Corso Cisco CBROPS – Understanding Cisco Cybersecurity Operations Fundamentals

Obiettivi | Certificazione | Contenuti | Tipologia | Prerequisiti | Durata e Frequenza | Docenti | Modalità di Iscrizione | Calendario

Certificazione Cisco CyberOps Associate

Il Corso CBROPS Understanding Cisco Cybersecurity Operations Fundamentals è un programma di formazione altamente specializzato che si rivolge a coloro che desiderano acquisire competenze essenziali nell’ambito delle operazioni di sicurezza informatica. Durante il corso, i partecipanti avranno l’opportunità di apprendere le basi delle reti, dei sistemi di sicurezza e delle minacce informatiche, nonché le migliori pratiche per la prevenzione, il rilevamento e la risposta agli attacchi informatici. I partecipanti saranno guidati attraverso una serie di lezioni teoriche e pratiche che coprono argomenti come la sicurezza delle reti, l’analisi delle minacce, la gestione degli incidenti di sicurezza e le tecniche di investigazione digitale. Inoltre, verranno introdotti ai vari strumenti e tecnologie utilizzati nelle operazioni di sicurezza informatica, come i sistemi di prevenzione delle intrusioni, i firewall e gli strumenti di analisi del traffico di rete. Il corso si rivolge sia ai principianti nel campo della sicurezza informatica, sia a coloro che già lavorano in ambito IT e desiderano ampliare le loro conoscenze e competenze nel settore. I partecipanti impareranno come proteggere le infrastrutture informatiche, rilevare e prevenire gli attacchi e rispondere in modo efficace agli incidenti di sicurezza. Il corso contribuisce alla preparazione dell’esame di Certificazione Cisco CyberOps Associate (Esame 200-201).

Sintesi Statistica:
  • Corsi realizzati: 57;
  • Numero Corsisti: 520;
  • Superamento Esame: 93,10%

Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri Docenti (Clicca qui)
oppure chiamaci subito al nostro Numero Verde (800-177596)

Obiettivi del corso

Di seguito una sintesi degli obiettivi principali del Corso CBROPS Understanding Cisco Cybersecurity Operations Fundamentals:

  • Apprendimento delle basi delle reti e dei sistemi di sicurezza.
  • Conoscenza delle minacce informatiche e delle tecniche di prevenzione.
  • Introduzione alla sicurezza delle reti e all'analisi delle minacce.
  • Gestione degli incidenti di sicurezza e tecniche di investigazione digitale.
  • Familiarità con strumenti e tecnologie di sicurezza informatica.

Certificazione del corso

Esame 200-201 CBROPS Cisco Certified CyberOps Associate CyberOps; La certificazione Cisco Certified CyberOps Associate è ottenibile attraverso il superamento dell’esame 200-201 CBROPS. Questa certificazione attesta le competenze necessarie per inserirsi professionalmente in un team operante nell’ambito dei Security Operations Center centri operativi di sicurezza SOC nei ruoli di Security operations analyst, Security incident responder e  Forensic analyst. L’esame CBROPS mette alla prova le conoscenze e le abilità di un candidato relative ai concetti di sicurezza quali: monitoraggio della sicurezza, analisi basate su host, analisi delle intrusioni di rete, applicazione delle politiche di sicurezza e procedure generali.

