Ön Koşul
.
Eğitim Hakkında
Sertifika:
Eğitimlerimize %80 oranında katılım gösterilmesi ve eğitim müfredatına göre uygulanacak sınav/projelerin başarıyla tamamlanması durumunda, eğitimin sonunda dijital ve QR kod destekli “BT Akademi Başarı Sertifikası” verilmektedir.
Eğitim İçeriği
- 1 Describe the CIA triad
- 2 Compare security deployments
- 2.a Network, endpoint, and application security systems
- 2.b Agentless and agent-based protections
- 2.c Legacy antivirus and antimalware
- 2.d SIEM, SOAR, and log management
- 3 Describe security terms
- 3.a Threat intelligence (TI)
- 3.b Threat hunting
- 3.c Malware analysis
- 3.d Threat actor
- 3.e Run book automation (RBA)
- 3.f Reverse engineering
- 3.g Sliding window anomaly detection
- 3.h Principle of least privilege
- 3.i Zero trust
- 3.j Threat intelligence platform (TIP)
- 4 Compare security concepts
- 4.a Risk (risk scoring/risk weighting, risk reduction, risk assessment)
- 4.b Threat
- 4.c Vulnerability
- 4.d Exploit
- 5 Describe the principles of the defense-in-depth strategy
- 6 Compare access control models
- 6.a Discretionary access control
- 6.b Mandatory access control
- 6.c Nondiscretionary access control
- 6.d Authentication, authorization, accounting
- 6.e Rule-based access control
- 6.f Time-based access control
- 6.g Role-based access control
- 7 Describe terms as defined in CVSS
- 7.a Attack vector
- 7.b Attack complexity
- 7.c Privileges required
- 7.d User interaction
- 7.e Scope
- 8 Identify the challenges of data visibility (network, host, and cloud) in detection
- 9 Identify potential data loss from provided traffic profiles
- 10 Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
- 11 Compare rule-based detection vs. behavioral and statistical detection
- 1 Compare attack surface and vulnerability
- 2 Identify the types of data provided by these technologies
- 2.a TCP dump
- 2.b NetFlow
- 2.c Next-gen firewall
- 2.d Traditional stateful firewall
- 2.e Application visibility and control
- 2.f Web content filtering
- 2.g Email content filtering
- 3 Describe the impact of these technologies on data visibility
- 3.a Access control list
- 3.b NAT/PAT
- 3.c Tunneling
- 3.d TOR
- 3.e Encryption
- 3.f P2P
- 3.g Encapsulation
- 3.h Load balancing
- 4 Describe the uses of these data types in security monitoring
- 4.a Full packet capture
- 4.b Session data
- 4.c Transaction data
- 4.d Statistical data
- 4.e Metadata
- 4.f Alert data
- 5 Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
- 6 Describe web application attacks, such as SQL injection, command injections, and cross-site scripting
- 7 Describe social engineering attacks
- 8 Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
- 9 Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies
- 10 Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
- 11 Identify the certificate components in a given scenario
- 11.a Cipher-suite
- 11.b X.509 certificates
- 11.c Key exchange
- 11.d Protocol version
- 11.e PKCS
- 1 Describe the functionality of these endpoint technologies in regard to security monitoring
- 1.a Host-based intrusion detection
- 1.b Antimalware and antivirus
- 1.c Host-based firewall
- 1.d Application-level listing/block listing
- 1.e Systems-based sandboxing (such as Chrome, Java, Adobe Reader)
- 2 Identify components of an operating system (such as Windows and Linux) in a given scenario
- 3 Describe the role of attribution in an investigation
- 3.a Assets
- 3.b Threat actor
- 3.c Indicators of compromise
- 3.d Indicators of attack
- 3.e Chain of custody
- 4 Identify type of evidence used based on provided logs
- 4.a Best evidence
- 4.b Corroborative evidence
- 4.c Indirect evidence
- 5 Compare tampered and untampered disk image
- 6 Interpret operating system, application, or command line logs to identify an event
- 7 Interpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)
- 7.a Hashes
- 7.b URLs
- 7.c Systems, events, and networking
- 1 Map the provided events to source technologies
- 1.a IDS/IPS
- 1.b Firewall
- 1.c Network application control
- 1.d Proxy logs
- 1.e Antivirus
- 1.f Transaction data (NetFlow)
- 2 Compare impact and no impact for these items
- 2.a False positive
- 2.b False negative
- 2.c True positive
- 2.d True negative
- 2.e Benign
- 3 Compare deep packet inspection with packet filtering and stateful firewall operation
- 4 Compare inline traffic interrogation and taps or traffic monitoring
- 5 Compare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
- 6 Extract files from a TCP stream when given a PCAP file and Wireshark
- 7 Identify key elements in an intrusion from a given PCAP file
- 7.a Source address
- 7.b Destination address
- 7.c Source port
- 7.d Destination port
- 7.e Protocols
- 7.f Payloads
- 8 Interpret the fields in protocol headers as related to intrusion analysis
- 8.a Ethernet frame
- 8.b IPv4
- 8.c IPv6
- 8.d TCP
- 8.e UDP
- 8.f ICMP
- 8.g DNS
- 8.h SMTP/POP3/IMAP
- 8.i HTTP/HTTPS/HTTP2
- 8.j ARP
- 9 Interpret common artifact elements from an event to identify an alert
- 9.a IP address (source / destination)
- 9.b Client and server port identity
- 9.c Process (file or registry)
- 9.d System (API calls)
- 9.e Hashes
- 9.f URI / URL
- 10 Interpret basic regular expressions
- 1 Describe management concepts
- 1.a Asset management
- 1.b Configuration management
- 1.c Mobile device management
- 1.d Patch management
- 1.e Vulnerability management
- 2 Describe the elements in an incident response plan as stated in NIST.SP800-61
- 3 Apply the incident handling process (such as NIST.SP800-61) to an event
- 4 Map elements to these steps of analysis based on the NIST.SP800-61
- 4.a Preparation
- 4.b Detection and analysis
- 4.c Containment, eradication, and recovery
- 4.d Post-incident analysis (lessons learned)
- 5 Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
- 5.a Preparation
- 5.b Detection and analysis
- 5.c Containment, eradication, and recovery
- 5.d Post-incident analysis (lessons learned)
- 6 Describe concepts as documented in NIST.SP800-86
- 6.a Evidence collection order
- 6.b Data integrity
- 6.c Data preservation
- 6.d Volatile data collection
- 7 Identify these elements used for network profiling
- 7.a Total throughput
- 7.b Session duration
- 7.c Ports used
- 7.d Critical asset address space
- 8 Identify these elements used for server profiling
- 8.a Listening ports
- 8.b Logged in users/service accounts
- 8.c Running processes
- 8.d Running tasks
- 8.e Applications
- 9 Identify protected data in a network
- 9.a PII
- 9.b PSI
- 9.c PHI
- 9.d Intellectual property
- 10 Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion
- 11 Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)
Neden Bu Eğitimi Almalısınız ?
.
Önemli Notlar
Program ücretlerine KDV dahil değildir.
Paylaş: