加入 Systematic Facebook 擁躉群  

這個頁面上的內容需要較新版本的 Adobe Flash Player。

取得 Adobe Flash Player


想定期知道最新課程及優惠嗎?
免費訂閱本中心的課程通訊!
觀看課程通訊
Reasonable Spread:
Permission email marketing

課堂錄影隨時睇 10 大優點之低至 85 折:回饋社會及協助全港市民進修增值,本中心現正推出低至 85 折優惠!

CCNA Cyber Ops 國際認可證書課程

  • 課程時間
  • 課程簡介
  • 課程特點
  • 考試須知
  • 課程器材
  • 課程內容

傳統服務:課程上堂時間表 (地點:旺角   總費用:$5,460)

超震撼: 凡於 2017年 12月 15日 (五) 或之前報讀本課程,
原價 $6,660,現只需
$5,460!

編號 日期 (dd/mm) 星期 時間 費用 導師  
FH0240C1 第 1 部份課程:  08/02 - 08/03
8/2/18, 22/2, 1/3, 8/3/18
 下載詳細上課日期
7:00pm - 10:00pm $1,820 Norman 按此報名
FH0240C2 第 2 部份課程:  15/03 - 19/04
15/3/18, 22/3, 29/3, 12/4, 19/4/18
 下載詳細上課日期
7:00pm - 10:00pm $1,820 Norman 按此報名
FH0240C3 第 3 部份課程:  26/04 - 24/05
26/4/18, 3/5, 10/5, 17/5, 24/5/18
 下載詳細上課日期
7:00pm - 10:00pm $1,820 Norman 按此報名

*** 質素保證:免費於任何地點試睇首 3 小時課堂錄影,從而可預先了解導師及教材的質素,才報讀課程來上堂。***
請致電與本中心職員預約。 查看各地點電話
旺角 2332-6544
觀塘 3563-8425
北角 3580-1893
沙田 2151-9360
屯門 3523-1560

免費補堂: 學員可於任何地點補看課堂錄影,從而可銜接往後的課堂!
免費重讀: 學員可於課程結束後三個月內於任何地點不限次數地重看課堂錄影,從而可反覆重溫整個課程!
課時: 42 小時
課堂導師: Norman (任教課程清單)

傳統服務的免費補堂或免費重讀,若選擇旺角或觀塘的閒日星期一至四,便需於 6:30p.m. 或之前完成觀看課堂錄影。


現今公司或團體在管理網絡上,不時要面對關於網絡安全上的問題,而負責保護系統的網絡安全人員亦要迅速的發現安全漏洞及針對漏洞作出有效的應對。此類工作需要對不同系統在運作及保安上有一定認識, 始能在面對網絡安全上的威脅時作出有效的檢測和應對。

Cisco 作為全球最大網絡安全設備生產商之一,除了生產各類安全設備外,同時也致力培養網絡安全人材以應對現今的網絡安全威脅。CCNA Cyber Ops (網絡安全運營) 認證可為相關人員提供網絡安全的知識,培養他們成為可在安全運營中心(Security Operations Centers)工作的網絡安全分析師。

取得 CCNA Cyber Ops 認證,可證明你有作為安全運營中心分析師的知識及專業水準,可為公司或團體應對不同網絡安全上的威脅。
此認證的一個特點是內容大部份為基本網絡安全上的知識,而非使用 Cisco 安全設備上的專用知識。因此報讀此課程對現在或將來會或不會使用 Cisco 生產的安全設備均也合適。

課程中部份網絡安全的知識會在課堂上以實例形式通過 Linux / Windows 等等作業系統作出示範,令學員對相關內容有更清晰的認識。

本中心的 Cisco 課程均由 Norman Lau、Franco Tsang 及 Vincent Ho 等多位 CCIE 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。


課程時數: 42 小時 (共 14 堂)
適合人士: 具備基本網絡知識的人士 (如甚麼是 TCP/IP)
(不需要具備 CCNA 認證)
授課語言: 以廣東話為主,輔以英語
課程筆記: 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。

1. Norman Lau (CCIE #10912) 親自教授: Norman 善於控制學習節奏,深入淺出,令學員在輕鬆氣氛下,掌握網路安全技巧。
2. Norman Lau 親自編寫筆記: Norman 親自編寫筆記,絕對適合考試及實際管理網路安全之用,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。
3. 提供模擬考試題目: 本中心為學員提供模擬考試題目以熟習考試答題樣式及技巧,每條考試題目均附有標準答案。
4. 免費重讀: 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。

只要你於下列科目取得合格成績,便可獲 Cisco 頒發 CCNA Cyper Ops (Cisco Certified Network Associate - Cyber Ops,Cisco 認可網路夥伴 - 網絡安全運營) 國際認可證書:

