Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
SYN Flood 5
Reflective/Amplified Attacks 7
On-Path Attack (Previously Known
as Man-in-the-Middle Attack) 8
DNS Poisoning 8
VLAN Hopping 9
ARP Spoofing 10
Rogue DHCP 10
IoT Vulnerabilities 11
Rogue Access Point (AP) 11
Evil Twin 12
Ransomware 12
Password Attacks 12
Brute-Force 13
Dictionary 13
Advanced Persistent Threat 13
Hardening Techniques 13
Changing Default Credentials 14
Avoiding Common Passwords 14
DHCP Snooping 14
Change Native VLAN 15
Patching and Updates 15
Upgrading Firmware 16
Defense in Depth 16
Social-Based Attacks 17
Social Engineering 17
Insider Threats 17
Phishing 18
Vishing 19
Smishing 20
Spear Phishing 20
Environmental 20
Tailgating 20
Piggybacking 21
Shoulder Surfing 21
Malware 21
Ransomware 21
Summary 22
Exam Essentials 23
Review Questions 24
Chapter 2 Network Security Devices 27
Confidentiality, Integrity, Availability (CIA) 28
Confidentiality 29
Integrity 29
Availability 29
Threats 29
Internal 29
External 30
Network Access Control 30
Posture Assessment 30
Guest Network 30
Persistent vs. Nonpersistent Agents 30
Honeypot 31
Wireless Networks 31
Wireless Personal Area Networks 31
Wireless Local Area Networks 32
Wireless Metro Area Networks 33
Wireless Wide Area Networks 33
Basic Wireless Devices 34
Wireless Access Points 34
Wireless Network Interface Card 36
Wireless Antennas 36
Wireless Principles 37
Independent Basic Service Set (Ad Hoc) 37
Basic Service Set 38
Infrastructure Basic Service Set 39
Service Set ID 40
Extended Service Set 40
Nonoverlapping Wi-Fi channels 42
2.4 GHz Band 42
5 GHz Band (802.11ac) 43
2.4 GHz / 5GHz (802.11n) 43
Wi-Fi 6 (802.11ax) 45
Interference 45
Range and Speed Comparisons 46
Wireless Security 46
Authentication and Encryption 46
WEP 48
WPA and WPA2: An Overview 48
Wi-Fi Protected Access 49
WPA2 Enterprise 49
802.11i 50
WPA3 50
WPA3-Personal 51
WPA3-Enterprise 51
Summary 52
Exam Essentials 53
Review Questions 54
Chapter 3 IP, IPv6, and NAT 57
TCP/IP and the DoD Model 58
The Process/Application Layer Protocols 60
Telnet 61
Secure Shell (SSH) 61
File Transfer Protocol (FTP) 62
Secure File Transfer Protocol 63
Trivial File Transfer Protocol (TFTP) 63
Simple Network Management Protocol (SNMP) 63
Hypertext Transfer Protocol (HTTP) 64
Hypertext Transfer Protocol Secure (HTTPS) 65
Network Time Protocol (NTP) 65
Domain Name Service (DNS) 65
Dynamic Host Configuration Protocol
(DHCP)/Bootstrap Protocol (BootP) 66
Automatic Private IP Addressing (APIPA) 69
The Host-to-Host or Transport Layer Protocols 69
Transmission Control Protocol (TCP) 70
User Datagram Protocol (UDP) 72
Key Concepts of Host-to-Host Protocols 74
Port Numbers 74
The Internet Layer Protocols 78
Internet Protocol (IP) 79
Internet Control Message Protocol (ICMP) 82
Address Resolution Protocol (ARP) 85
IP Addressing 86
IP Terminology 86
The Hierarchical IP Addressing Scheme 87
Network Addressing 88
Class A Addresses 90
Class B Addresses 91
Class C Addresses 92
Private IP Addresses (RFC 1918) 92
IPv4 Address Types 93
Layer 2 Broadcasts 94
Layer 3 Broadcasts 94
Unicast Address 94
Multicast Address 95
When Do We Use NAT? 96
Types of Network Address Translation 98
NAT Names 99
How NAT Works 100
Why Do We Need IPv6? 101
IPv6 Addressing and Expressions 102
Shortened Expression 103
Address Types 104
Special Addresses 105
Summary 106
Exam Essentials 107
Review Questions 110
Chapter 4 Network Device Access 115
Local Authentication 116
AAA Model 118
Authentication 119
Multifactor Authentication 119
Multifactor Authentication Methods 121
IPsec Transforms 165
Security Protocols 165
