Ccst Cisco Certified Support Technician Study Guide - Cybersecurity Exam

Read more

The ideal prep guide for earning your CCST Cybersecurity certification The CCST Cisco^® Certified Support Technician Study Guide: ­Cybersecurity Exam provides 100% coverage of the CCST Cybersecurity exam objectives. Following the trusted Sybex approach, this book explains all the concepts you'll need to know to do your best on the exam. It also includes one year of free access to online learning tools, including a practice exam, flashcards, and glossary of important terminology. The CCST Cybersecurity certification is an entry point into the Cisco certification program, and a ­pathway to the higher-level CCNA or CyberOps. This entry-level certification is the perfect stepping stone to kick-start your career in IT! Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:

• Essential Security Principles
• Basic Network Security Concepts
• Endpoint Security Concepts
• Vulnerability Assessment and Risk Management
• Incident Handling
ABOUT THE CISCO CERTIFIED SUPPORT TECHNICIAN CERTIFICATION The Cisco Certified Support Technician (CCST) Cybersecurity certification validates your knowledge of entry-level cybersecurity concepts and topics. The certification proves you have the foundational knowledge and skills necessary to launch your IT career. Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, follow the instructions to register your book, and instantly gain one year of FREE access after activation to:
• Interactive test bank with a practice exam to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.
• 100 electronic flashcards to reinforce learning and last-minute prep before the exam
• Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared




List of contents












Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
 Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5


