CCNA Cybersecurity Operations Companion Guide

Features

• Portable, desk reference for take-home study and reference anytime, anywhere.
• Aligns to the online course chapters.
• Provides students with the only authorized, full-featured textbook for the Cisco Networking Academy course
• Book-based pedagogy that serves as additional reinforcement in helping the student learn the topics covered in the course.
  

Online Sample Chapters

Cybersecurity and the Security Operations Center

Linux Operating System

Table of Contents

Introduction xxiv

Chapter 1 Cybersecurity and the Security Operations Center 1

Objectives 1

Key Terms 1

Introduction (1.0) 2

The Danger (1.1) 2

War Stories (1.1.1) 2

Hijacked People (1.1.1.1) 2

Ransomed Companies (1.1.1.2) 3

Nations (1.1.1.3) 3

Threat Actors (1.1.2) 4

Amateurs (1.1.2.1) 4

Hacktivists (1.1.2.2) 4

Financial Gain (1.1.2.3) 4

Trade Secrets and Global Politics (1.1.2.4) 4

How Secure Is the Internet of Things? (1.1.2.5) 4

Threat Impact (1.1.3) 5

PII and PHI (1.1.3.1) 5

Lost Competitive Advantage (1.1.3.2) 6

Politics and National Security (1.1.3.3) 6

Fighters in the War Against Cybercrime (1.2) 7

The Modern Security Operations Center (1.2.1) 7

Elements of an SOC (1.2.1.1) 7

People in the SOC (1.2.1.2) 8

Process in the SOC (1.2.1.3) 8

Technologies in the SOC (1.2.1.4) 9

Enterprise and Managed Security (1.2.1.5)

Security vs. Availability (1.2.1.6)

Becoming a Defender (1.2.2)

Certifications (1.2.2.1)

Further Education (1.2.2.2)

Sources of Career Information (1.2.2.3)

Getting Experience (1.2.2.4)

Summary (1.3)

Practice

Check Your Understanding

Chapter 2 Windows Operating System

Objectives

Key Terms

Introduction (2.0)

Windows Overview (2.1)

Windows History (2.1.1)

Disk Operating System (2.1.1.1)

Windows Versions (2.1.1.2)

Windows GUI (2.1.1.3)

Operating System Vulnerabilities (2.1.1.4)

Windows Architecture and Operations (2.1.2)

Hardware Abstraction Layer (2.1.2.1)

User Mode and Kernel Mode (2.1.2.2)

Windows File Systems (2.1.2.3)

Windows Boot Process (2.1.2.4)

Windows Startup and Shutdown (2.1.2.5)

Processes, Threads, and Services (2.1.2.6)

Memory Allocation and Handles (2.1.2.7)

The Windows Registry (2.1.2.8)

Windows Administration (2.2)

Windows Configuration and Monitoring (2.2.1)

Run as Administrator (2.2.1.1)

Local Users and Domains (2.2.1.2)

CLI and PowerShell (2.2.1.3)

Windows Management Instrumentation (2.2.1.4)

The net Command (2.2.1.5)

Task Manager and Resource Monitor (2.2.1.6)

Networking (2.2.1.7)

Accessing Network Resources (2.2.1.8)

Windows Server (2.2.1.9)

Windows Security (2.2.2)

The netstat Command (2.2.2.1)

Event Viewer (2.2.2.2)

Windows Update Management (2.2.2.3)

Local Security Policy (2.2.2.4)

Windows Defender (2.2.2.5)

Windows Firewall (2.2.2.6)

Chapter 3 Linux Operating System

Objectives

Key Terms

Introduction (3.0)

Linux Overview (3.1)

Linux Basics (3.1.1)

What is Linux? (3.1.1.1)

The Value of Linux (3.1.1.2)

Linux in the SOC (3.1.1.3)

Linux Tools (3.1.1.4)

Working in the Linux Shell (3.1.2)

The Linux Shell (3.1.2.1)

Basic Commands (3.1.2.2)

File and Directory Commands (3.1.2.3)

Working with Text Files (3.1.2.4)

