?" Quiz 3    Foundation Topics 6    TCP/IP and OSI Model 6        TCP/IP Model 6        Open System Interconnection Model 12    Layer 2 Fundamentals and Technologies 16        Ethernet LAN Fundamentals and Technologies 16        Ethernet Devices and Frame-Forwarding Behavior 20        Wireless LAN Fundamentals and Technologies 35    Internet Protocol and Layer 3 Technologies 43        IPv4 Header 45        IPv4 Fragmentation 47        IPv4 Addresses and Addressing Architecture 48        IP Addresses Assignment and DHCP 57        IP Communication Within a Subnet and Address Resolution Protocol (ARP) 60        Intersubnet IP Packet Routing 61        Routing Tables and IP Routing Protocols 64    Internet Control Message Protocol (ICMP) 69    Domain Name System (DNS) 71    IPv6 Fundamentals 75        IPv6 Header 78        IPv6 Addressing and Subnets 79        Special and Reserved IPv6 Addresses 82        IPv6 Addresses Assignment, Neighbor Discovery Protocol, and        DHCPv6 83    Transport Layer Technologies and Protocols 89        Transmission Control Protocol (TCP) 90        User Datagram Protocol (UDP) 98    Exam Preparation Tasks 100    Review All Key Topics 100    Complete Tables and Lists from Memory 103    Define Key Terms 103    Q&A 103    References and Further Reading 106Chapter 2 Network Security Devices and Cloud Services 109    "Do I Know This Already?" Quiz 109    Foundation Topics 112    Network Security Systems 112        Traditional Firewalls 112        Application Proxies 117        Network Address Translation 117        Stateful Inspection Firewalls 120        Next-Generation Firewalls 126        Personal Firewalls 128        Intrusion Detection Systems and Intrusion Prevention Systems 128        Next-Generation Intrusion Prevention Systems 133        Advance Malware Protection 133        Web Security Appliance 137        Email Security Appliance 140        Cisco Security Management Appliance 142        Cisco Identity Services Engine 143    Security Cloud-based Solutions 144        Cisco Cloud Web Security 145        Cisco Cloud Email Security 146        Cisco AMP Threat Grid 147        Cisco Threat Awareness Service 147        OpenDNS 148        CloudLock 148    Cisco NetFlow 149        What Is the Flow in NetFlow? 149        NetFlow vs. Full Packet Capture 151        The NetFlow Cache 151    Data Loss Prevention 152    Exam Preparation Tasks 153    Review All Key Topics 153    Complete Tables and Lists from Memory 154    Define Key Terms 154    Q&A 154Part II Security ConceptsChapter 3 Security Principles 159    "Do I Know This Already?" Quiz 159    Foundation Topics 162    The Principles of the Defense-in-Depth Strategy 162    What Are Threats, Vulnerabilities, and Exploits? 166        Vulnerabilities 166        Threats 167        Exploits 170    Confidentiality, Integrity, and Availability: The CIA Triad 171        Confidentiality 171        Integrity 171        Availability 171    Risk and Risk Analysis 171    Personally Identifiable Information and Protected Health Information 173        PII 173        PHI 174    Principle of Least Privilege and Separation of Duties 174        Principle of Least Privilege 174        Separation of Duties 175    Security Operation Centers 175        Runbook Automation 176    Forensics 177        Evidentiary Chain of Custody 177        Reverse Engineering 178    Exam Preparation Tasks 180    Review All Key Topics 180    Define Key Terms 180    Q&A 181Chapter 4 Introduction to Access Controls 185    "Do I Know This Already?" Quiz 185    Foundation Topics 189    Information Security Principles 189    Subject and Object Definition 189    Access Control Fundamentals 190        Identification 190        Authentication 191        Authorization 193        Accounting 193        Access Control Fundamentals: Summary 194    Access Control Process 195        Asset Classification 195        Asset Marking 196        Access Control Policy 197        Data Disposal 197    Information Security Roles and Responsibilities 197    