Encryption 167
GRE Tunnels 168
GRE over IPsec 169
Cisco DMVPN (Cisco Proprietary) 169
Cisco IPsec VTI 169
Public Key Infrastructure 170
Certification Authorities 170
Certificate Templates 172
Certificates 173
Summary 174
Exam Essentials 175
Review Questions 176
Chapter 6 OS Basics and Security 179
Operating System Security 180
Windows 180
Windows Defender Firewall 180
Scripting 184
Security Considerations 190
NTFS vs. Share Permissions 191
Shared Files and Folders 195
User Account Control 198
Windows Update 202
Application Patching 203
Device Drivers 204
macOS/Linux 204
System Updates/App Store 206
Patch Management 206
Firewall 207
Permissions 211
Driver/Firmware Updates 213
Operating Systems Life Cycle 214
System Logs 214
Event Viewer 214
Audit Logs 215
Syslog 216
Syslog Collector 216
Syslog Messages 217
Logging Levels/Severity Levels 218
Identifying Anomalies 218
SIEM 220
Summary 221
Exam Essentials 221
Review Questions 223
Chapter 7 Endpoint Security 225
Endpoint Tools 226
Command-Line Tools 226
netstat 227
nslookup 227
dig 228
ping 229
tracert 229
tcpdump 230
nmap 231
gpresult 232
Software Tools 232
Port Scanner 232
iPerf 233
IP Scanner 234
Endpoint Security and Compliance 234
Hardware Inventory 235
Asset Management Systems 235
Asset Tags 236
Software Inventory 236
Remediation 237
Considerations 238
Destruction and Disposal 238
Low-Level Format vs. Standard Format 239
Hard Drive Sanitation and Sanitation Methods 239
Overwrite 240
Drive Wipe 240
Physical Destruction 241
Data Backups 241
Regulatory Compliance 243
BYOD vs. Organization-Owned 243
Mobile Device Management (MDM) 244
Configuration Management 244
App Distribution 245
Data Encryption 245
Endpoint Recovery 248
Endpoint Protection 248
Cloud-Based Protection 250
Reviewing Scan Logs 250
Malware Remediation 254
Identify and Verify Malware Symptoms 254
Quarantine Infected Systems 254
Disable System Restore in Windows 255
Remediate Infected Systems 256
Schedule Scans and Run Updates 258
Enable System Restore and Create a
Restore Point in Windows 260
Educate the End User 261
Summary 261
Exam Essentials 261
Review Questions 263
Chapter 8 Risk Management 265
Risk Management 266
Elements of Risk 267
Vulnerabilities 269
Threats 270
Exploits 270
Assets 270
Risk Analysis 271
Risk Levels 272
Risk Matrix 272
Risk Prioritization 274
Data Classifications 275
Risk Mitigation 277
Introduction 278
Strategic Response 279
Action Plan 279
Implementation and Tracking 280
Security Assessments 281
Vulnerability Assessment 281
Penetration Testing 282
Posture Assessment 282
Change Management Best Practices 283
Documented Business Processes 284
Change Rollback Plan (Backout Plan) 284
Sandbox Testing 284
Responsible Staff Member 285
Request Forms 285
Purpose of Change 286
Scope of Change 286
Risk Review 287
Plan for Change 287
Change Board 288
User Acceptance 289
Summary 289
Exam Essentials 290
Review Questions 291
Chapter 9 Vulnerability Management 293
Vulnerabilities 294
Vulnerability Identification 294
Management 295
Mitigation 297
Active and Passive Reconnaissance 298
Port Scanning 298
Vulnerability Scanning 299
Packet Sniffing/Network Traffic Analysis 300
Brute-Force Attacks 301
Open-Source Intelligence (OSINT) 302
DNS Enumeration 302
Social Engineering 303
Testing 304
Port Scanning 304
Automation 304
Threat Intelligence 305
Vulnerability Databases 308
Limitations 309
Assessment Tools 310
Recommendations 312
Reports 314
Security Reports 314
Cybersecurity News 314
Subscription-based 315
Documentation 316
Updating Documentation 316
Security Incident Documentation 317
Documenting the Incident 318
