Esame 210-250 SECFND Understanding Cisco Cybersecurity Fundamentals

2020-02-27 - 1300 parole - tempo di lettura 6 minuti

Codice Esame : 210-250 SECFND
versione : 1.0
Vendor : Cisco

This exam is the first of the two required exams to achieve the CCNA Cyber Ops certification and is aligned with the job role of an associate-level Security Operations Center (SOC) Security Analyst. The SECFND exam tests candidates understanding of cybersecurity’s basic principles, foundational knowledge, and core skills needed to grasp the more advanced associate-level materials in the second required exam, “Implementing Cisco Cybersecurity Operations (SECOPS)”.

Area : CyberSecurity
Status : Retired
Esame iniziato il: terminato il : 28-05-2020

Durata (minuti): 90
Domande : min 60 - max 70

Punteggio : min: - max: -
Costo :

Exam topics:

• 1.0 - Network Concepts - 12%

  • 1.1 - Describe the function of the network layers as specified by the OSI and the TCP/IP network models
  • 1.2 - Describe the operation of the following
  • 1.2.a - IP
  • 1.2.b - TCP
  • 1.2.c - UDP
  • 1.2.d - ICMP
  • 1.3 - Describe the operation of these network services
  • 1.3.a - ARP
  • 1.3.b - DNS
  • 1.3.c - DHCP
  • 1.4 - Describe the basic operation of these network device types
  • 1.4.a - Router
  • 1.4.b - Switch
  • 1.4.c - Hub
  • 1.4.d - Bridge
  • 1.4.e - Wireless access point (WAP)
  • 1.4.f - Wireless LAN controller (WLC)
  • 1.5 - Describe the functions of these network security systems as deployed on the host, network, or the cloud:
  • 1.5.a - Firewall
  • 1.5.b - Cisco Intrusion Prevention System (IPS)
  • 1.5.c - Cisco Advanced Malware Protection (AMP)
  • 1.5.d - Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
  • 1.5.e - Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)
  • 1.6 - Describe IP subnets and communication within an IP subnet and between IP subnets
  • 1.7 - Describe the relationship between VLANs and data visibility
  • 1.8 - Describe the operation of ACLs applied as packet filters on the interfaces of network devices
  • 1.9 - Compare and contrast deep packet inspection with packet filtering and stateful firewall operation
  • 1.10 - Compare and contrast inline traffic interrogation and taps or traffic mirroring
  • 1.11 - Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
  • 1.12 - Identify potential data loss from provided traffic profiles

• 2.0 - Security Concepts - 17%

  • 2.1 - Describe the principles of the defense in depth strategy
  • 2.2 - Compare and contrast these concepts
  • 2.2.a - Risk
  • 2.2.b - Threat
  • 2.2.c - Vulnerability
  • 2.2.d - Exploit
  • 2.3 - Describe these terms
  • 2.3.a - Threat actor
  • 2.3.b - Run book automation (RBA)
  • 2.3.c - Chain of custody (evidentiary)
  • 2.3.d - Reverse engineering
  • 2.3.e - Sliding window anomaly detection
  • 2.3.f - PII
  • 2.3.g - PHI
  • 2.4 - Describe these security terms
  • 2.4.a - Principle of least privilege
  • 2.4.b - Risk scoring/risk weighting
  • 2.4.c - Risk reduction
  • 2.4.d - Risk assessment
  • 2.5 - Compare and contrast these access control models
  • 2.5.a - Discretionary access control
  • 2.5.b - Mandatory access control
  • 2.5.c - Nondiscretionary access control
  • 2.6 - Compare and contrast these terms
  • 2.6.a - Network and host antivirus
  • 2.6.b - Agentless and agent-based protections
  • 2.6.c - SIEM and log collection
  • 2.7 - Describe these concepts
  • 2.7.a - Asset management
  • 2.7.b - Configuration management
  • 2.7.c - Mobile device management
  • 2.7.d - Patch management
  • 2.7.e - Vulnerability management

• 3.0 - Cryptography - 12%

  • 3.1 - Describe the uses of a hash algorithm
  • 3.2 - Describe the uses of encryption algorithms
  • 3.3 - Compare and contrast symmetric and asymmetric encryption algorithms
  • 3.4 - Describe the processes of digital signature creation and verification
  • 3.5 - Describe the operation of a PKI
  • 3.6 - Describe the security impact of these commonly used hash algorithms
  • 3.6.a - MD5
  • 3.6.b - SHA-1
  • 3.6.c - SHA-256
  • 3.6.d - SHA-512
  • 3.7 - Describe the security impact of these commonly used encryption algorithms and secure communications protocols
  • 3.7.a - DES
  • 3.7.b - 3DES
  • 3.7.c - AES
  • 3.7.d - AES256-CTR
  • 3.7.e - RSA
  • 3.7.f - DSA
  • 3.7.g - SSH
  • 3.7.h - SSL/TLS
  • 3.8 - Describe how the success or failure of a cryptographic exchange impacts security investigation
  • 3.9 - Describe these items in regards to SSL/TLS
  • 3.9.a - Cipher-suite
  • 3.9.b - X.509 certificates
  • 3.9.c - Key exchange
  • 3.9.d - Protocol version
  • 3.9.e - PKCS

