Introduction
Evaluating intrusion alerts
()
Prepare for Cisco CBROPS exam v1.0
()
Setting up your test environment
()
1. Working with Network Security Data
Comparing methods to examine traffic
()
Comparing IPS and IDS
()
Recognizing alerts and events
()
Monitoring traffic
()
Interpreting IDS/IPS alerts
()
Challenge: Install the CyberOps workstation
()
Solution: Install the CyberOps workstation
()
2. Evaluating Alerts and Log Files
Being application aware
()
Evaluating antivirus alerts
()
Viewing web proxy logs
()
Challenge: Regular expressions
()
Solution: Regular expressions
()
3. Using Wireshark to Evaluate Traffic
Understanding the OSI model
()
Tapping into the network
()
Creating an Ethernet frame
()
Identifying key elements from a pcap
()
Extracting objects from a pcap
()
Challenge: Log file analysis
()
Solution: Log file analysis
()
4. Diving into TCP/IP Headers
Understanding TCP
()
Moving through the TCP handshake and teardown
()
Recognizing User Datagram Protocol
()
Viewing IPv4
()
Investigating IPv6
()
Grasping ICMP
()
Discovering ICMPv6
()
5. Visualizing Application Data
Analyzing HTTP
()
Dissecting DNS
()
Using ARP
()
Outlining email threats
()
Detecting malware by examining artifacts
()
Confirming malware by examining artifacts
()
Ex_Files_Cisco_Cert_CyberOps_Associate_4.zip
(282 KB)