考試編號 科目名稱
210-250 Understanding Cisco Cybersecurity Fundamentals (SECFND)
210-255 Implementing Cisco Cybersecurity Operations (SECOPS)

本中心為 Cisco 指定的 CCNA Cyber Ops 證書考試試場,報考時請致電本中心,登記欲報考之科目考試編號、考試日期及時間 (最快可即日報考)。

臨考試前要繳付考試費 HK$2,348,及必須出示下列兩項有效之身份證明文件,否則考生不可進行考試,而已繳付之考試費亦不會退回:
1. 香港身份證   及
2. 附有考生姓名及簽名的證件 (如信用咭、香港特區護照、BNO 等)

考試題目由澳洲考試中心傳送到你要應考的電腦,考試時以電腦作答。所有考試題目均為英文,而大多數的考試題目為單項選擇題 (意即 O) 或多項選擇題 (意即 口),其餘則為配對題及實戰題。作答完成後會立即出現你的分數,結果即考即知!考試不合格便可重新報考,不限次數。欲知道作答時間、題目總數、合格分數等詳細考試資料,可瀏覽本中心網頁 "各科考試分數資料"。




為進一步加強本中心 Cisco 的課程質素,本中心投放大量資源購買 Cisco 器材,以供學員進行實習。以下是本中心擁有的 Cisco 器材 (種類繁多,未能盡錄):


Cisco Router 800 Series (ISR) Cisco Router 2500 Series
Cisco Router 800 Series (ISR)
Cisco Router 2500 Series

   
Cisco Router 2600 Series Cisco Router 2800 Series (ISR)
Cisco Router 2600 Series Cisco Router 2800 Series (ISR)
   
Cisco Router 2900 Series (ISR) Cisco Router 3600 Series
Cisco Router 2900 Series (ISR) Cisco Router 3600 Series
   
Cisco Router 3800 Series (ISR) Cisco Router 4000 Series 
Cisco Router 3800 Series (ISR)  Cisco Router 4000 Series
   
Cisco Catalyst Switch 1900 Series Cisco Catalyst Switch 2950 Series
 Cisco Catalyst Switch 1900 Series Cisco Catalyst Switch 2950 Series
   
Cisco Catalyst Multilayer Switch 3550 Series Cisco Catalyst Multilayer Switch 3560 Series
Cisco Catalyst Multilayer Switch 3550 Series Cisco Catalyst Multilayer Switch 3560 Series
   
Cisco Catalyst Multilayer Switch 3560X Series Cisco Catalyst Multilayer Switch 3560 Series

Cisco Catalyst Multilayer Switch 3560X Series

Cisco Catalyst Multilayer Switch 3750G Series
   
Cisco Catalyst Multilayer Switch 3750X Series Cisco Catalyst Multilayer Switch 5000 Series
Cisco Catalyst Multilayer Switch 3750X Series Cisco Catalyst Multilayer Switch 5000 Series
   
Cisco PIX Firewall Cisco LightStream 1010 ATM Switch
Cisco PIX Firewall Cisco LightStream 1010 ATM Switch
   
Cisco ATM Module Cisco FXS Voice Module
Cisco ATM Module Cisco FXS Voice Module 
   
Cisco IP Phone 7911G Cisco Wireless LAN Controller 2106
Cisco IP Phone 7911G Cisco Wireless LAN Controller 2106 
   
Cisco Aironet Lightweight Access Point 1130AG PSTN Simulator
Cisco Aironet Lightweight Access Point 1130AG PSTN Simulator
   
ISDN Simulator Cisco ASA 5505
ISDN Simulator Cisco ASA 5505
   
Cisco ASA 5510 Cisco Catalyst Multilayer Switch 3560 Series
Cisco ASA 5510 Cisco ASA 5512X
   
Cisco IPS 4210  
Cisco IPS 4210  


210-250 Understanding Cisco Cybersecurity Fundamentals

Network Concepts

  • Describe the function of the network layers as specified by the OSI and the TCP/IP network models
  • Describe the operation of the following
    • IP
    • TCP
    • UDP
    • ICMP
  • Describe the operation of these network services
    • ARP
    • DNS
    • DHCP
  • Describe the basic operation of these network device types
    • Router
    • Switch
    • Hub
    • Bridge
    • Wireless access point (WAP)
    • Wireless LAN controller (WLC)
  • Describe the functions of these network security systems as deployed on the host, network, or the cloud:
    • Firewall
    • Cisco Intrusion Prevention System (IPS)
    • Cisco Advanced Malware Protection (AMP)
    • Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)
    • Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)
  • Describe IP subnets and communication within an IP subnet and between IP subnets
  • Describe the relationship between VLANs and data visibility
  • Describe the operation of ACLs applied as packet filters on the interfaces of network devices
  • Compare and contrast deep packet inspection with packet filtering and stateful firewall operation
  • Compare and contrast inline traffic interrogation and taps or traffic mirroring
  • Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
  • Identify potential data loss from provided traffic profiles