The Importance of Text Files in Linux (3.1.2.5)

Linux Servers and Clients (3.1.3)

An Introduction to Client-Server Communications (3.1.3.1)

Servers, Services, and Their Ports (3.1.3.2)

Clients (3.1.3.3)

Linux Administration (3.2)

Basic Server Administration (3.2.1)

Service Configuration Files (3.2.1.1)

Hardening Devices (3.2.1.2)

Monitoring Service Logs (3.2.1.3)

The Linux File System (3.2.2)

The File System Types in Linux (3.2.2.1)

Linux Roles and File Permissions (3.2.2.2)

Hard Links and Symbolic Links (3.2.2.3)

Linux Hosts (3.3)

Working with the Linux GUI (3.3.1)

X Window System (3.3.1.1)

The Linux GUI (3.3.1.2)

Working on a Linux Host (3.3.2)

Installing and Running Applications on a

Linux Host (3.3.2.1)

Keeping the System Up to Date (3.3.2.2)

Processes and Forks (3.3.2.3)

Malware on a Linux Host (3.3.2.4)

Rootkit Check (3.3.2.5)

Piping Commands (3.3.2.6)

Summary (3.4)

Practice

Check Your Understanding

Chapter 4 Network Protocols and Services

Objectives

Key Terms

Introduction (4.0)

Network Protocols (4.1)

Network Communications Process (4.1.1)

Views of the Network (4.1.1.1)

Client-Server Communications (4.1.1.2)

A Typical Session: Student (4.1.1.3)

A Typical Session: Gamer (4.1.1.4)

A Typical Session: Surgeon (4.1.1.5)

Tracing the Path (4.1.1.6)

Communications Protocols (4.1.2)

What Are Protocols? (4.1.2.1)

Network Protocol Suites (4.1.2.2)

The TCP/IP Protocol Suite (4.1.2.3)

Format, Size, and Timing (4.1.2.4)

Unicast, Multicast, and Broadcast (4.1.2.5)

Reference Models (4.1.2.6)

Three Addresses (4.1.2.7)

Encapsulation (4.1.2.8)

Scenario: Sending and Receiving a Web Page (4.1.2.9)

Ethernet and Internet Protocol (IP) (4.2)

Ethernet (4.2.1)

The Ethernet Protocol (4.2.1.1)

The Ethernet Frame (4.2.1.2)

MAC Address Format (4.2.1.3)

IPv4 (4.2.2)

IPv4 Encapsulation (4.2.2.1)

IPv4 Characteristics (4.2.2.2)

The IPv4 Packet (4.2.2.4)

IPv4 Addressing Basics (4.2.3)

IPv4 Address Notation (4.2.3.1)

IPv4 Host Address Structure (4.2.3.2)

IPv4 Subnet Mask and Network Address (4.2.3.3)

Subnetting Broadcast Domains (4.2.3.4)

Types of IPv4 Addresses (4.2.4)

IPv4 Address Classes and Default Subnet Masks (4.2.4.1)

Reserved Private Addresses (4.2.4.2)

The Default Gateway (4.2.5)

Host Forwarding Decision (4.2.5.1)

Default Gateway (4.2.5.2)

Using the Default Gateway (4.2.5.3)

IPv6 (4.2.6)

Need for IPv6 (4.2.6.1)

IPv6 Size and Representation (4.2.6.2)

IPv6 Address Formatting (4.2.6.3)

IPv6 Prefix Length (4.2.6.4)

Connectivity Verification (4.3)

ICMP (4.3.1)

ICMPv4 Messages (4.3.1.1)

ICMPv6 RS and RA Messages (4.3.1.2)

Ping and Traceroute Utilities (4.3.2)

Ping: Testing the Local Stack (4.3.2.1)

Ping: Testing Connectivity to the Local LAN (4.3.2.2)

Ping: Testing Connectivity to Remote Host (4.3.2.3)

Traceroute: Testing the Path (4.3.2.4)

ICMP Packet Format (4.3.2.5)

Address Resolution Protocol (4.4)

