Understanding Cisco Cybersecurity Fundamentals (SECFND 210-250)

Overview

This section gives the information about Cisco Cybersecurity Fundamentals SECFND Exam 210-250. It coves cybersecurity basics, foundational networking and security knowledge and develop skills needed in preparation for the second (SECOPS) exam.

Describe Network Models

This section discusses The Open Systems Interconnect (OSI) model and looks at the seven integrated layers. It examines the Application, Presentation, and Session layers. It covers Transport layer, Network, Data Link and Physical.

Describe Basic Networking Protocols

This section reviews Internet Protocol and compare its versions. It covers IPv6 essentials and its concepts. It highlights the differences and similarities between Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). It also explains Internet Control Message Protocol (ICMP) and its dependent utilities.

Describe Basic Networking Services

This section covers cybersecurity basics, foundational networking and security knowledge and develop skills needed in preparation for the second (SECOPS) exam. It also explains the process in which computers convert hostnames and fully qualified domain names into IP address.

Describe Networking Devices Operations

This section focuses on networking & hardware. It discusses routers, switches and hubs. It explains modern products such as Wireless Access Points (WAP) and Wireless LAN Controller (WLC).

Describe Network Security Systems

This section covers Cisco security systems. It shows how firewalls can be implemented in various ways. It also explains how Cisco incorporates an intrusion prevention system or Cisco Next Generation Intrusion Prevention System (NGIPS). It also offers a comprehensive malware solution called Advances Malware Protection (AMP).

Describe Basic Network Addressing

This section covers the structure of IP addresses. It identifies the distinction of host versus network bits and explain why it is important to understand the structure. It also explains a high-level understanding of subnetting.

Describe VLANS and Data Visability

This section explains what a Virtual Local Area Network is and why to use on your network. It also demonstrates a potential security risk and learn some tips to help mitigate that risk.

Describe ACL Usage on Interfaces

This section discusses Access Control Lists (ACLs) and how to apply packet filtering. It demonstrates how to block traffic based upon IP addresses with a Cisco router. It also explores the notion of firewall devices operating at higher levels of the OSI to perform additional functions.

Compare Different Filtering Methods

This section talks about packet inspection. It explains what it means and why one would choose such a precise option for their environment.

Compare Packet Capture Methods

This section covers different methods to capture packets. It shows inline traffic interrogation such as an IPS, Test Access Points (TAPs) and how these devices copy network traffic. It also explains traffic mirroring .

Compare Packet Analysis Output

This section talks about what to do with the different types of output from the packet capturing methods. It explains how one would utilize TAPs output followed by a demonstration of a output analysis using a traffic mirroring utility called Wireshark. It also demonstrates how to use Cisco NetFlow in addition to using Wireshark to obtain the same flow information.

Identify Traffic Loss from Packet Analysis

This section explains Data Loss. From a security standpoint the term being used to describe a data breach. From a networking standpoint data loss takes on a new meaning, literally loosing or dropping packets across your network. It shows this concept occurring by analyzing TCP retransmits, duplicate ACK and ACKed unseen packets using Wireshark.

Describe Defense in Depth Principles

This section explains the principles of Defense-in-Depth. It talks about the importance and practice of setting up multiple defenses that are independent “road blocks”, designed to frustrate a malicious person from accessing unauthorized data.

Define Security Concepts and Terms

This section discusses key, foundational security terms and concepts. It compares Risk, Threats, Vulnerabilities, and Exploits. It also define the terms such as Threat Actor, Run Book Automation(RBA), Chain of Custody, and Reverse Engineering.

Understand Access Control Models

This section compare and contrast different access control models. It covers discretionary access control, mandatory access control, as well as nondiscretionary access control.

Compare Security Admin Terms

This section explains several industry standard terms related to security. They look at network and host-based antivirus, and agent-based versus agentless protection. They also talk about log collection and SIEM systems.

Describe Security Management Concepts

This section describes foundational security management concepts which are key to maintaining a secure environment. It explains Asset management, Configuration management, Mobile Device management, Patch management, and Vulnerability management.