• 4.0 - Host-Based Analysis - 19%

  • 4.1 - Define these terms as they pertain to Microsoft Windows
  • 4.1.a - Processes
  • 4.1.b - Threads
  • 4.1.c - Memory allocation
  • 4.1.d - Windows Registry
  • 4.1.e - WMI
  • 4.1.f - Handles
  • 4.1.g - Services
  • 4.2 - Define these terms as they pertain to Linux
  • 4.2.a - Processes
  • 4.2.b - Forks
  • 4.2.c - Permissions
  • 4.2.d - Symlinks
  • 4.2.e - Daemon
  • 4.3 - Describe the functionality of these endpoint technologies in regards to security monitoring
  • 4.3.a - Host-based intrusion detection
  • 4.3.b - Antimalware and antivirus
  • 4.3.c - Host-based firewall
  • 4.3.d - Application-level whitelisting/blacklisting
  • 4.3.e - Systems-based sandboxing (such as Chrome, Java, Adobe reader)
  • 4.4 - Interpret these operating system log data to identify an event
  • 4.4.a - Windows security event logs
  • 4.4.b - Unix-based syslog
  • 4.4.c - Apache access logs
  • 4.4.d - IIS access logs

• 5.0 - Security Monitoring - 19%

  • 5.1 - Identify the types of data provided by these technologies
  • 5.1.a - TCP Dump
  • 5.1.b - NetFlow
  • 5.1.c - Next-Gen firewall
  • 5.1.d - Traditional stateful firewall
  • 5.1.e - Application visibility and control
  • 5.1.f - Web content filtering
  • 5.1.g - Email content filtering
  • 5.2 - Describe these types of data used in security monitoring
  • 5.2.a - Full packet capture
  • 5.2.b - Session data
  • 5.2.c - Transaction data
  • 5.2.d - Statistical data
  • 5.2.f - Extracted content
  • 5.2.g - Alert data
  • 5.3 - Describe these concepts as they relate to security monitoring
  • 5.3.a - Access control list
  • 5.3.b - NAT/PAT
  • 5.3.c - Tunneling
  • 5.3.d - TOR
  • 5.3.e - Encryption
  • 5.3.f - P2P
  • 5.3.g - Encapsulation
  • 5.3.h - Load balancing
  • 5.4 - Describe these NextGen IPS event types
  • 5.4.a - Connection event
  • 5.4.b - Intrusion event
  • 5.4.c - Host or endpoint event
  • 5.4.d - Network discovery event
  • 5.4.e - NetFlow event
  • 5.5 - Describe the function of these protocols in the context of security monitoring
  • 5.5.a - DNS
  • 5.5.b - NTP
  • 5.5.c - SMTP/POP/IMAP
  • 5.5.d - HTTP/HTTPS

• 6.0 - Attack Methods - 21%

  • 6.1 - Compare and contrast an attack surface and vulnerability
  • 6.2 - Describe these network attacks
  • 6.2.a - Denial of service
  • 6.2.b - Distributed denial of service
  • 6.2.c - Man-in-the-middle
  • 6.3 - Describe these web application attacks
  • 6.3.a - SQL injection
  • 6.3.b - Command injections
  • 6.3.c - Cross-site scripting
  • 6.4 - Describe these attacks
  • 6.4.a - Social engineering
  • 6.4.b - Phishing
  • 6.4.c - Evasion methods
  • 6.5 - Describe these endpoint-based attacks
  • 6.5.a - Buffer overflows
  • 6.5.b - Command and control (C2)
  • 6.5.c - Malware
  • 6.5.d - Rootkit
  • 6.5.e - Port scanning
  • 6.5.f - Host profiling
  • 6.6 - Describe these evasion methods
  • 6.6.a - Encryption and tunneling
  • 6.6.b - Resource exhaustion
  • 6.6.c - Traffic fragmentation
  • 6.6.d - Protocol-level misinterpretation
  • 6.6.e - Traffic substitution and insertion
  • 6.6.f - Pivot
  • 6.7 - Define privilege escalation
  • 6.8 - Compare and contrast remote exploit and a local exploit

Link all’esame sul sito ufficiale 210-250 SECFND - Understanding Cisco Cybersecurity Fundamentals

_{Reference ID: 20}