Security Concepts

  • Describe the principles of the defense in depth strategy
  • Compare and contrast these concepts
    • Risk
    • Threat
    • Vulnerability
    • Exploit
  • Describe these terms
    • Threat actor
    • Run book automation (RBA)
    • Chain of custody (evidentiary)
    • Reverse engineering
    • Sliding window anomaly detection
    • PII
    • PHI
  • Describe these security terms
    • Principle of least privilege
    • Risk scoring/risk weighting
    • Risk reduction
    • Risk assessment
  • Compare and contrast these access control models
    • Discretionary access control
    • Mandatory access control
    • Nondiscretionary access control
  • Compare and contrast these terms
    • Network and host antivirus
    • Agentless and agent-based protections
    • SIEM and log collection
  • Describe these concepts
    • Asset management
    • Configuration management
    • Mobile device management
    • Patch management
    • Vulnerability management

Cryptography

  • Describe the uses of a hash algorithm
  • Describe the uses of encryption algorithms
  • Compare and contrast symmetric and asymmetric encryption algorithms
  • Describe the processes of digital signature creation and verification
  • Describe the operation of a PKI
  • Describe the security impact of these commonly used hash algorithms
    • MD5
    • SHA-1
    • SHA-256
    • SHA-512
  • Describe the security impact of these commonly used encryption algorithms and secure communications protocols
    • DES
    • 3DES
    • AES
    • AES256-CTR
    • RSA
    • DSA
    • SSH
    • SSL/TLS
  • Describe how the success or failure of a cryptographic exchange impacts security investigation
    Describe these items in regards to SSL/TLS
    • Cipher-suite
    • X.509 certificates
    • Key exchange
    • Protocol version
    • PKCS

Host-Based Analysis

  • Define these terms as they pertain to Microsoft Windows
    • Processes
    • Threads
    • Memory allocation
    • Windows Registry
    • WMI
    • Handles
    • Services
  • Define these terms as they pertain to Linux
    • Processes
    • Forks
    • Permissions
    • Symlinks
    • Daemon
  • Describe the functionality of these endpoint technologies in regards to security monitoring
    • Host-based intrusion detection
    • Antimalware and antivirus
    • Host-based firewall
    • Application-level whitelisting/blacklisting
    • Systems-based sandboxing (such as Chrome, Java, Adobe reader)
  • Interpret these operating system log data to identify an event
    • Windows security event logs
    • Unix-based syslog
    • Apache access logs
    • IIS access logs

Security Monitoring

  • Identify the types of data provided by these technologies
    • TCP Dump
    • NetFlow
    • Next-Gen firewall
    • Traditional stateful firewall
    • Application visibility and control
    • Web content filtering
    • Email content filtering
  • Describe these types of data used in security monitoring
    • Full packet capture
    • Session data
    • Transaction data
    • Statistical data
    • Extracted content
    • Alert data
  • Describe these concepts as they relate to security monitoring
    • Access control list
    • NAT/PAT
    • Tunneling
    • TOR
    • Encryption
    • P2P
    • Encapsulation
    • Load balancing
  • Describe these NextGen IPS event types
    • Connection event
    • Intrusion event
    • Host or endpoint event
    • Network discovery event
    • NetFlow event
  • Describe the function of these protocols in the context of security monitoring
    • DNS
    • NTP
    • SMTP/POP/IMAP
    • HTTP/HTTPS

Attack Methods

  • Compare and contrast an attack surface and vulnerability
  • Describe these network attacks
    • Denial of service
    • Distributed denial of service
    • Man-in-the-middle
  • Describe these web application attacks
    • SQL injection
    • Command injections
    • Cross-site scripting
    • Describe these attacks
    • Social engineering
    • Phishing
    • Evasion methods
  • Describe these endpoint-based attacks
    • Buffer overflows
    • Command and control (C2)
    • Malware
    • Rootkit
    • Port scanning
    • Host profiling
  • Describe these evasion methods
    • Encryption and tunneling
    • Resource exhaustion
    • Traffic fragmentation
    • Protocol-level misinterpretation
    • Traffic substitution and insertion
    • Pivot
  • Define privilege escalation
  • Compare and contrast remote exploit and a local exploit