MAC and IP (4.4.1)

Destination on the Same Network (4.4.1.1)

Destination on a Remote Network (4.4.1.2)

ARP (4.4.2)

Introduction to ARP (4.4.2.1)

ARP Functions (4.4.2.2)

Removing Entries from an ARP Table (4.4.2.6)

ARP Tables on Networking Devices (4.4.2.7)

ARP Issues (4.4.3)

ARP Broadcasts (4.4.3.1)

ARP Spoofing (4.4.3.2)

The Transport Layer (4.5)

Transport Layer Characteristics (4.5.1)

Transport Layer Protocol Role in Network Communication (4.5.1.1)

Transport Layer Mechanisms (4.5.1.2)

TCP Local and Remote Ports (4.5.1.3)

Socket Pairs (4.5.1.4)

TCP vs. UDP (4.5.1.5)

TCP and UDP Headers (4.5.1.6)

Transport Layer Operation (4.5.2)

TCP Port Allocation (4.5.2.1)

A TCP Session Part I: Connection Establishment and Termination (4.5.2.2)

A TCP Session Part II: Data Transfer (4.5.2.6)

A UDP Session (4.5.2.9)

Network Services (4.6)

DHCP (4.6.1)

DHCP Overview (4.6.1.1)

DHCPv4 Message Format (4.6.1.2)

DNS (4.6.2)

DNS Overview (4.6.2.1)

The DNS Domain Hierarchy (4.6.2.2)

The DNS Lookup Process (4.6.2.3)

DNS Message Format (4.6.2.4)

Dynamic DNS (4.6.2.5)

The WHOIS Protocol (4.6.2.6)

NAT (4.6.3)

NAT Overview (4.6.3.1)

NAT-Enabled Routers (4.6.3.2)

Port Address Translation (4.6.3.3)

File Transfer and Sharing Services (4.6.4)

FTP and TFTP (4.6.4.1)

SMB (4.6.4.2)

Email (4.6.5)

Email Overview (4.6.5.1)

SMTP (4.6.5.2)

POP3 (4.6.5.3)

IMAP (4.6.5.4)

HTTP (4.6.6)

HTTP Overview (4.6.6.1)

The HTTP URL (4.6.6.2)

The HTTP Protocol (4.6.6.3)

HTTP Status Codes (4.6.6.4)

Summary (4.7)

Practice

Check Your Understanding

Chapter 5 Network Infrastructure

Objectives

Key Terms

Introduction (5.0)

Network Communication Devices (5.1)

Network Devices (5.1.1)

End Devices (5.1.1.1)

Routers (5.1.1.3)

Router Operation (5.1.1.5)

Routing Information (5.1.1.6)

Hubs, Bridges, LAN Switches (5.1.1.8)

Switching Operation (5.1.1.9)

VLANs (5.1.1.11)

STP (5.1.1.12)

Multilayer Switching (5.1.1.13)

Wireless Communications (5.1.2)

Protocols and Features (5.1.2.2)

Wireless Network Operations (5.1.2.3)

The Client to AP Association Process (5.1.2.4)

Wireless Devices: AP, LWAP, WLC (5.1.2.6)

Network Security Infrastructure (5.2)

Security Devices (5.2.1)

Firewalls (5.2.1.2)

Firewall Type Descriptions (5.2.1.3)

Packet Filtering Firewalls (5.2.1.4)

Stateful Firewalls (5.2.1.5)

Next-Generation Firewalls (5.2.1.6)

Intrusion Protection and Detection Devices (5.2.1.8)

Advantages and Disadvantages of IDS and IPS (5.2.1.9)

Types of IPS (5.2.1.10)

Specialized Security Appliances (5.2.1.11)

Security Services (5.2.2)

Traffic Control with ACLs (5.2.2.2)

ACLs: Important Features (5.2.2.3)

SNMP (5.2.2.5)

NetFlow (5.2.2.6)

Port Mirroring (5.2.2.7)

Syslog Servers (5.2.2.8)

NTP (5.2.2.9)

AAA Servers (5.2.2.10)