Contenuti del corso

  • Defining the Security Operations Center
  • Introduction
  • Types of Security Operations Centers
  • SOC Analyst Tools
  • Data Analytics
  • Hybrid Installations: Automated Reports, Anomaly Alerts
  • Staffing an Effective Incident Response Team
  • Roles in a Security Operations Center
  • Developing Key Relationships with External Resources
  • Understanding Network Infrastructure and Network Security Monitoring Tools
  • Introduction
  • NAT Fundamentals
  • Packet Filtering with ACLs
  • ACLs with the Established Option
  • Access Control Models
  • Authentication, Authorization, and Accounting
  • Load Balancing
  • Network-Based Malware Protection
  • Network Security Monitoring Tools
  • Exploring Data Type Categories
  • Introduction
  • Network Security Monitoring Data
  • Network Security Monitoring Data Types
  • Security Information and Event Management Systems
  • Security Orchestration, Automation, and Response
  • Security Onion Overview
  • Full Packet Capture
  • Packet Captures
  • Packet Capture Using Tcpdump
  • Session Data
  • Transaction Data
  • Alert Data
  • Other Data Types
  • Correlating NSM Data
  • Information Security Confidentiality, Integrity, and Availability
  • Personally Identifiable Information
  • Regulatory Compliance
  • Intellectual Property
  • Use NSM Tools to Analyze Data Categories
  • Understanding Basic Cryptography Concepts
  • Introduction
  • Impact of Cryptography on Security Investigations
  • Cryptography Overview
  • Hash Algorithms
  • Encryption Overview
  • Cryptanalysis
  • Symmetric Encryption Algorithms
  • Asymmetric Encryption Algorithms
  • Diffie-Hellman Key Agreement
  • Use Case: SSH
  • Digital Signatures
  • PKI Overview
  • PKI Operations
  • Use Case: SSL/TLS
  • Cipher Suite
  • Key Management
  • NSA Suite B
  • Explore Cryptographic Technologies
  • Understanding Common TCP/IP Attacks
  • Introduction
  • Address Resolution Protocol
  • Legacy TCP/IP Vulnerabilities
  • IP Vulnerabilities
  • ICMP Vulnerabilities
  • TCP Vulnerabilities
  • UDP Vulnerabilities
  • Attack Surface and Attack Vectors
  • Reconnaissance Attacks
  • Access Attacks
  • Man-in-the-Middle Attacks
  • Denial of Service and Distributed Denial of Service
  • Reflection and Amplification Attacks
  • Spoofing Attacks
  • DHCP Attacks
  • Explore TCP/IP Attacks
  • Understanding Endpoint Security Technologies
  • Introduction
  • Host-Based Personal Firewall
  • Host-Based Antivirus
  • Host Intrusion Prevention System
  • Application Whitelists and Blacklists
  • Host-Based Malware Protection
  • Sandboxing
  • File Integrity Checking
  • Explore Endpoint Security
  • Understanding Incident Analysis in a Threat-Centric SOC
  • Introduction
  • Classic Kill Chain Model Overview
  • Kill Chain Phase : Reconnaissance
  • Kill Chain Phase : Weaponization
  • Kill Chain Phase : Delivery
  • Kill Chain Phase : Exploitation
  • Kill Chain Phase : Installation
  • Kill Chain Phase : Command-and-Control
  • Kill Chain Phase : Actions on Objectives
  • Applying the Kill Chain Model
  • Diamond Model Overview
  • Applying the Diamond Model
  • MITRE ATTACK™ Framework
  • Investigate Hacker Methodology
  • Identifying Resources for Hunting Cyber Threats
  • Introduction
  • Cyber-Threat Hunting Concepts
  • Hunting Maturity Model
  • Cyber Threat Hunting Cycle
  • Common Vulnerability Scoring System
  • CVSS vScoring
  • CVSS vExample
  • Hot Threat Dashboard
  • Publicly Available Threat Awareness Resources
  • Other External Threat Intelligence Sources and Feeds Reference
  • Security Intelligence
  • Threat Analytic Systems
  • Security Tools Reference
  • Hunt Malicious Traffic
  • Understanding Event Correlation and Normalization
  • Introduction
  • Event Sources
  • Evidence
  • Chain of Custody
  • Security Data Normalization
  • Event Correlation
  • Other Security Data Manipulation
  • Correlate Event Logs, PCAPs, and Alerts of an Attack
  • Identifying Common Attack Vectors
  • Introduction
  • DNS Operations
  • Recursive DNS Query
  • Dynamic DNS
  • HTTP Operations
  • HTTPS Operations
  • HTTP/ Operations
  • SQL Operations
  • SMTP Operations
  • Web Scripting
  • Obfuscated JavaScript
  • Shellcode and Exploits
  • Common Metasploit Payloads
  • Directory Traversal
  • SQL Injection
  • Cross-Site Scripting
  • Punycode
  • DNS Tunneling
  • Pivoting
  • HTTP Cushioning
  • Gaining Access Via Web-Based Attacks
  • Exploit Kits
  • Emotet Advanced Persistent Threat
  • Investigate Browser-Based Attacks
  • Identifying Malicious Activity
  • Introduction
  • Understanding the Network Design
  • Zero Trust Model
  • Identifying Possible Threat Actors
  • Log Data Search
  • System Logs
  • Windows Event Viewer
  • Firewall Log
  • DNS Log
  • Web Proxy Log
  • Email Proxy Log
  • AAA Server Log
  • Next Generation Firewall Log
  • Applications Log
  • NetFlow
  • NetFlow as a Security Tool
  • Network Behavior Anomaly Detection
  • Data Loss Detection Using NetFlow Example
  • DNS Risk and Mitigation Tool
  • IPS Evasion Techniques
  • The Onion Router
  • Gaining Access and Control
  • Peer-to-Peer Networks
  • Encapsulation
  • Altered Disk Image
  • Analyze Suspicious DNS Activity
  • Explore Security Data for Analysis
  • Identifying Patterns of Suspicious Behavior
  • Introduction
  • Network Baselining
  • Identifying Anomalies and Suspicious Behaviors
  • PCAP Analysis
  • Delivery
  • Investigate Suspicious Activity Using Security Onion
  • Conducting Security Incident Investigations
  • Introduction
  • Security Incident Investigation Procedures
  • Threat Investigation Example: China Chopper Remote Access Trojan
  • Investigate Advanced Persistent Threats
  • Using a Playbook Model to Organize Security Monitoring
  • Introduction
  • Security Analytics
  • Playbook Definition
  • What Is in a Play?
  • Playbook Management System
  • Explore SOC Playbooks
  • Understanding SOC Metrics
  • Introduction
  • Security Data Aggregation
  • Time to Detection
  • Security Controls Detection Effectiveness
  • SOC Metrics
  • Understanding SOC Workflow and Automation
  • Introduction
  • SOC WMS Concepts
  • Incident Response Workflow
  • SOC WMS Integration
  • SOC Workflow Automation Example
  • Describing Incident Response
  • Introduction
  • Incident Response Planning
  • Incident Response Life Cycle
  • Incident Response Policy Elements
  • Incident Attack Categories
  • Reference: US-CERT Incident Categories
  • Regulatory Compliance Incident Response Requirements
  • CSIRT Categories
  • CSIRT Framework
  • CSIRT Incident Handling Services
  • Understanding the Use of VERIS
  • Introduction
  • VERIS Overview
  • VERIS Incidents Structure
  • VERIS A’s
  • VERIS Records
  • VERIS Community Database
  • Verizon Data Breach Investigations Report and Cisco Annual Security Report
  • Understanding Windows Operating System Basics
  • Introduction
  • Windows Operating System History
  • Windows Operating System Architecture
  • Windows Processes, Threads, and Handles
  • Windows Virtual Memory Address Space
  • Windows Services
  • Windows File System Overview
  • Windows File System Structure
  • Windows Domains and Local User Accounts
  • Windows GUI
  • Run as Administrator
  • Windows CLI
  • Windows PowerShell
  • Windows net Command
  • Controlling Startup Services and Executing System Shutdown
  • Controlling Services and Processes
  • Monitoring System Resources
  • Windows Boot Process
  • Windows Networking
  • Windows netstat Command
  • Accessing Network Resources with Windows
  • Windows Registry
  • Windows Management Instrumentation
  • Common Windows Server Functions
  • Common Third-Party Tools
  • Explore the Windows Operating System
  • Understanding Linux Operating System Basics
  • Introduction
  • History and Benefits of Linux
  • Linux Architecture
  • Linux File System Overview
  • Basic File System Navigation and Management Commands
  • File Properties and Permissions
  • Editing File Properties
  • Root and Sudo
  • Disks and File Systems
  • System Initialization
  • Emergency/Alternate Startup Options
  • Shutting Down the System
  • System Processes
  • Interacting with Linux
  • Linux Command Shell Concepts
  • Piping Command Output
  • Other Useful Command-Line Tools
  • Overview of Secure Shell Protocol
  • Networking
  • Managing Services in SysV Environments
  • Viewing Running Network Services
  • Name Resolution: DNS
  • Testing Name Resolution
  • Viewing Network Traffic
  • Configuring Remote Syslog
  • Running Software on Linux
  • Executables vs. Interpreters
  • Using Package Managers to Install Software in Linux
  • System Applications
  • Lightweight Directory Access Protocol
  • Explore the Linux Operating System
Attività Laboratoriali
  • Configure the Initial Collaboration Lab Environment
  • Use NSM Tools to Analyze Data Categories
  • Explore Cryptographic Technologies
  • Explore TCP/IP Attacks
  • Explore Endpoint Security
  • Investigate Hacker Methodology
  • Hunt Malicious Traffic
  • Correlate Event Logs, PCAPs, and Alerts of an Attack
  • Investigate Browser-Based Attacks
  • Analyze Suspicious DNS Activity
  • Explore Security Data for Analysis
  • Investigate Suspicious Activity Using Security Onion
  • Investigate Advanced Persistent Threats
  • Explore SOC Playbooks
  • Explore the Windows Operating System
  • Explore the Linux Operating System

