CCNA Cyber Ops 國際認可證書課程

現今公司或團體在管理網絡上，不時要面對關於網絡安全上的問題，而負責保護系統的網絡安全人員亦要迅速的發現安全漏洞及針對漏洞作出有效的應對。此類工作需要對不同系統在運作及保安上有一定認識， 始能在面對網絡安全上的威脅時作出有效的檢測和應對。

Cisco 作為全球最大網絡安全設備生產商之一，除了生產各類安全設備外，同時也致力培養網絡安全人材以應對現今的網絡安全威脅。CCNA Cyber Ops (網絡安全運營) 認證可為相關人員提供網絡安全的知識，培養他們成為可在安全運營中心（Security Operations Centers）工作的網絡安全分析師。

取得 CCNA Cyber Ops 認證，可證明你有作為安全運營中心分析師的知識及專業水準，可為公司或團體應對不同網絡安全上的威脅。
此認證的一個特點是內容大部份為基本網絡安全上的知識，而非使用 Cisco 安全設備上的專用知識。因此報讀此課程對現在或將來會或不會使用 Cisco 生產的安全設備均也合適。

課程中部份網絡安全的知識會在課堂上以實例形式通過 Linux / Windows 等等作業系統作出示範，令學員對相關內容有更清晰的認識。

本中心的 Cisco 課程均由 Norman Lau、Franco Tsang 及 Vincent Ho 等多位 CCIE 籌備多時，精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試，均為你度身訂造，作出有系統的編排。務求真正教識你，又令你考試及格。

只要你於下列科目取得合格成績，便可獲 Cisco 頒發 CCNA Cyper Ops (Cisco Certified Network Associate - Cyber Ops，Cisco 認可網路夥伴 - 網絡安全運營) 國際認可證書：

本中心為 Cisco 指定的 CCNA Cyber Ops 證書考試試場，報考時請致電本中心，登記欲報考之科目考試編號、考試日期及時間 (最快可即日報考)。

臨考試前要繳付考試費 HK$2,348，及必須出示下列兩項有效之身份證明文件，否則考生不可進行考試，而已繳付之考試費亦不會退回：
1. 香港身份證   及
2. 附有考生姓名及簽名的證件 (如信用咭、香港特區護照、BNO 等)

考試題目由澳洲考試中心傳送到你要應考的電腦，考試時以電腦作答。所有考試題目均為英文，而大多數的考試題目為單項選擇題 (意即 O) 或多項選擇題 (意即 口)，其餘則為配對題及實戰題。作答完成後會立即出現你的分數，結果即考即知！考試不合格便可重新報考，不限次數。欲知道作答時間、題目總數、合格分數等詳細考試資料，可瀏覽本中心網頁 "各科考試分數資料"。

為進一步加強本中心 Cisco 的課程質素，本中心投放大量資源購買 Cisco 器材，以供學員進行實習。以下是本中心擁有的 Cisco 器材 (種類繁多，未能盡錄)：

210-250 Understanding Cisco Cybersecurity Fundamentals

1. Networking Protocols and Devices
1.1 Networking Models
1.1.1 OSI Model
1.1.2 TCP/IP
1.2 Networking Procotols
1.2.1 Internet Protocol (IP)
1.2.2 User Datagram Protocol (UDP)
1.2.3 Transmission Control Protocol (TCP)
1.2.4 Internet Control Message Protocol (ICMP)
1.2.5 Dynamic Host Configuration Protocol (DHCP)
1.2.6 Domain Name System (DNS)
1.2.7 Network Time Protocol (NTP)
1.2.8 Hypertext Transfer Protocol (HTTP)
1.2.9 Ethernet
1.2.10 Address Resolution Protocol (ARP)
1.3 Networking Devices and Related Features
1.3.1 Switch
1.3.2 Virtual LAN (VLAN)
1.3.3 Router
1.3.4 Firewall
1.3.5 Intrusion Detection / Prevention System (IDS / IPS)
1.3.6 Cisco Advanced Malware Protection
1.4 Wireless Communication
1.4.1 Wireless Protocols / Standards
1.4.2 Wireless Access Point
1.4.3 SSID, Authentication and Encryption
1.4.4 Wireless LAN Controller