VPN (5.2.2.11)

Network Representations (5.3)

Network Topologies (5.3.1)

Overview of Network Components (5.3.1.1)

Physical and Logical Topologies (5.3.1.2)

WAN Topologies (5.3.1.3)

LAN Topologies (5.3.1.4)

The Three-Layer Network Design Model (5.3.1.5)

Common Security Architectures (5.3.1.7)

Summary (5.4)

Practice

Check Your Understanding

Chapter 6 Principles of Network Security

Objectives

Key Terms

Introduction (6.0)

Attackers and Their Tools (6.1)

Who Is Attacking Our Network (6.1.1)

Threat, Vulnerability, and Risk (6.1.1.1)

Hacker vs. Threat Actor (6.1.1.2)

Evolution of Threat Actors (6.1.1.3)

Cybercriminals (6.1.1.4)

Cybersecurity Tasks (6.1.1.5)

Cyber Threat Indicators (6.1.1.6)

Threat Actor Tools (6.1.2)

Introduction of Attack Tools (6.1.2.1)

Evolution of Security Tools (6.1.2.2)

Categories of Attacks (6.1.2.3)

Common Threats and Attacks (6.2)

Malware (6.2.1)

Types of Malware (6.2.1.1)

Viruses (6.2.1.2)

Trojan Horses (6.2.1.3)

Trojan Horse Classification (6.2.1.4)

Worms (6.2.1.5)

Worm Components (6.2.1.6)

Ransomware (6.2.1.7)

Other Malware (6.2.1.8)

Common Malware Behaviors (6.2.1.9)

Common Network Attacks (6.2.2)

Types of Network Attacks (6.2.2.1)

Reconnaissance Attacks (6.2.2.2)

Sample Reconnaissance Attacks (6.2.2.3)

Access Attacks (6.2.2.4)

Types of Access Attacks (6.2.2.5)

Social Engineering Attacks (6.2.2.6)

Phishing Social Engineering Attacks (6.2.2.7)

Strengthening the Weakest Link (6.2.2.8)

Denial-of-Service Attacks (6.2.2.10)

DDoS Attacks (6.2.2.11)

Example DDoS Attack (6.2.2.12)

Buffer Overflow Attack (6.2.2.13)

Evasion Methods (6.2.2.14)

Summary (6.3)

Practice

Check Your Understanding

Chapter 7 Network Attacks: A Deeper Look

Objectives

Key Terms

Introduction (7.0)

Network Monitoring and Tools (7.1)

Introduction to Network Monitoring (7.1.1)

Network Security Topology (7.1.1.1)

Monitoring the Network (7.1.1.2)

Network TAPs (7.1.1.3)

Traffic Mirroring and SPAN (7.1.1.4)

Introduction to Network Monitoring Tools (7.1.2)

Network Security Monitoring Tools (7.1.2.1)

Network Protocol Analyzers (7.1.2.2)

NetFlow (7.1.2.3)

SIEM (7.1.2.4)

SIEM Systems (7.1.2.5)

Attacking the Foundation (7.2)

IP Vulnerabilities and Threats (7.2.1)

IPv4 and IPv6 (7.2.1.1)

The IPv4 Packet Header (7.2.1.2)

The IPv6 Packet Header (7.2.1.3)

IP Vulnerabilities (7.2.1.4)

ICMP Attacks (7.2.1.5)

DoS Attacks (7.2.1.6)

Amplification and Reflection Attacks (7.2.1.7)

DDoS Attacks (7.2.1.8)

Address Spoofing Attacks (7.2.1.9)

TCP and UDP Vulnerabilities (7.2.2)

TCP (7.2.2.1)

TCP Attacks (7.2.2.2)

UDP and UDP Attacks (7.2.2.3)

Attacking What We Do (7.3)

IP Services (7.3.1)

ARP Vulnerabilities (7.3.1.1)

ARP Cache Poisoning (7.3.1.2)

DNS Attacks (7.3.1.3)

DNS Tunneling (7.3.1.4)

DHCP (7.3.1.5)

Submit Errata