NDG Online Courses and Labs
Partner Logo

CCNA Cybersecurity Operations

Gain the skills needed to monitor, detect and respond to cybersecurity threats with hands-on labs.


  •    11.95 USD
  •   One Month Access

  •    29.95 USD
  •   Three Month Access

  •    39.95 USD
  •   Six Month Access


New Version Coming Soon
Thank you for your interest in CCNA Cyber Ops. We wanted to make you aware of some upcoming changes to this lab set. This lab set aligns to the CCNA Cyber Ops certification (210-250 SECOPS & 210-255 SECFND) and will soon be updated to Cisco Certified CyberOps Associate.

Lab Details

NDG offers optional supplemental lab service to the CCNA Cybersecurity Operations course. Labs are provided directly within the course material for an additional fee. The CCNA Cyber Ops curriculum prepares you for opportunities in security operation centers as an analyst or incident responder. The hands-on labs focus on the skills needed to monitor, detect and respond to cybersecurity threats. Topics include cryptography, host-based security analysis, security monitoring, computer forensics, attack methods and incident reporting and handling.

The NDG CCNA Cyber Ops Lab Service was developed by the Network Development Group (NDG) to take advantage of the improved flexibility and course management capabilities in the Cisco Networking Academy® learning environment. These labs are hosted by NDG and are being offered as supplementary learning material for the CCNA Cyber Ops course in the Cisco Networking Academy for Instructor-Led Training (ILT).

How to Enroll

The CCNA Cyber Ops course and labs are available as exclusively from Cisco Networking Academy as an instructor-led course for a fee. Access and enrollment is provided through the Cisco Networking Academy.

NDG offers optional supplemental lab service to the CCNA Cybersecurity Operations course. Labs are provided directly within the course material for an additional fee. Instructors of the class are automatically granted access at no charge for evaluation and support purposes. Students need to purchase lab access or have access purchased on their behalf.

Ordering Information

Features

  • Offered through Cisco Networking Academy
  • Module List

    Chapter 2: Windows Operating System
    2.0.1.2 Lab - Identify Running Processes

    In this lab, you will explore processes. Processes are programs or applications in execution. You will explore the processes using Process Explorer in the Windows Sysinternals Suite. You will also start and observer a new process.

    2.1.2.10 Lab - Exploring Processes, Threads, Handles, and Windows Registry

    In this lab, you will explore the processes using Process Explorer in the Windows Sysinternals Suite. You will also explore threads and handles. A thread is a unit of execution in a process. A handle is an abstract reference to memory blocks or objects managed by an operating system. You will use Process Explorer in Windows SysInternals Suite to explore the threads and handles. Lastly, you will explore Windows Registry, a hierarchical database that stores most of the operating systems and desktop environment configuration settings.

    2.2.1.10 Lab - Create User Accounts

    In this lab you will create and modify user accounts in Windows.

    2.2.1.11 Lab - Using Windows PowerShell

    Powershell is a powerful automation tool. It is both a command console and a scripting language. In this lab, you will use the console to execute some of the commands that are available in both the command prompt and PowerShell.

    2.2.1.12 Lab - Windows Task Manager

    In this lab you will explore Task Manager and manage processes from within Task Manager. The Task Manager is a system monitor that provides information about the processes and programs running on a computer. It also allows the termination of processes and programs and modification of process priority.

    2.2.1.13 Lab - Monitor and Manage System Resources in Windows

    In this lab, you will use administrative tools to monitor and manager Windows system resources

    Chapter 3: Linux Operating System
    3.1.2.6 Lab - Working with Text Files in the CLI

    Before you can work with text files in Linux, you must get familiar with text editors. Text editors are one of the oldest categories of applications created for computers, Linux has many different text editors with various features and functions.

    3.1.2.7 Lab - Getting Familiar with the Linux Shell

    The shell is the term used to refer to the command interpreter in Linux. Also known as the Terminal, Command Line, and Command Prompt, the shell is a very powerful way to interact with a Linux computer.

    3.1.3.4 Lab - Linux Servers

    Servers are essentially programs written to provide specific information upon request. Clients, which are also programs, reach out to the server, place the request and wait for server response. Many different client-server communication technologies can be used, with the most common being IP networks. This lab focuses on IP network-based servers and clients.

    3.2.1.4 Lab - Locating Log Files

    Log files are files used by computers to log events. Software programs, background processes, services, or transactions between services, including the operating system itself, may generate such events. Log files are dependent on the application that generates them. Log files are dependent on the application that generates them. It is up to the application developer to conform to log file convention. Software documentation should include information on its log files.