Tipologia

Corso di Formazione con Docente

Docenti

I docenti sono Istruttori accreditati CISCO e certificati in altre tecnologie IT, con anni di esperienza pratica nel settore e nella Formazione.

Infrastruttura laboratoriale

Per tutte le tipologie di erogazione, il Corsista può accedere alle attrezzature e ai sistemi reali Cisco presenti nei Nostri laboratori o direttamente presso i data center Cisco in modalità remota h24. Ogni partecipante dispone di un accesso per implementare le varie configurazioni avendo così un riscontro pratico e immediato della teoria affrontata. Ecco di seguito alcune topologie di rete dei Laboratori Cisco Disponibili:

Corso Cisco CBROPS – Understanding Cisco Cybersecurity Operations Fundamentals

Dettagli del corso

Prerequisiti

Nessun Prerequisito.

Durata del corso

  • Durata Estensiva 54 Ore;
  • Durata Intensiva 5gg;

Frequenza

Varie tipologie di Frequenza Estensiva ed Intensiva.

Date del corso

  • Corso Cisco CBROPS (Formula Intensiva) – 20/05/2024 – 09:00 – 17:00
  • Corso Cisco CBROPS (Formula Estensiva Serale) – 13/06/2024 – Mar. Gio. 18:30/21:30
  • Corso Cisco CBROPS (Formula Intensiva) – 09/09/2024 – 09:00 – 17:00

Modalità di iscrizione

Le iscrizioni sono a numero chiuso per garantire ai tutti i partecipanti un servizio eccellente. L’iscrizione avviene richiedendo di essere contattati dal seguente Link, o contattando la sede al numero verde 800-177596 o inviando una richiesta all’email [email protected].