CyberOps Associate 200-201 CBROPS

Eğitim Hakkında

CyberOps Associate 200-201 CBROPS Eğitimi, siber güvenlik ve olay müdahalesi alanlarında uzmanlaşmak isteyenler için kapsamlı bir yol haritası sunmaktadır. Eğitim programı, katılımcıları CIA triadı, ağ ve uç nokta güvenliği, tehdit istihbaratı, risk yönetimi gibi temel güvenlik kavramları ile donatmaktadır. Ayrıca SIEM, SOAR, log yönetimi, çeşitli ağ ve web saldırı türleri gibi ileri düzey konular derinlemesine işlenmekte ve pratik uygulamalarla desteklenmektedir. Bu sayede katılımcılar, güvenlik olaylarına hızlı ve etkili müdahaleler gerçekleştirebilecek beceriler kazanırken, SOC gibi kritik rollere de hazırlanmaktadır. Program, siber güvenlik kariyerinde ilerlemek isteyenler için ideal bir fırsat sunmaktadır.

Ön Koşul

Katılımcıların temel ağ ve bilgi güvenliği bilgisine sahip olmaları gerekmektedir.

Eğitim İçeriği

Security Concepts

Describe the CIA triad
Compare security deployments
Network, endpoint, and application security systems
Agentless and agent-based protections
Legacy antivirus and antimalware
SIEM, SOAR, and log management
Describe security terms
Threat intelligence (TI)
Threat hunting
Malware analysis
Threat actor
Run book automation (RBA)
Reverse engineering
Sliding window anomaly detection
Principle of least privilege
Zero trust
Threat intelligence platform (TIP)
Compare security concepts
Risk (risk scoring/risk weighting, risk reduction, risk assessment)
Threat
Vulnerability
Exploit
Describe the principles of the defense-in-depth strategy
Compare access control models
Discretionary access control
Mandatory access control
Nondiscretionary access control
Authentication, authorization, accounting
Rule-based, Time-based, Role-based access controls
Describe terms as defined in CVSS
Attack vector
Attack complexity
Privileges required
User interaction
Scope
Identify the challenges of data visibility (network, host, and cloud) in detection
Identify potential data loss from provided traffic profiles
Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
Compare rule-based detection vs. behavioral and statistical detection

Security Monitoring

Compare attack surface and vulnerability
Identify the types of data provided by these technologies
TCP dump
NetFlow
Next-gen firewall
Traditional stateful firewall
Application visibility and control
Web content filtering
Email content filtering
Describe the impact of these technologies on data visibility
Access control list
NAT/PAT
Tunneling
TOR
Encryption
P2P
Encapsulation
Load balancing
Describe the uses of these data types in security monitoring
Full packet capture
Session data
Transaction data
Statistical data
Metadata
Alert data
Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
Describe web application attacks, such as SQL injection, command injections, and cross-site scripting
Describe social engineering attacks
Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies
Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
Identify the certificate components in a given scenario
Cipher-suite
X.509 certificates
Key exchange
Protocol version
PKCS

Host Based Analysis

Describe the functionality of these endpoint technologies in regard to security monitoring
Host-based intrusion detection
Antimalware and antivirus
Host-based firewall
Application-level listing/block listing
Systems-based sandboxing (such as Chrome, Java, Adobe Reader)
Identify components of an operating system (such as Windows and Linux) in a given scenario
Describe the role of attribution in an investigation
Assets
Threat actor
Indicators of compromise
Indicators of attack
Chain of custody
Identify type of evidence used based on provided logs
Best evidence
Corroborative evidence
Indirect evidence
Compare tampered and untampered disk image
Interpret operating system, application, or command line logs to identify an event
Interpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)
Hashes
URLs
Systems, events, and networking

Network Intrusion Analysis

Map the provided events to source technologies
IDS/IPS
Firewall
Network application control
Proxy logs
Antivirus
Transaction data (NetFlow)
Compare impact and no impact for these items
False positive and negative
True positive and negative
Benign
Compare deep packet inspection with packet filtering and stateful firewall operation
Compare inline traffic interrogation and taps or traffic monitoring
Compare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
Extract files from a TCP stream when given a PCAP file and Wireshark
Identify key elements in an intrusion from a given PCAP file
Source address
Destination address
Source port
Destination port
Protocols
Payloads
Interpret the fields in protocol headers as related to intrusion analysis
Ethernet frame
IPv4
IPv6
TCP
UDP
ICMP
DNS
SMTP/POP3/IMAP
HTTP/HTTPS/HTTP2
ARP
Interpret common artifact elements from an event to identify an alert
IP address (source / destination)
Client and server port identity
Process (file or registry)
System (API calls)
Hashes
URI / URL
Interpret basic regular expressions

Security Policies and Procedures

Describe management concepts
Asset management
Configuration management
Mobile device management
Patch management
Vulnerability management
Describe the elements in an incident response plan as stated in NIST.SP800-61
Apply the incident handling process (such as NIST.SP800-61) to an event
Map elements to these steps of analysis based on the NIST.SP800-61
Preparation, Detection and Analysis
Containment, Eradication, and Recovery
Post-incident analysis (lessons learned)
Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
Preparation, Detection and analysis
Containment, Eradication, and Recovery
Post-incident analysis (lessons learned)
Describe concepts as documented in NIST.SP800-86
Evidence collection order
Data integrity and preservation
Volatile data collection
Identify these elements used for network profiling
Total throughput
Session duration
Ports used
Critical asset address space
Identify these elements used for server profiling
Listening ports
Logged in users/service accounts
Running processes
Running tasks
Applications
Identify protected data in a network
PII
PSI
PHI
Intellectual property
Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion
Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)

Kazanımlar

Siber güvenlik alanında uzmanlık düzeyinde bilgi ve beceri kazandırmak

Güvenlik operasyonları ve olay müdahalesi konularında yetkinlik sağlamak

Temel güvenlik kavramlarına derinlemesine hakimiyet sağlamak

SIEM, SOAR, log yönetimi gibi güvenlik araçlarını etkin bir şekilde kullanmayı öğretmek

Güvenlik olaylarına hızlı ve etkili müdahale yetenekleri kazandırmak

Hedef Kitle

Bilgi Güvenliği Profesyonelleri

Siber Güvenlik Uzmanları

Ağ Güvenliği Uzmanları

Veri Güvenliği Uzmanları

Güvenlik Analistleri ve Danışmanları

BT Alanındaki Üst Düzey Yöneticiler

Sertifika

Eğitimlerimize %80 oranında katılım gösterilmesi ve eğitim müfredatına göre uygulanacak sınav/projelerin başarıyla tamamlanması durumunda, eğitimin sonunda dijital ve QR kod destekli “BT Akademi Başarı Sertifikası” verilmektedir.