1. Introduction and Infrastructure to Amazon EC2
1.1 Introduction to EC2
1.2 Infrastructure Components - Amazon Machine Images and Instances
1.3 Infrastructure Components - Regions and Availability Zones
1.4 Infrastructure Components - Storage
1.5 Infrastructure Components - Root Device Storage
1.6 Infrastructure Components - Databases
1.7 Infrastructure Components - Networking and Security
1.8 Infrastructure Components - Monitoring, Auto Scaling and Load Balancing
1.9 Infrastructure Components – AWS Identity and Access Management
1.10 Infrastructure Components – Available Cloud Management Interfaces

2. Pricing and Purchase information
2.1 How you are charged for using EC2 cloud services
2.2 Free Tier
2.3 On-Demand Instances
2.4 Reserved Instances
2.5 Comparing Reserved Instance by EC2 or DIY
2.6 How Billing works for On-Demand and Reserved Instances
2.7 Understanding how Elasticity of Cloud Computing scales your application demand

3. Getting Started with EC2
3.1 Sign Up for EC2
3.2 Creating and Downloading Key pair
3.3 Launching a Free Tier – Micro Windows Instance
3.4 Retrieving Administrator Password for Windows Server Instance
3.5 Connecting to your Windows Server instance
3.6 Launching a Free Tier – Micro Linux Instance
3.7 Connecting to a Linux AMI instance from Windows client
3.8 Configuring Termination Protection
3.9 More about Stopping and Starting Instances

4. Elastic IP Address
4.1 Elastic IP Addresses Concepts
4.2 Elastic IP Address Limit
4.3 Allocating and Associating Elastic IP Addresses
4.4 Using Reverse DNS for EMail Applications

5. Amazon EC2 Security Group Firewall
5.1 EC2 Security Firewall Concepts
5.2 Default Security Group
5.3 Creating a New Security Group

6. Understanding Regions and Availability Zones
6.1 Region and Availability Zone Concepts
6.2 More about using Availability Zones

7. More about Micro Instances
7.1 Description of Micro Instances
7.2 Optimal Application of Micro Instances
7.3 When the Instance Uses Its Allotted Resources
7.4 Comparison with the m1.small instance type

8. Amazon Command Line API Tools
8.1 Prerequisites
8.2 Setting the Java Home Variable
8.3 Setting up the API Tools

9. In-depth knowledge of Amazon Storage
9.1 Storage options provided by Amazon
9.2 Details of Amazon Elastic Block Store (EBS)
9.3 Amazon EBS Usage Scenarios
9.4 Data Persistence after Instance Termination

10. AWS Identity and Access Management
10.1 Features of Identity and Access Management
10.2 Pricing
10.3 Concepts of AWS Account and IAM Users
10.4 Concepts of IAM Groups and Permissions
10.5 An Example of AWS Account, IAM Groups and IAM Users
10.6 Creating IAM Groups and IAM Users

210-250 Understanding Cisco Cybersecurity Fundamentals

Network Concepts

• Describe the function of the network layers as specified by the OSI and the TCP/IP network models
• Describe the operation of the following
• Describe the operation of these network services
• Describe the basic operation of these network device types
• Describe the functions of these network security systems as deployed on the host, network, or the cloud
• Describe IP subnets and communication within an IP subnet and between IP subnets
• Describe the relationship between VLANs and data visibility
• Describe the operation of ACLs applied as packet filters on the interfaces of network devices
• Compare and contrast deep packet inspection with packet filtering and stateful firewall operation
• Compare and contrast inline traffic interrogation and taps or traffic mirroring
• Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic
• Identify potential data loss from provided traffic profiles

Security Concepts

• Describe the principles of the defense in depth strategy
• Compare and contrast these concepts
• Describe these terms
• Describe these security terms
• Compare and contrast these access control models
• Compare and contrast these terms
• Describe these concepts

Cryptography

• Describe the uses of a hash algorithm
• Describe the uses of encryption algorithms
• Compare and contrast symmetric and asymmetric encryption algorithms
• Describe the processes of digital signature creation and verification
• Describe the operation of a PKI
• Describe the security impact of these commonly used hash algorithms
• Describe the security impact of these commonly used encryption algorithms and secure communications protocols
• Describe how the success or failure of a cryptographic exchange impacts security investigation

Host-Based Analysis

• Define these terms as they pertain to Microsoft Windows
• Define these terms as they pertain to Linux
• Describe the functionality of these endpoint technologies in regards to security monitoring
• Interpret these operating system log data to identify an event

Security Monitoring

• Identify the types of data provided by these technologies
• Describe these types of data used in security monitoring
• Describe these concepts as they relate to security monitoring
• Describe these NextGen IPS event types
• Describe the function of these protocols in the context of security monitoring

Attack Methods

• Compare and contrast an attack surface and vulnerability
• Describe these network attacks
• Describe these web application attacks
• Describe these endpoint-based attacks
• Describe these evasion methods
• Define privilege escalation
• Compare and contrast remote exploit and a local exploit

210-255 Implementing Cisco Cybersecurity Operations

Endpoint Threat Analysis and Computer Forensics

• Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox
• Describe these terms as they are defined in the CVSS 3.0
• Describe these terms as they are defined in the CVSS 3.0
• Define these items as they pertain to the Microsoft Windows file system
• Define these terms as they pertain to the Linux file system
• Compare and contrast three types of evidence
• Compare and contrast two types of image
• Describe the role of attribution in an investigation

Network Intrusion Analysis

• Interpret basic regular expressions
• Describe the fields in these protocol headers as they relate to intrusion analysis
• Identify the elements from a NetFlow v5 record from a security event
• Identify these key elements in an intrusion from a given PCAP file
• Extract files from a TCP stream when given a PCAP file and Wireshark
• Interpret common artifact elements from an event to identify an alert
• Map the provided events to these source technologies
• Compare and contrast impact and no impact for these items
• Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)
  

Incident Response

• Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
• Map elements to these steps of analysis based on the NIST.SP800-61 r2
• Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2)
• Describe the goals of the given CSIRT
• Identify these elements used for network profiling
• Identify these elements used for server profiling
• Map data types to these compliance frameworks
• Identify data elements that must be protected with regards to a specific standard (PCI-DSS)

Data and Event Analysis

• Describe the process of data normalization
• Interpret common data values into a universal format
• Describe 5-tuple correlation
• Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs
• Describe the retrospective analysis method to find a malicious file, provided file analysis report
• Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
• Map DNS logs and HTTP logs together to find a threat actor
• Map DNS, HTTP, and threat intelligence data together
• Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
• Compare and contrast deterministic and probabilistic analysis

Incident Handling

• Classify intrusion events into these categories as defined by the Cyber Kill Chain Model
• Apply the NIST.SP800-61 r2 incident handling process to an event
• Define these activities as they relate to incident handling
• Describe these concepts as they are documented in NIST SP800-86
• Apply the VERIS schema categories to a given incident

* The course content above may change at any time without notice in order to better reflect the contents of examinations.