Curriculum
- 4 Sections
- 21 Lessons
- 10 Weeks
Expand all sectionsCollapse all sections
- Learning ObjectivesAfter taking this course, you should be able to:18
- 2.1Explain how a Security Operations Center (SOC) operates and describe the different types of services that are performed from a Tier 1 SOC analyst’s perspective.
- 2.2Explain Network Security Monitoring (NSM) tools that are available to the network security analyst.
- 2.3Explain the data that is available to the network security analyst.
- 2.4Describe the basic concepts and uses of cryptography.
- 2.5Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts.
- 2.6Understand common endpoint security technologies.
- 2.7Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors.
- 2.8Identify resources for hunting cyber threats.
- 2.9Explain the need for event data normalization and event correlation.
- 2.10Identify the common attack vectors.
- 2.11Identify malicious activities.
- 2.12Identify patterns of suspicious behaviors.
- 2.13Conduct security incident investigations.
- 2.14Explain the use of a typical playbook in the SOC.
- 2.15Explain the use of SOC metrics to measure the effectiveness of the SOC.
- 2.16Explain the use of a workflow management system and automation to improve the effectiveness of the SOC.
- 2.17Describe a typical incident response plan and the functions of a typical Computer Security Incident Response Team (CSIRT).
- 2.18Explain the use of Vocabulary for Event Recording and Incident Sharing (VERIS) to document security incidents in a standard format.
- Course Catalog Number1
- Training Purpose1
- Delivery Method1