Access Control Types 199    Access Control Models 201        Discretionary Access Control 203        Mandatory Access Control 204        Role-Based Access Control 205        Attribute-Based Access Control 207    Access Control Mechanisms 210    Identity and Access Control Implementation 212        Authentication, Authorization, and Accounting Protocols 212        Port-Based Access Control 218        Network Access Control List and Firewalling 221        Identity Management and Profiling 223    Network Segmentation 223        Intrusion Detection and Prevention 227        Antivirus and Antimalware 231    Exam Preparation Tasks 233    Review All Key Topics 233    Complete Tables and Lists from Memory 234    Define Key Terms 234    Q&A 234    References and Additional Reading 237Chapter 5 Introduction to Security Operations Management 241    "Do I Know This Already?" Quiz 241    Foundation Topics 244    Introduction to Identity and Access Management 244        Phases of the Identity and Access Lifecycle 244        Password Management 246        Directory Management 250        Single Sign-On 252        Federated SSO 255    Security Events and Logs Management 260        Logs Collection, Analysis, and Disposal 260        Security Information and Event Manager 264    Assets Management 265        Assets Inventory 266        Assets Ownership 267        Assets Acceptable Use and Return Policies 267        Assets Classification 268        Assets Labeling 268        Assets and Information Handling 268        Media Management 269    Introduction to Enterprise Mobility Management 269        Mobile Device Management 271    Configuration and Change Management 276        Configuration Management 276        Change Management 278    Vulnerability Management 281        Vulnerability Identification 281        Vulnerability Analysis and Prioritization 290        Vulnerability Remediation 294    Patch Management 295    References and Additional Readings 299    Exam Preparation Tasks 302    Review All Key Topics 302    Complete Tables and Lists from Memory 303    Define Key Terms 303    Q&A 303Part III CryptographyChapter 6 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 309    "Do I Know This Already?" Quiz 309    Foundation Topics 311    Cryptography 311        Ciphers and Keys 311        Symmetric and Asymmetric Algorithms 313        Hashes 314        Hashed Message Authentication Code 316        Digital Signatures 317        Key Management 320        Next-Generation Encryption Protocols 321        IPsec and SSL 321    Fundamentals of PKI 323        Public and Private Key Pairs 323        RSA Algorithm, the Keys, and Digital Certificates 324        Certificate Authorities 324        Root and Identity Certificates 326        Authenticating and Enrolling with the CA 328        Public Key Cryptography Standards 330        Simple Certificate Enrollment Protocol 330        Revoking Digital Certificates 330        Using Digital Certificates 331        PKI Topologies 331    Exam Preparation Tasks 334    Review All Key Topics 334    Complete Tables and Lists from Memory 334    Define Key Terms 335    Q&A 335Chapter 7 Introduction to Virtual Private Networks (VPNs) 339    "Do I Know This Already?" Quiz 339    Foundation Topics 341    What Are VPNs? 341    Site-to-site vs. Remote-Access VPNs 341    An Overview of IPsec 343        IKEv1 Phase 1 343        IKEv1 Phase 2 345        IKEv2 348    SSL VPNs 348        SSL VPN Design Considerations 351    Exam Preparation Tasks 353    Review All Key Topics 353    Complete Tables and Lists from Memory 353    Define Key Terms 353    Q&A 353Part IV Host-Based AnalysisChapter 8 Windows-Based Analysis 357    "Do I Know This Already?" Quiz 357    Foundation Topics 360    Process and Threads 360    Memory Allocation 362    Windows Registration 364    Windows Management Instrumentation 366    Handles 368    Services 369    Windows Event Logs 372    Exam Preparation Tasks 375    Review All Key Topics 375    Define Key Terms 375    Q&A 375    References and