    3.2.2.4 Lab - Navigating the Linux Filesystem and Permission Settings

    The Linux filesystem is on of its most popular features. While Linux supports many different types of filesystems, this lab focuses on the ext family, one of the most common filesystems found on Linux.

    Chapter 4: Network Protocols and Services
    4.1.1.7 Lab - Tracing a Route

    The traceroute (or tracert) tool is often used for network troubleshooting. By showing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination on the network or across internetworks. Each router represents a point where one network connects to another network and through which the data packet was forwarded. The number of routers is known as the number of "hops" the data traveled from source to destination.

    4.1.2.10 Lab - Introduction to Wireshark

    Wireshark is a software protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. As data streams travel over the network, the sniffer "captures" each protocol data unit (PDU) and can decode and analyze its content according to the appropriate RFC or other specifications.

    4.4.2.8 Lab - Using Wireshark to Examine Ethernet Frames

    When learning about Layer 2 concepts, it is helpful to analyze frame header information. In the first part of this lab, you will review the fields contained in an Ethernet II frame. In Part 2, you will use Wireshark to capture and analyze Ethernet II frame header fields for local and remote traffic.

    4.5.2.4 Lab - Using Wireshark to Observe the TCP 3-Way Handshake

    In this lab, you will use Wireshark to capture and examine packets generated between the PC browser using the HyperText Transfer Protocol (HTTP) and a web server, such as www.google.com.

    4.5.2.10 Lab - Exploring Nmap

    Port scanning is usually part of a reconnaissance attack. There are a variety of port scanning methods that can be used. We will explore how to use the Nmap utility. Nmap is a powerful network utility that is used for network discovery and security auditing.

    4.6.2.7 Lab - Using Wireshark to Examine a UDP DNS Capture

    When you use the Internet, you use the Domain Name System (DNS). DNS is a distributed network of servers that translates user-friendly domain names like www.google.com to an IP address. In this lab, you will communicate with a DNS server by sending a DNS query using the UDP transport protocol. You will use Wireshark to examine the DNS query and response exchanges with the same server.

    4.6.4.3 Lab - Using Wireshark to Examine TCP and UDP Captures

    Two protocols in the TCP/IP transport layer are TCP and UDP. In Part 1 of this lab, you will use the Wireshark open source tool to capture and analyze TCP protocol header fields for FTP file transfers between the host computer and an anonymous FTP server. In Part 2 of this lab, you will use Wireshark to capture and analyze UDP header fields for TFTP file transfers between two Mininet host computers.

    4.6.6.5 Lab - Using Wireshark to Examine HTTP and HTTPS

    HyperText Transfer Protocol (HTTP) is an application layer protocol that presents data via a web browser. With HTTP, there is no safeguard for the exchanged data between two communicating devices. With HTTPS, encryption is used via a mathematical algorithm. This algorithm hides the true meaning of the data that is being exchanged. In this lab, you will explore HTTP and HTTPS traffic using Wireshark.

    Chapter 7: Network Attacks
    7.0.1.2 Lab - What is Going On?

    For a hacker to establish a connection to a remote computer, a port must be listening on that device. This may be due to infection by malware, or vulnerability in a legitimate piece of software. A utility, such as TCPView, can be used to detect open ports, monitor them in real-time, and close active ports and processes using them.

    7.3.1.6 Lab - Exploring DNS Traffic

    Wireshark is an open source packet capture and analysis tool. Wireshark gives a detailed breakdown of the network protocol stack. Wireshark allows you to filter traffic for network troubleshooting, investigate security issues, and analyze network protocols. Because Wireshark allows you to view the packet details, it can be used as a reconnaissance tool for an attacker. In this lab, use Wireshark to filter for DNS packets and view the details of both DNS query and response packets.

    7.3.2.4 Lab - Attacking a mySQL Database

    SQL injection attacks allow malicious hackers to type SQL statements in a web site and receive a response from the database. This allows attackers to tamper with current data in the database, spoof identities, and other miscellaneous mischief. A PCAP file has been created for you to view a previous attack against a SQL database. In this lab, you will view the SQL database attacks and answer the questions.

    7.3.2.5 Lab - Reading Server Logs

    Log files are an important tool for troubleshooting and monitoring. Different applications generate different log files; each one containing its own set of fields and information. While the field structure may change between log files, the tools used to read them are mostly the same. In this lab, you will learn about common tools used to read log file and practice using them.

    Chapter 9: Cryptography and the Public Key Infrastructure
    9.0.1.2 Lab - Creating Codes

    There are several encryption algorithms that can be used to encrypt and decrypt messages. Virtual Private Networks (VPNs) are commonly used to automate the encryption and decryption process.