SYN Flood 5

Reflective/Amplified Attacks 7

On-Path Attack (Previously Known

as Man-in-the-Middle Attack) 8

DNS Poisoning 8

VLAN Hopping 9

ARP Spoofing 10

Rogue DHCP 10

IoT Vulnerabilities 11

Rogue Access Point (AP) 11

Evil Twin 12

Ransomware 12

Password Attacks 12

Brute-Force 13

Dictionary 13

Advanced Persistent Threat 13

Hardening Techniques 13

Changing Default Credentials 14

Avoiding Common Passwords 14

DHCP Snooping 14

Change Native VLAN 15

Patching and Updates 15

Upgrading Firmware 16

Defense in Depth 16

Social-Based Attacks 17

Social Engineering 17

Insider Threats 17

Phishing 18

Vishing 19

Smishing 20

Spear Phishing 20

Environmental 20

Tailgating 20

Piggybacking 21

Shoulder Surfing 21

Malware 21

Ransomware 21

Summary 22

Exam Essentials 23

Review Questions 24

Chapter 2 Network Security Devices 27

Confidentiality, Integrity, Availability (CIA) 28

Confidentiality 29

Integrity 29

Availability 29

Threats 29

Internal 29

External 30

Network Access Control 30

Posture Assessment 30

Guest Network 30

Persistent vs. Nonpersistent Agents 30

Honeypot 31

Wireless Networks 31

Wireless Personal Area Networks 31

Wireless Local Area Networks 32

Wireless Metro Area Networks 33

Wireless Wide Area Networks 33

Basic Wireless Devices 34

Wireless Access Points 34

Wireless Network Interface Card 36

Wireless Antennas 36

Wireless Principles 37

Independent Basic Service Set (Ad Hoc) 37

Basic Service Set 38

Infrastructure Basic Service Set 39

Service Set ID 40

Extended Service Set 40

Nonoverlapping Wi-Fi channels 42

2.4 GHz Band 42

5 GHz Band (802.11ac) 43

2.4 GHz / 5GHz (802.11n) 43

Wi-Fi 6 (802.11ax) 45

Interference 45

Range and Speed Comparisons 46

Wireless Security 46

Authentication and Encryption 46

WEP 48

WPA and WPA2: An Overview 48

Wi-Fi Protected Access 49

WPA2 Enterprise 49

802.11i 50

WPA3 50

WPA3-Personal 51

WPA3-Enterprise 51

Summary 52

Exam Essentials 53

Review Questions 54

Chapter 3 IP, IPv6, and NAT 57

TCP/IP and the DoD Model 58

The Process/Application Layer Protocols 60

Telnet 61

Secure Shell (SSH) 61

File Transfer Protocol (FTP) 62

Secure File Transfer Protocol 63

Trivial File Transfer Protocol (TFTP) 63

Simple Network Management Protocol (SNMP) 63

Hypertext Transfer Protocol (HTTP) 64

Hypertext Transfer Protocol Secure (HTTPS) 65

Network Time Protocol (NTP) 65

Domain Name Service (DNS) 65

Dynamic Host Configuration Protocol

(DHCP)/Bootstrap Protocol (BootP) 66

Automatic Private IP Addressing (APIPA) 69

The Host-to-Host or Transport Layer Protocols 69

Transmission Control Protocol (TCP) 70

User Datagram Protocol (UDP) 72

Key Concepts of Host-to-Host Protocols 74

Port Numbers 74

The Internet Layer Protocols 78

Internet Protocol (IP) 79

Internet Control Message Protocol (ICMP) 82

Address Resolution Protocol (ARP) 85

IP Addressing 86

IP Terminology 86

The Hierarchical IP Addressing Scheme 87

Network Addressing 88

Class A Addresses 90

Class B Addresses 91

Class C Addresses 92

Private IP Addresses (RFC 1918) 92

IPv4 Address Types 93

Layer 2 Broadcasts 94

Layer 3 Broadcasts 94

Unicast Address 94

Multicast Address 95

When Do We Use NAT? 96

Types of Network Address Translation 98

NAT Names 99

How NAT Works 100

Why Do We Need IPv6? 101

IPv6 Addressing and Expressions 102

Shortened Expression 103

Address Types 104

Special Addresses 105

Summary 106

Exam Essentials 107

Review Questions 110

Chapter 4 Network Device Access 115

Local Authentication 116

AAA Model 118

Authentication 119

Multifactor Authentication 119

Multifactor Authentication Methods 121

IPsec Transforms 165

Security Protocols 165

Encryption 167

GRE Tunnels 168

GRE over IPsec 169

Cisco DMVPN (Cisco Proprietary) 169

Cisco IPsec VTI 169

Public Key Infrastructure 170

Certification Authorities 170

Certificate Templates 172

Certificates 173

Summary 174

Exam Essentials 175

Review Questions 176

Chapter 6 OS Basics and Security 179

Operating System Security 180

Windows 180

Windows Defender Firewall 180

Scripting 184

Security Considerations 190

NTFS vs. Share Permissions 191

Shared Files and Folders 195

User Account Control 198

Windows Update 202

Application Patching 203

Device Drivers 204

macOS/Linux 204

System Updates/App Store 206

Patch Management 206

Firewall 207

Permissions 211

Driver/Firmware Updates 213

Operating Systems Life Cycle 214

System Logs 214

Event Viewer 214

Audit Logs 215

Syslog 216

Syslog Collector 216

Syslog Messages 217

Logging Levels/Severity Levels 218

Identifying Anomalies 218

SIEM 220

Summary 221

Exam Essentials 221

Review Questions 223

Chapter 7 Endpoint Security 225

Endpoint Tools 226

Command-Line Tools 226

netstat 227

nslookup 227

dig 228

ping 229

tracert 229

tcpdump 230

nmap 231

gpresult 232

Software Tools 232

Port Scanner 232

iPerf 233

IP Scanner 234

Endpoint Security and Compliance 234

Hardware Inventory 235

Asset Management Systems 235

Asset Tags 236

Software Inventory 236

Remediation 237

Considerations 238

Destruction and Disposal 238

Low-Level Format vs. Standard Format 239

Hard Drive Sanitation and Sanitation Methods 239

Overwrite 240

Drive Wipe 240

Physical Destruction 241

Data Backups 241

Regulatory Compliance 243

BYOD vs. Organization-Owned 243

Mobile Device Management (MDM) 244

Configuration Management 244

App Distribution 245

Data Encryption 245

Endpoint Recovery 248

Endpoint Protection 248

Cloud-Based Protection 250

Reviewing Scan Logs 250

Malware Remediation 254

Identify and Verify Malware Symptoms 254

Quarantine Infected Systems 254

Disable System Restore in Windows 255

Remediate Infected Systems 256

Schedule Scans and Run Updates 258

Enable System Restore and Create a

Restore Point in Windows 260

Educate the End User 261

Summary 261

Exam Essentials 261

Review Questions 263

Chapter 8 Risk Management 265

Risk Management 266

Elements of Risk 267

Vulnerabilities 269

Threats 270

Exploits 270

Assets 270

Risk Analysis 271

Risk Levels 272

Risk Matrix 272

Risk Prioritization 274

Data Classifications 275

Risk Mitigation 277

Introduction 278

Strategic Response 279

Action Plan 279

Implementation and Tracking 280

Security Assessments 281

Vulnerability Assessment 281

Penetration Testing 282

Posture Assessment 282

Change Management Best Practices 283