Further Reading 377Chapter 9 Linux- and Mac OS X-Based Analysis 379    "Do I Know This Already?" Quiz 379    Foundation Topics 382    Processes 382    Forks 384    Permissions 385    Symlinks 390    Daemons 391    UNIX-Based Syslog 392    Apache Access Logs 396    Exam Preparation Tasks 398    Review All Key Topics 398    Complete Tables and Lists from Memory 398    Define Key Terms 398    Q&A 399    References and Further Reading 400Chapter 10 Endpoint Security Technologies 403    "Do I Know This Already?" Quiz 403    Foundation Topics 406    Antimalware and Antivirus Software 406    Host-Based Firewalls and Host-Based Intrusion Prevention 408    Application-Level Whitelisting and Blacklisting 410    System-Based Sandboxing 411    Exam Preparation Tasks 414    Review All Key Topics 414    Complete Tables and Lists from Memory 414    Define Key Terms 414    Q&A 414Part V Security Monitoring and Attack MethodsChapter 11 Network and Host Telemetry 419    "Do I Know This Already?" Quiz 419    Foundation Topics 422    Network Telemetry 422        Network Infrastructure Logs 422        Traditional Firewall Logs 426        Syslog in Large Scale Environments 430        Next-Generation Firewall and Next-Generation IPS Logs 437        NetFlow Analysis 445        Cisco Application Visibility and Control (AVC) 469        Network Packet Capture 470        Wireshark 473        Cisco Prime Infrastructure 474    Host Telemetry 477        Logs from User Endpoints 477        Logs from Servers 481    Exam Preparation Tasks 483    Review All Key Topics 483    Complete Tables and Lists from Memory 483    Define Key Terms 483    Q&A 484Chapter 12 Security Monitoring Operational Challenges 487    "Do I Know This Already?" Quiz 487    Foundation Topics 490    Security Monitoring and Encryption 490    Security Monitoring and Network Address Translation 491    Security Monitoring and Event Correlation Time Synchronization 491    DNS Tunneling and Other Exfiltration Methods 491    Security Monitoring and Tor 493    Security Monitoring and Peer-to-Peer Communication 494    Exam Preparation Tasks 495    Review All Key Topics 495    Define Key Terms 495    Q&A 495Chapter 13 Types of Attacks and Vulnerabilities 499    "Do I Know This Already?" Quiz 499    Foundation Topics 502    Types of Attacks 502        Reconnaissance Attacks 502        Social Engineering 504        Privilege Escalation Attacks 506        Backdoors 506        Code Execution 506        Man-in-the Middle Attacks 506        Denial-of-Service Attacks 507        Attack Methods for Data Exfiltration 510        ARP Cache Poisoning 511        Spoofing Attacks 512        Route Manipulation Attacks 513        Password Attacks 513        Wireless Attacks 514    Types of Vulnerabilities 514    Exam Preparation Tasks 518    Review All Key Topics 518    Define Key Terms 518    Q&A 518Chapter 14 Security Evasion Techniques 523    "Do I Know This Already?" Quiz 523    Foundation Topics 526    Encryption and Tunneling 526        Key Encryption and Tunneling Concepts 531    Resource Exhaustion 531    Traffic Fragmentation 532    Protocol-Level Misinterpretation 533    Traffic Timing, Substitution, and Insertion 535    Pivoting 536    Exam Preparation Tasks 541    Review All Key Topics 541    Complete Tables and Lists from Memory 541    Define Key Terms 541    Q&A 541    References and Further Reading 543Part VI Final PreparationChapter 15 Final Preparation 545    Tools for Final Preparation 545        Pearson Cert Practice Test Engine and Questions on the Website 545        Customizing Your Exams 547        Updating Your Exams 547        The Cisco Learning Network 548        Memory Tables 548        Chapter-Ending Review Tools 549    Suggested Plan for Final Review/Study 549    Summary 549Part VII AppendixesAppendix A Answers to the "Do I Know This Already?" Quizzes and Q&AQuestions 551Glossary 571Elements Available on the Book WebsiteAppendix B Memory TablesAppendix C Memory Tables Answer KeyAppendix D Study Planner9781587147029, TOC, 3/9/2017