Following the Right Chain of Custody 319
Securing and Sharing of Documentation 319
Reporting the Incident 320
Recovering from the Incident 321
Documenting the Incident 321
Reviewing the Incident 321
Documentation Best Practices for Incident Response 322
Summary 322
Exam Essentials 323
Review Questions 324
Chapter 10 Disaster Recovery 327
Disaster Prevention and Recovery 328
Data Loss 329
File Level Backups 329
Image-Based Backups 332
Critical Applications 332
Network Device Backup/Restore 332
Data Restoration Characteristics 333
Backup Media 333
Backup Methods 335
Backup Testing 336
Account Recovery Options 336
Online Accounts 336
Local Accounts 336
Domain Accounts 337
Facilities and Infrastructure Support 338
Battery Backup/UPS 338
Power Generators 339
Surge Protection 339
HVAC 340
Fire Suppression 342
Redundancy and High Availability
Concepts 343
Switch Clustering 343
Routers 344
Firewalls 345
Servers 345
Disaster Recovery Sites 345
Cold Site 345
Warm Site 346
Hot Site 346
Cloud Site 346
Active/Active vs. Active/Passive 346
Multiple Internet Service Providers/Diverse Paths 347
Testing 348
Tabletop Exercises 349
Validation Tests 349
Disaster Recovery Plan 350
Business Continuity Plan 352
Summary 352
Exam Essentials 353
Review Questions 354
Chapter 11 Incident Handling 357
Security Monitoring 358
Security Information and Event Management (SIEM) 359
Hosting Model 359
Detection Methods 359
Integration 360
Cost 360
Security Orchestration, Automation, and Response (SOAR) 361
Orchestration vs. Automation 362
Regulations and Compliance 362
Common Regulations 363
Data locality 363
Family Educational Rights and Privacy Act (FERPA) 364
Federal Information Security Modernization Act (FISMA) 365
Gramm-Leach-Bliley Act 366
General Data Protection Regulation (GDPR) 368
Health Insurance Portability and Accountability Act 369
Payment Card Industry Data Security Standards (PCI-DSS) 370
Reporting 371
Notifications 372
Summary 372
Exam Essentials 373
Review Questions 374
Chapter 12 Digital Forensics 377
Introduction 378
Forensic Incident Response 378
Attack Attribution 379
Cyber Kill Chain 380
MITRE ATT&CK Matrix 381
Diamond Model 382
Tactics, Techniques, and Procedures 383
Artifacts and Sources of Evidence 383
Evidence Handling 384
Preserving Digital Evidence 384
Chain of Custody 385
Summary 385
Exam Essentials 387
Review Questions 388
Chapter 13 Incident Response 391
Incident Handling 392
What Are Security Incidents? 393
Ransomware 393
Social Engineering 393
Phishing 393
DDoS Attacks 394
Supply Chain Attacks 394
Insider Threats 394
Incident Response Planning 394
Incident Response Plans 394
Incident Response Frameworks 395
Incident Preparation 396
Risk Assessments 397
Detection and Analysis 397
Containment 397
Eradication 397
Recovery 398
Post-incident Review 398
Lessons Learned 398
Creating an Incident Response Policy 399
Document How You Plan to Share Information with
Outside Parties 400
Interfacing with Law Enforcement 401
Incident Reporting Organizations 401
Handling an Incident 401
Preparation 401
Preventing Incidents 403
Detection and Analysis 404
Attack Vectors 404
Signs of an Incident 405
Precursors and Indicators Sources 406
Containment, Eradication, and Recovery 406
Choosing a Containment Strategy 406
Evidence Gathering and Handling 407
Attack Sources 409
Eradication and Recovery 409
Post-incident Activity 410
Using Collected Incident Data 411
Evidence Retention 412
Summary 412
Exam Essentials 412
Review Questions 414
Appendix A Answers to Review Questions 417
Chapter 1: Security Concepts 418
Chapter 2: Network Security Devices 419