Describe Crypto Algorithm Usage

This section describes how crypto algorithms are used to help secure data in a digital environment. It explains hash algorithms and how it works. It also covers encryption algorithms and shows how to obfuscate data crossing a wire.

Describe Digital Signature Creation

This section discusses use of digital signatures. It covers the process of digital signature creation and verification. It shows how a digital certificate is issued, hashed and encrypted by the senders private key.

Describe PKI Operations

This section covers Public Key Infrastructure. It talks talks about how to implement PKI . It shows how a certificate lifecycle can be described as cyclic. It covers the beginning stage, such as the certificate enrollment process, all the way to the end of life either thru expiration or revocation and how a certificate revocation list is useful.

Describe Key Exchange Security

This section describes how the success or failure of a cryptographic exchange impact a security investigation. It explains the technologies and protocols to understand where to focus on investigation and put efforts in the event of an attack. It also discusses the pros and cons of various crypto options.

Describe SSL TLS Components

This section discusses various characteristics and considerations of SSL/TLS and it’s components. It talks about cipher-suites, securing communications and various protocols that use SSL/TLS. It also looks at X.509 certificates and the attributes associated with certificates.

Describe Hashing Algorithms

This section discusses security impact of commonly used hashing algorithms. It talks about verification of data origin and integrity as well as the characteristics of what successful hashing algorithms provide. It also explains the various hashing algorithms available to implement in todays networks.

Encryption Algorithms and Protocols

This section explains what are encryption algorithms, how they came into existence, and their security impact on our networks and lives. It clarifies the difference between transposition, substitution, block and stream ciphers. It also discusses numerous types of encryption algorithms their characteristics and uses.

Define Windows Terms

This section covers basic terminology. It includes processes, threads, handles, services, memory allocation, Windows Registry, and WMI.

Define Linux Terms

This section talks basic Linux definitions, processes and process trees. It demonstrates in a Linux Debian computer how to list running processes to view system resource utilization.

Describe Endpoint Security Monitoring

This section explains what is endpoint security, what it does and the risk associated to it.

Interpret OS Log Data

This section discusses the importances of being able to interpret log data. It demonstrates in a windows environment how to navigate the event viewer and decipher the information. It shows the log info for a Unix environment and Apache access log syntax structure.

Identify Data Types

This section talks about a method to examine network traffic. It demonstrates a tool used in Linux environments called TCP dump. It shows how to install the tool as well as the options available to customize your filters. It explore different types of data. It also demonstrates different ways to analyze data within our networks. It covers the tools such as TCP Dump, Wireshark, and NetFlow used for analyzation.

Describe NSM Data

This section talks about different types of data that can be useful tools for network security monitoring. Full capture packets, Session data, transaction data, statistical data, extracted content and alert data can all be used to monitor our networks.

Describe Monitoring Context

This section covers the importance of monitoring different network components. It shows how and where one would configure an access control list on a router. It also explain network and port address translation.

Describe NGIPS Events

This section covers different types of events that can give infrmation about what is going on within the network. It demonstrates Cisco’s FireSight utility to highlight these events. It shows how to view connection, intrusion, host, network discovery and NetFlow events transpiring with the lab environment.

Monitor Protocols

This section discusses the importance of monitoring the protocols being used within your network. The protocols examined are Domain Name System (DNS) and Network Time Protocol (NTP). It explains weaknesses within the protocols as well as things to look for.

Describe Security Attack Concepts

This explains several different attack concepts. It compares and contrast an attach surface versus vulnerabilities. It also covers attacks such as privilege escalation, social engineering, phishing, evasion methods, remote and local attacks.

Describe Network and Web App Attacks

This section covers different attack styles. It describes Denial of Service (DOS), Distributed Denial of Service (DDOS), Man in the Middle (MitM) and SQL injection attack variations. It also explains types of Cross Site Scripting (XSS), Lightweight Directory Access Protocol (LDAP) injection, Directory Traversal and header manipulation.

Describe Attacks and Evasion Methods

This section describes attacks and evasion methods attackers may use. It explains how a buffer overflow attack can effect a system. It covers types of malware such as rootkits and command and control variations. At the end it shows what port scanning and host profiling is and how an attacker can benefit from these techniques.