Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2 Implementing Cisco Cybersecurity Operations (210-255) NIST’s SP 800-61 was developed to help organizations formulate incident response plans. It can be found here. Each organization’s incident response plan will be different. There are some key elements that occur in […]

Read More »

Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC) Implementing Cisco Cybersecurity Operations (210-255) The firepower management console (FMC) presents information about the incidents and hosts. Impact flag 1 indicates an incident against a host that is vulnerable to the attack. Impact flag 2 indicates […]

Read More »

Compare and contrast impact and no impact for these items: False Positive, False Negative, True Positive, True Negative Implementing Cisco Cybersecurity Operations (210-255) Security analysts must work to minimize both false positives and false negatives. False positives take up time to determine that the detection is not a problem. False negatives let malicious activity succeed […]

Read More »

Map the provided events to these source technologies: NetFlow, IDS / IPS, Firewall, Network application control, Proxy logs, Antivirus Implementing Cisco Cybersecurity Operations (210-255) NetFlow NetFlow (or IPFIX) data will contain the standard 5-tuple of information: source IP address, destination IP address, source port, destination port, and the protocol. IDS/IPS Intrusion Detection or Protection Systems […]

Read More »