Chapter 3: IP, IPv6, and NAT 420
Chapter 4: Network Device Access 422
Chapter 5: Secure Access Technology 424
Chapter 6: OS Basics and Security 425
Chapter 7: Endpoint Security 426
Chapter 8: Risk Management 428
Chapter 9: Vulnerability Management 429
Chapter 10: Disaster Recovery 431
Chapter 11: Incident Handling 432
Chapter 12: Digital Forensics 434
Chapter 13: Incident Response 435
Glossary 439
Index 497
Introduction
Welcome to the exciting world of security and your path toward Cisco certification. If you've picked up this book because you want to improve yourself and your life with a better, more satisfying, and secure job, you've chosen well!
Whether you're striving to enter the thriving, dynamic security sector or seeking to enhance your skill set and advance your position within it, being Cisco certified can seriously stack the odds in your favor to help you attain your goals. This book is a great start.
Cisco certifications are powerful instruments of success that also markedly improve your grasp of all things internetworking. As you progress through this book, you'll gain a strong, foundational understanding of security that reaches far beyond Cisco devices. And when you finish this book, you'll be ready to tackle the next step toward Cisco certification.
Essentially, by beginning your journey toward becoming Cisco certified, you're proudly announcing that you want to become an unrivaled security expert, a goal that this book will help get you underway to achieving.
Congratulations in advance for taking the first step toward your brilliant future!
To find your included bonus material, as well as additional Todd Lammle videos, and extra practice questions, please see www.lammle.com/ccst.
Cisco's CCST Certifications
It used to be that to secure the holy grail of Cisco certifications-the CCIE-you passed only one written test before being faced with a grueling, formidable hands-on lab. This intensely daunting, all-or-nothing approach made it nearly impossible to succeed and predictably didn't work out too well for most people.
Cisco responded to this issue by creating a series of new certifications, which not only created a sensible, stepping-stone-path to the highly coveted CCIE prize, but it also gave employers a way to accurately rate and measure the skill levels of prospective and current employees.
The CCNA and CCNP exams were then created as a stepping stone, and they are still the most popular certifications in the world. This exciting paradigm shift in Cisco's certification path truly opened doors that few were allowed through before!
Now Cisco has reached down and created a new introduction level certification program, below the CCNA, called the Cisco Certified Support Technician (CCST). There are two exams, two certs, called Network and Cybersecurity.
CCST Networking certification validates an individual's skills and knowledge of entry-level networking concepts and topics. The certification demonstrates foundational knowledge and skills needed to show how networks operate, including the devices, media, and protocols that enable network communications.
The Cisco Certified Support Technician (CCST) Networking certification is also a first step toward working on achieving your CCNA Certification.
The Cisco Certified Support Technician (CCST) Cybersecurity certification validates a candidate's skills and knowledge of entry-level cybersecurity concepts and topics, including security principles, network security and endpoint security concepts, vulnerability assessment and risk management, and incident handling.