2. Networking Hosts
2.1 Windows
2.1.1 Process
2.1.2 Thread
2.1.3 Memory Allocation
2.1.4 Windows Registry
2.1.5 Windows Management Instrumentation (WMI)
2.1.6 Handles
2.1.7 Services
2.2 Linux
2.2.1 Processes
2.2.2 Forks
2.2.3 Daemon
2.2.4 Permission
2.2.5 Symlinks
2.3 Logging
2.3.1 Windows system logging
2.3.2 Linux system logging
2.3.3 Windows application logging - IIS access log
2.3.4 Linux application logging - Apache access log
2.4 Host-Based Security
2.4.1 Windows Firewall
2.4.2 Linux Firewall
2.4.3 IDS / Antivirues
2.4.4 Sandboxing

3. Cryptography
3.1 Hashing
3.1.1 Overview
3.1.2 Algorithms
3.1.3 Security Concerns about Hashed Password
3.1.4 Security Concerns about Uash Hash for Data Integrity
3.2 Symmetric Encrption
3.2.1 Overiew
3.2.2 Algorithm
3.2.3 Modes of Operations for Bloack Cipher
3.3 Asymmetric Encrption
3.3.1 Overiew
3.3.2 Encrypting / Decrypting Large Amount of Data
3.3.3 Digital Signature
3.3.4 Algorithms
3.4 Public Key Infrastructure
3.4.1 Background
3.4.2 Certificates
3.4.3 The Infrastructure
3.4.4 Content and File Format
3.5 Diffie-Hellman Key Exchange
3.6 Cryptographic Protocols
3.6.1 SSH
3.6.2 SSL/TLS

4. Security Concepts
4.1 Terms Related to Security Risk
4.1.1 Asset
4.1.2 Vulnerability
4.1.3 Exploit
4.1.4 Threat
4.1.5 Risk
4.2 Asset Management
4.2.1 Asset Management
4.2.2 Mobile Device Management
4.2.3 Configuration Management
4.2.4 Patch Management
4.2.5 Vulnerability Management
4.3 Access Control
4.3.1 Discretionary Access Control
4.3.2 Mandatory Access Control
4.3.3 Other Non-Discretionary Access Controls
4.3.4 Authentication Severs

5. Attack Methods
5.1 General Network-Based Attacks
5.1.1 Denial of Service
5.1.2 Distributed Denial of Service
5.1.3 Man-In-The-Middle
5.2 Web Related Attacks
5.2.1 Command Injection
5.2.2 SQL Injection
5.2.3 Cross Site Scripting
5.3 Endpoint Attacks
5.3.1 Buffer OverFlows
5.3.2 Priviledge Escalation
5.3.3 Command and Control
5.4 Other Form of Attacks
5.4.1 Social Engineering
5.4.2 Port Scanning and Host Profiling
5.5 Evasion Methods
5.5.1 Traffic fragementation
5.5.2 TCP Injection
5.5.3 Timing Attacks
5.5.4 Encryption and Tunneling
5.5.5 Resource Exhaustion
5.5.6 Words Substitution / Insertion

6. Security Monitoring
6.1 Overview
6.1.1 Full Packet Capturing
6.2 NetFlow
6.2.1 Application Logging
6.3 Notes about Monitoring Different Protocols
6.3.1 DNS
6.3.2 NTP
6.3.3 SMTP / POP3 / IMAP
6.3.4 DHCP
6.3.5 HTTP
6.3.6 TLS
6.4 Cisco Firepower
6.4.1 Overview of Next-Generation IPS
6.4.2 Events
6.4.3 Sharing Events with other SIEM