210-255 Implementing Cisco Cybersecurity Operations

Endpoint Threat Analysis and Computer Forensics

  • Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
  • Describe these terms as they are defined in the CVSS 3.0
    • Attack vector
    • Attack complexity
    • Privileges required
    • User interaction
    • Scope
  • Describe these terms as they are defined in the CVSS 3.0
    • Confidentiality
    • Integrity
    • Availability
  • Define these items as they pertain to the Microsoft Windows file system
    • FAT32
    • NTFS
    • Alternative data streams
    • MACE
    • EFI
    • Free space
    • Timestamps on a file system
  • Define these terms as they pertain to the Linux file system
    • EXT4
    • Journaling
    • MBR
    • Swap file system
    • MAC
  • Compare and contrast three types of evidence
    • Best evidence
    • Corroborative evidence
    • Indirect evidence
  • Compare and contrast two types of image
    • Altered disk image
    • Unaltered disk image
  • Describe the role of attribution in an investigation
    • Assets
    • Threat actor

Network Intrusion Analysis

  • Interpret basic regular expressions
  • Describe the fields in these protocol headers as they relate to intrusion analysis
    • Ethernet frame
    • IPv4
    • IPv6
    • TCP
    • UDP
    • ICMP
    • HTTP
  • Identify the elements from a NetFlow v5 record from a security event
  • Identify these key elements in an intrusion from a given PCAP file
    • Source address
    • Destination address
    • Source port
    • Destination port
    • Protocols
    • Payloads
  • Extract files from a TCP stream when given a PCAP file and Wireshark
  • Interpret common artifact elements from an event to identify an alert
    • IP address (source / destination)
    • Client and Server Port Identity
    • Process (file or registry)
    • System (API calls)
    • Hashes
    • URI / URL
  • Map the provided events to these source technologies
    • NetFlow
    • IDS / IPS
    • Firewall
    • Network application control
    • Proxy logs
    • Antivirus
  • Compare and contrast impact and no impact for these items
    • False Positive
    • False Negative
    • True Positive
    • True Negative
  • Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

Incident Response

  • Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
  • Map elements to these steps of analysis based on the NIST.SP800-61 r2
    • Preparation
    • Detection and analysis
    • Containment, eradication, and recovery
    • Post-incident analysis (lessons learned)
  • Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2)
    • Preparation
    • Detection and analysis
    • Containment, eradication, and recovery
    • Post-incident analysis (lessons learned)
  • Describe the goals of the given CSIRT
    • Internal CSIRT
    • National CSIRT
    • Coordination centers
    • Analysis centers
    • Vendor teams
    • Incident response providers (MSSP)
  • Identify these elements used for network profiling
    • Total throughput
    • Session duration
    • Ports used
    • Critical asset address space
  • Identify these elements used for server profiling
    • Listening ports
    • Logged in users/service accounts
    • Running processes
    • Running tasks
    • Applications
  • Map data types to these compliance frameworks
    • PCI
    • HIPPA (Health Insurance Portability and Accountability Act)
    • SOX
  • Identify data elements that must be protected with regards to a specific standard (PCI-DSS)

Data and Event Analysis

  • Describe the process of data normalization
  • Interpret common data values into a universal format
  • Describe 5-tuple correlation
  • Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs
  • Describe the retrospective analysis method to find a malicious file, provided file analysis report
  • Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
  • Map DNS logs and HTTP logs together to find a threat actor
  • Map DNS, HTTP, and threat intelligence data together
  • Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
  • Compare and contrast deterministic and probabilistic analysis

Incident Handling

  • Classify intrusion events into these categories as defined by the Cyber Kill Chain Model
    • Reconnaissance
    • Weaponization
    • Delivery
    • Exploitation
    • Installation
    • Command and control
    • Action on objectives
  • Apply the NIST.SP800-61 r2 incident handling process to an event
  • Define these activities as they relate to incident handling
    • Identification
    • Scoping
    • Containment
    • Remediation
    • Lesson-based hardening
    • Reporting
  • Describe these concepts as they are documented in NIST SP800-86
    • Evidence collection order
    • Data integrity
    • Data preservation
    • Volatile data collection
  • Apply the VERIS schema categories to a given incident

* The course content above may change at any time without notice in order to better reflect the contents of examinations.


 

更多綜合課程
  法律課程
  • 代理人的法律責任
  • 公司董事和合夥人的法律責任
  • 婚姻的法律責任
  • 遺產繼承的合法權益
  英文課程
  • IPA 拼音:級別 1 2 3 4
  普通話課程
  • 基礎普通話拼音 (免費)
  • 進階普通話拼音
  • 普通話會話:級別 1 2 3
  西班牙語文課程
  • 級別 1 2 3
  中醫課程
  • 濕疹與皮膚敏感病
  • 暗瘡與色斑 | 鼻敏感與感冒
  • 脫髮與白髮 | 從五官看健康
  攝影課程
  • 攝影初級
  • 攝影中級 (風景專題)
  風水命理課程
  • 紫微斗數:級別 1 2 3
  • 子平八字:級別 1 2 3
  • 八字風水:級別 1 2 3
  • 奇門遁甲:級別 1 2 3

這個頁面上的內容需要較新版本的 Adobe Flash Player。

取得 Adobe Flash Player