The Cisco Certified Support Technician (CCST) Cybersecurity certification is also a first step toward CyberOps Associate certification.
This book is a powerful tool to get you started in your Cisco certification studies, and it's vital to understand that material in it before you go on to conquer any other certifications!
Exam policies can change from time to time. We highly recommend that you check both the Cisco and Pearson VUE sites for the most up-to-date information when you begin your preparation, when you register, and again a few days before your scheduled exam date.
Tips for Taking the CCST Cybersecurity Exam
Here are some general tips for taking your exam successfully (assuming you are going in person as online testing is available as well):
- This is not like the CCNA or other Cisco certification tests that are available on
www.vue.com. You need to instead go to https://www.certiport.com/locator to both register and pay for your exam. You can take the exams in person at a center, or in your home or office, under direct video and audio supervision. For exams at home information and to sign up, call (800) 589-6871. - Bring two forms of ID with you. One must be a photo ID, such as a driver's license. The other can be a major credit card or a passport. Both forms must include a signature.
- Arrive early at the exam center so you can relax and review your study materials, particularly tables and lists of exam-related information. After you are ready to enter the testing room, you will need to leave everything outside; you won't be able to bring any materials into the testing area.
- Read the questions carefully. Don't be tempted to jump to an early conclusion. Make sure you know exactly what each question is asking.
- Don't leave any unanswered questions. Unanswered questions are scored against you. There will be questions with multiple correct responses. When there is more than one correct answer, a message at the bottom of the screen will prompt you to either "choose two" or "choose all that apply." Be sure to read the messages displayed to know how many correct answers you must choose.
- When answering multiple-choice questions you're not sure about, use a process of elimination to get rid of the obviously incorrect answers first. Doing so will improve your odds if you need to make an educated guess.
Who Should Read This Book?
You-if want to pass the CCST Cybersecurity exam and pass it confidently! This book is chock-full of the exact information you need and directly maps to CCST Cybersecurity exam objectives, so if you use it to study for the exam, your odds of passing shoot way up.
And in addition to including every bit of knowledge you need to learn to pass the exam, We have included some really great tips and solid wisdom throughout the chapters, to equip you even further to successfully work in the real IT security world.
What's Included in the Book
We have included several study tools throughout the book:
Assessment Test At the end of this introduction is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas you might need to brush up on. The answers to the assessment test questions appear on a separate page after the last question of the test. Each answer includes an explanation and a note telling you the chapter in which the material appears.
Objective Map and Opening List of Objectives In this introduction you'll find a detailed exam objective map showing you where each of the exam objectives is covered in this book. In addition, each chapter opens with a list of the exam objectives it covers. Use these to see exactly where each of the exam topics is covered.
Exam Essentials Each chapter, just after the summary, includes a number of exam essentials. These are the key topics you should take from the chapter in terms of areas to focus on when preparing for the exam.
Chapter Review Questions To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions, and then check your answers-the correct answers and explanations are in the Appendix. You can go back to reread the section that deals with each question you got wrong to ensure that you correctly answer the next time you're tested on the material.
Interactive Online Learning Environment and Test Bank
The interactive online learning environment that accompanies CCST Cybersecurity provides a test bank with study tools to help you prepare for the certification exam-and increase your chances of passing it the first time! The test bank includes the following tools:
Sample Tests All of the questions in this book are provided, including the assessment test, which you'll find at the end of this introduction, and the chapter tests that include the review questions at the end of each chapter. In addition, there is a practice exam. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.
Flashcards Approximately 100 questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.
Other Study Tools A glossary of key terms from this book and their definitions are available as a fully searchable PDF.
Go to http://www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.
How to Use This Book
If you want a solid foundation for the serious effort of preparing for the Cisco CCST Cybersecurity exam, then look no further because we have spent countless hours putting together this book with the sole intention of helping you pass it!
This book is loaded with valuable information, and you will get the most out of your study time if you understand how I put the book together....
