CCNA Cyber Ops (SECOPS 210-255)

Service Description

1.1 Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox 1.2 Describe these terms as they are defined in the CVSS 3.0: 1.2.a Attack vector 1.2.b Attack complexity 1.2.c Privileges required 1.2.d User interaction 1.2.e Scope 1.3 Describe these terms as they are defined in the CVSS 3.0 1.3.a Confidentiality 1.3.b Integrity 1.3.c Availability 1.4 Define these items as they pertain to the Microsoft Windows file system 1.4.a FAT32 1.4.b NTFS 1.4.c Alternative data streams 1.4.d MACE 1.4.e EFI 1.4.f Free space 1.4.g Timestamps on a file system 1.5 Define these terms as they pertain to the Linux file system 1.5.a EXT4 1.5.b Journaling 1.5.c MBR 1.5.d Swap file system 1.5.e MAC 1.6 Compare and contrast three types of evidence 1.6.a Best evidence 1.6.b Corroborative evidence 1.6.c Indirect evidence 1.7 Compare and contrast two types of image 1.7.a Altered disk image 1.7.b Unaltered disk image 1.8 Describe the role of attribution in an investigation 1.8.a Assets 1.8.b Threat actor 2.1 Interpret basic regular expressions 2.2 Describe the fields in these protocol headers as they relate to intrusion analysis: 2.2.a Ethernet frame 2.2.b IPv4 2.2.c IPv6 2.2.d TCP 2.2.e UDP 2.2.f ICMP 2.2.g HTTP 2.3 Identify the elements from a NetFlow v5 record from a security event 2.4 Identify these key elements in an intrusion from a given PCAP file 2.4.a Source address 2.4.b Destination address 2.4.c Source port 2.4.d Destination port 2.4.e Protocols 2.4.f Payloads 2.5 Extract files from a TCP stream when given a PCAP file and Wireshark 2.6 Interpret common artifact elements from an event to identify an alert 2.6.a IP address (source / destination) 2.6.b Client and Server Port Identity 2.6.c Process (file or registry) 2.6.d System (API calls) 2.6.e Hashes 2.6.f URI / URL 2.7 Map the provided events to these source technologies 2.7.a NetFlow 2.7.b IDS / IPS 2.7.c Firewall 2.7.d Network application control 2.7.e Proxy logs 2.7.f Antivirus 2.8 Compare and contrast impact and no impact for these items 2.8.a False Positive 2.8.b False Negative 2.8.c True Positive 2.8.d True Negative 2.9 Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC) 3.1 Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2 3.2 Map elements to these steps of analysis based on the NIST.SP800-61 r2 3.2.a Preparation And other skills

Cancellation Policy

Please read our policy before anything else! https://www.pheniix.com/impressum For cancellations, please contact us at least 48 hours in advance to avoid being charged. Best regards, Pheniix

Contact Details