Cisco Certified CyberOps Associate (200-201) Cert Prep: 4 Network Intrusion Analysis
2hIntermediate2024-12-11
Authors

Lisa Bock
Security ambassador with a broad range of IT skills and knowledge
Course details
Cybersecurity specialists and related positions are some of the most in-demand security positions today, and the Cisco CBROPS exam is a big part of proving your skills for any cybersecurity job. In this course, Lisa Bock helps you prepare for the exam, covering the network intrusion analysis topics you need to know. Lisa shows how an intrusion detection/intrusion prevention system can detect and mitigate common attacks, as well as identify potentially malicious traffic that may have slipped by organizational defenses. She explains how to comb through data and interpret IDS/IPS alerts and artifacts from an event and log files for an indication of compromise. And she takes a deep dive into packet analysis to examine how Wireshark helps you evaluate network traffic and application data.
Skills covered
Incident ResponseNetwork AdministrationCybersecurityCert PrepNetwork and System Administration
Concepts
0. Introduction
- 01 - Evaluating intrusion alerts
- 02 - Setting up your test environment
1. Working with Network Security Data
- 03 - Comparing methods to examine traffic
- 04 - Comparing IPS and IDS
- 05 - Recognizing alerts and events
- 06 - Monitoring traffic
- 07 - Interpreting IDS IPS alerts
2. Evaluating Alerts and Log Files
- 08 - Being application aware
- 09 - Evaluating antivirus alerts
- 10 - Viewing web proxy logs
- 11 - Challenge - Regular expressions
- 12 - Solution - Regular expressions
3. Using Wireshark to Evaluate Traffic
- 13 - Understanding the OSI model
- 14 - Tapping into the network
- 15 - Creating an Ethernet frame
- 16 - Identifying key elements from a pcap
- 17 - Extracting objects from a pcap
- 18 - Challenge - Log file analysis
- 19 - Solution - Log file analysis
4. Diving into TCP IP Headers
- 20 - Understanding TCP
- 21 - Moving through the TCP handshake and teardown
- 22 - Recognizing User Datagram Protocol
- 23 - Viewing IPv4
- 24 - Investigating IPv6
- 25 - Grasping ICMP
- 26 - Discovering ICMPv6
5. Visualizing Application Data
- 27 - Analyzing HTTP
- 28 - Dissecting DNS
- 29 - Using ARP
- 30 - Outlining email threats
- 31 - Detecting malware by examining artifacts
- 32 - Confirming malware by examining artifacts
Conclusion
- 33 - Next steps
Related courses
- Cisco Certified CyberOps Associate (200-201) Cert Prep: 2 Security Monitoring
- Cisco Certified CyberOps Associate (200-201) Cert Prep: 3 Host-Based Analysis
- Cisco Certified CyberOps Associate (200-201) Cert Prep: 5 Security Policies and Procedures
- Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
- Cisco Certified Support Technician (CCST) Networking Cert Prep: 1 Network Fundamentals
- Cisco Certified Support Technician (CCST) Networking Cert Prep: 2 IP Addressing
- Cisco Certified Support Technician (CCST) Networking Cert Prep: 3 Connecting Network Devices
- Cisco Certified Support Technician (CCST) Networking Cert Prep: 4 Troubleshooting and Securing Networks
Related learn paths
- CyberOps Associate: Prepare for the Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) Exam
- CCNP Security: Prepare for the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) Exam
- CCNP Collaboration: Prepare for the Implementing Cisco Collaboration Core Technologies (350-801 CLCOR) Exam
- CCNP Enterprise: Prepare for the Implementing Cisco Enterprise Advanced Routing and Services (300-410 ENARSI) Exam
- Prepare for the Cisco CCNP ENCOR v1.1 (350-401) Exam
- Getting Started with Cisco Networks
- Prepare for the Cisco Certified Support Technician (CCST) Networking Certification
- Prepare for the Cisco Certified Network Associate (CCNA) (200-301) Certification Exam