CISCO CCST Cybersecurity

2.1. Describe TCP/IP protocol vulnerabilities • TCP, UDP, HTTP, ARP, ICMP, DHCP, DNS 2.2. Explain how network addresses impact network security • IPv4 and IPv6 addresses, MAC addresses, network segmentation, CIDR notation, NAT, public vs. private networks 2.3. Describe network infrastructure and technologies • Network security architecture, DMZ, virtualization, cloud, honeypot, proxy server, IDS, IPS 2.4. Set up a secure wireless SoHo network • MAC address filtering, encryption standards

3.1. Describe operating system security concepts • Windows, macOS, and Linux; security features, including Windows Defender and host-based firewalls; CLI and PowerShell; file and directory permissions; privilege escalation 3.2. Demonstrate familiarity with appropriate endpoint tools that gather security assessment information • netstat, nslookup, tcpdump 3.3. Verify that endpoint systems meet security policies and standards • Hardware inventory (asset management), software inventory, progr

4.1. Explain vulnerability management • Vulnerability identification, management, and mitigation; active and passive reconnaissance; testing (port scanning, automation) 4.2. Use threat intelligence techniques to identify potential network vulnerabilities • Uses and limitations of vulnerability databases; industry-standard tools used to assess vulnerabilities and make recommendations, policies, and reports; Common Vulnerabilities and Exposures (CVEs), cybersecurity reports, cybersecurity news

5.1. Monitor security events and know when escalation is required • Role of SIEM and SOAR, monitoring network data to identify security incidents (packet captures, various log file entries, etc.), identifying suspicious events as they occur 5.2. Explain digital forensics and attack attribution processes • Cyber Kill Chain, MITRE ATT&CK Matrix, and Diamond Model; Tactics, Techniques, and Procedures (TTP); sources of evidence (artifacts); evidence handling (preserving digital evidence, chain o