210-255 Implementing Cisco Cybersecurity Operations

1. Common Vulnerability Scoring System
1.1 Overview
1.2 Basic Metrics
1.2.1 Exploitability Metrics
1.2.2 Scope (S)
1.2.3 Impact Metrics
1.2.4 Temporal Metrics
1.2.5 Environmental Metrics
1.3 Vector String
1.4 The Score
1.4.1 Score Calculation
1.4.2 Textual Represention

2. Cybersecurity Forensics and File Systems
2.1 Cybersecurity Forensics Overview
2.2 Examples of Evidences
2.3 FileSystem Overiew
2.4 Windows FileSystem
2.4.1 FAT32
2.4.2 NTFS
2.4.3 Free Space Fragmentation
2.5 Linux Filesystem
2.5.1 EXT4
2.5.2 Journaling
2.5.3 Swap file system
2.6 Disk Imaging / Cloning

3. Gathering Data From Intrusion Analysis’ Tools
3.1 Wireshark
3.1.1 Capture Filter
3.1.2 Display Filter
3.1.3 Using Regular Expression
3.1.4 PCAP file
3.1.5 Sample Captures for Some Common Protocols
3.2 NetFlow
3.2.1 Sample Setup
3.2.2 Showing NetFlow Records
3.2.3 Showing Specific NetFlow Records
3.2.4 Generating Statsitics from NetFlow Records
3.2.5 Generating Reports from NetFlow Records
3.3 IPS and other Logging
3.3.1 Examples of IPS events
3.3.2 Examples of Firewall events
3.3.3 Examples of Antivirus events
3.3.4 About False Alarms

4. Incident Handling
4.1 NIST.SP800-61 r2
4.1.1 Overview
4.1.2 Incident Response Policy, Plan, and Procedure Creation
4.1.3 Preparation
4.1.4 Detection and Analysis
4.1.5 Containment, Eradication, and Recovery
4.1.6 Post-Incident Activity
4.2 Computer Security Incident Response Team
4.3 Network Profiling
4.3.1 Throughput
4.3.2 Ports Used
4.3.3 Address spaces
4.3.4 Session Duration
4.4 Server / Host Profiling
4.4.1 Listening Ports
4.4.2 Running Process
4.4.3 Applications
4.5 Data Mapping
4.5.1 PHI
4.5.2 SOX
4.5.3 PCI-DSS

5. Data and Event Analysis
5.1 Data Normalization
5.2 Interpreting Data
5.3 Retrospective Analysis
5.4 DNS Mapping and Correlation
5.5 Analysis for HTTP Traffic
5.5.1 Outgoing HTTP Connections from Internal Hosts
5.5.2 Incoming HTTP Connections to your Web Server.
5.6 Deterministic or Probabilistic Analysis
5.6.1 Deterministic Analysis
5.6.2 Probability Analysis

6. Incident Handling
6.1 Cyber Kill Chain Model
6.1.1 Reconnaissance
6.1.2 Weaponization
6.1.3 Delivery
6.1.4 Exploitation
6.1.5 Installation
6.1.6 Command and Control
6.1.7 Action on Objectives
6.1.8 Defensible Actions for a Kill Chain
6.1.9 Inadequacies and Critics about Kill Chain Model (參考章節)
6.2 Diamond Model for Intrusion Analysis (參考章節)
6.2.1 Overview
6.2.2 Diamond Event
6.2.3 Core Features
6.2.4 Meta-Features
6.2.5 Analyzing
6.3 NIST SP800-61 r2
6.4 NIST SP800-86
6.4.1 Establishing and Organizing a Forensics Capability
6.4.2 Performing the Forensic Process
6.4.3 Using Data from Data Files
6.4.4 Using Data from Operating Systems
6.4.5 Using Data from Network Traffic
6.4.6 Using Data from Applications
6.4.7 Using Data from Multiple Sources
6.5 VERIS Schema Categories