Documented Business Processes 284

Change Rollback Plan (Backout Plan) 284

Sandbox Testing 284

Responsible Staff Member 285

Request Forms 285

Purpose of Change 286

Scope of Change 286

Risk Review 287

Plan for Change 287

Change Board 288

User Acceptance 289

Summary 289

Exam Essentials 290

Review Questions 291

Chapter 9 Vulnerability Management 293

Vulnerabilities 294

Vulnerability Identification 294

Management 295

Mitigation 297

Active and Passive Reconnaissance 298

Port Scanning 298

Vulnerability Scanning 299

Packet Sniffing/Network Traffic Analysis 300

Brute-Force Attacks 301

Open-Source Intelligence (OSINT) 302

DNS Enumeration 302

Social Engineering 303

Testing 304

Port Scanning 304

Automation 304

Threat Intelligence 305

Vulnerability Databases 308

Limitations 309

Assessment Tools 310

Recommendations 312

Reports 314

Security Reports 314

Cybersecurity News 314

Subscription-based 315

Documentation 316

Updating Documentation 316

Security Incident Documentation 317

Documenting the Incident 318

Following the Right Chain of Custody 319

Securing and Sharing of Documentation 319

Reporting the Incident 320

Recovering from the Incident 321

Documenting the Incident 321

Reviewing the Incident 321

Documentation Best Practices for Incident Response 322

Summary 322

Exam Essentials 323

Review Questions 324

Chapter 10 Disaster Recovery 327

Disaster Prevention and Recovery 328

Data Loss 329

File Level Backups 329

Image-Based Backups 332

Critical Applications 332

Network Device Backup/Restore 332

Data Restoration Characteristics 333

Backup Media 333

Backup Methods 335

Backup Testing 336

Account Recovery Options 336

Online Accounts 336

Local Accounts 336

Domain Accounts 337

Facilities and Infrastructure Support 338

Battery Backup/UPS 338

Power Generators 339

Surge Protection 339

HVAC 340

Fire Suppression 342

Redundancy and High Availability

Concepts 343

Switch Clustering 343

Routers 344

Firewalls 345

Servers 345

Disaster Recovery Sites 345

Cold Site 345

Warm Site 346

Hot Site 346

Cloud Site 346

Active/Active vs. Active/Passive 346

Multiple Internet Service Providers/Diverse Paths 347

Testing 348

Tabletop Exercises 349

Validation Tests 349

Disaster Recovery Plan 350

Business Continuity Plan 352

Summary 352

Exam Essentials 353

Review Questions 354

Chapter 11 Incident Handling 357

Security Monitoring 358

Security Information and Event Management (SIEM) 359

Hosting Model 359

Detection Methods 359

Integration 360

Cost 360

Security Orchestration, Automation, and Response (SOAR) 361

Orchestration vs. Automation 362

Regulations and Compliance 362

Common Regulations 363

Data locality 363

Family Educational Rights and Privacy Act (FERPA) 364

Federal Information Security Modernization Act (FISMA) 365

Gramm-Leach-Bliley Act 366

General Data Protection Regulation (GDPR) 368

Health Insurance Portability and Accountability Act 369

Payment Card Industry Data Security Standards (PCI-DSS) 370

Reporting 371

Notifications 372

Summary 372

Exam Essentials 373

Review Questions 374

Chapter 12 Digital Forensics 377

Introduction 378

Forensic Incident Response 378

Attack Attribution 379

Cyber Kill Chain 380

MITRE ATT&CK Matrix 381

Diamond Model 382

Tactics, Techniques, and Procedures 383

Artifacts and Sources of Evidence 383

Evidence Handling 384

Preserving Digital Evidence 384

Chain of Custody 385

Summary 385

Exam Essentials 387

Review Questions 388

Chapter 13 Incident Response 391

Incident Handling 392

What Are Security Incidents? 393

Ransomware 393

Social Engineering 393

Phishing 393

DDoS Attacks 394

Supply Chain Attacks 394

Insider Threats 394

Incident Response Planning 394

Incident Response Plans 394

Incident Response Frameworks 395

Incident Preparation 396

Risk Assessments 397

Detection and Analysis 397

Containment 397

Eradication 397

Recovery 398

Post-incident Review 398

Lessons Learned 398

Creating an Incident Response Policy 399

Document How You Plan to Share Information with

Outside Parties 400

Interfacing with Law Enforcement 401

Incident Reporting Organizations 401

Handling an Incident 401

Preparation 401

Preventing Incidents 403

Detection and Analysis 404

Attack Vectors 404

Signs of an Incident 405

Precursors and Indicators Sources 406

Containment, Eradication, and Recovery 406

Choosing a Containment Strategy 406

Evidence Gathering and Handling 407

Attack Sources 409

Eradication and Recovery 409

Post-incident Activity 410

Using Collected Incident Data 411

Evidence Retention 412

Summary 412

Exam Essentials 412

Review Questions 414

Appendix A Answers to Review Questions 417

Chapter 1: Security Concepts 418

Chapter 2: Network Security Devices 419

Chapter 3: IP, IPv6, and NAT 420

Chapter 4: Network Device Access 422

Chapter 5: Secure Access Technology 424

Chapter 6: OS Basics and Security 425

Chapter 7: Endpoint Security 426

Chapter 8: Risk Management 428

Chapter 9: Vulnerability Management 429

Chapter 10: Disaster Recovery 431

Chapter 11: Incident Handling 432

Chapter 12: Digital Forensics 434

Chapter 13: Incident Response 435

Glossary 439

Index 497

 





About the author










ABOUT THE AUTHORS Todd Lammle is the authority on Cisco certification and internetworking, and is Cisco certified in most Cisco certification categories. He is a world-renowned author, speaker, trainer, and consultant. Todd has published over 130 books, including the very popular CCNA Cisco Certified Network Associate Study Guide. You can reach Todd through his website at www.lammle.com. Jon Buhagiar, CCNA, is an information technology professional with over two decades of experience in higher education. Currently, he is a director of information technology for RareMed Solutions. Donald Robb has over 15 years of experience with most areas of IT, including networking, security, collaboration, data center, cloud, SDN, and automation/devops. Visit his blog at https://www.the-packet-thrower.com and YouTube channel at https://www.youtube.com/c/ThePacketThrower. Todd Montgomery is a Network Automation Engineer for a Fortune 500 company. He is involved with network design and implementation of emerging datacenter technologies, as well as software defined networking design plans, cloud design, and implementation.