    9.1.1.6 Lab - Encrypting and Decrypting Data Using OpenSSL

    OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. In this lab, you will use OpenSSL to encrypt and decrypt text messages.

    9.1.1.7 Lab - Encrypting and Decrypting Data using a Hacker Tool

    In this lab, you will configure a router to accept SSH connectivity and use Wireshark to capture and view Telnet and SSH sessions. This will demonstrate the importance of encryption with SSH.

    9.1.1.8 Lab - Examining Telnet and SSH in Wireshark

    In this lab, you will configure a router to accept SSH connectivity and use Wireshark to capture and view Telnet and SSH sessions. This will demonstrate the importance of encryption with SSH.

    9.1.2.5 Lab - Hashing Things Out

    Hash functions are mathematical algorithms designed to take data as input and generate a fixed-size, unique string of characters, also known as the hash. Designed to be fast, hash functions are very hard to reverse; it is very hard to recover the data that created any given hash, based on the hash alone. Another important property of hash functions is that even the smallest change done to the input data yields a completely different hash.

    While OpenSSL can be used to generate and compare hashes, other tools are available. Some of these tools are also included in this lab.

    9.2.2.7 Lab - Certificate Authority Stores

    As the web evolved, so did the need for security. HTTPS (where the ‘S’ stands for security) along with the concept of a Certificate Authority was introduced by Netscape back in 1994 and is still used today. In this lab, you will list all the certificates trusted by your browser and use hashes to detect possible man-in-the-middle attacks.

    Chapter 12: Intrusion Data Analysis
    12.1.1.7 Lab - Snort and Firewall Rules

    In a secure production network, network alerts are generated by various types of devices such as security appliances, firewalls, IPS devices, routers, switches, servers, and more. The problem is that not all alerts are created equally. For example, alerts generated by a server and alerts generated by a firewall will be different and vary in content and format.

    12.2.1.5 Lab - Convert Data into a Universal Format

    Log entries are generated by network devices, operating systems, applications, and various types of programmable devices. A file containing a time-sequenced stream of log entries is called a log file. The terminology used in the log entries often varies from source to source. It is often desirable to have a consistent and uniform terminology in logs generated by different sources.

    The term normalization refers to the process of converting parts of a message, in this case a log entry, to a common format. In this lab, you will use command line tools to manually normalize log entries. In Part 2, the timestamp field will be normalized. In Part 3, Security Onion logs will be prepared.

    12.2.2.9 Lab - Regular Expression Tutorial

    A regular expression (regex) is a pattern of symbols that describes data to be matched in a query or other operation. Regular expressions are constructed similarly to arithmetic expressions, by using various operators to combine smaller expressions. There are two major standards of regular expression, POSIX and Perl. In this lab, you will use an online tutorial to explore regular expressions. You will also describe the information that matches given regular expressions.

    12.2.2.10 Lab - Extract an Executable from a PCAP

    Looking at logs is very important but it is also important to understand how network transactions happen at the packet level. In this lab, you will analyze the traffic in a previously captured pcap file and extract an executable from the file.

    12.4.1.1 Lab - Interpret HTTP and DNS Data to Isolate Threat Actor

    MySQL is a popular database used by numerous web applications. Unfortunately, SQL injection is a common web hacking technique. It is a code injection technique where an attacker executes malicious SQL statements to control a web application's database server. Domain name servers (DNS) are directories of domain names, and they translate the domain names into IP addresses. This service can be used to exfiltrate data.

    In this lab, you will perform an SQL injection to access the SQL database on the server. You will also use the DNS service to facilitate data exfiltration.

    12.4.1.2 Lab - Isolated Compromised Host Using 5-Tuple

    The 5-tuple is used by IT administrators to identify requirements for creating an operational and secure network environment. The components of the 5-tuple include a source IP address and port number, destination IP address and port number, and the protocol in use.

    In this lab, you will exploit a vulnerable server using known exploits. You will also review the logs to determine the compromised hosts and file.

    Certification

    Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOCs) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats. CCNA Cyber Ops prepares candidates to begin a career working with associate-level cybersecurity analysts within SOCs.

    In addition, the United States Department of Defense (DoD) has approved Cisco CCNA Cyber Ops Certification for inclusion in the DoD 8570.01-M for the CCSP Analyst and CCSP Incident Responder categories.

    CCNA Cyber Ops Certification

    Instructor Information

    CCNA Cyber Ops course is available exclusively through Cisco Networking Academy as an instructor-led course. The optional NDG Lab Service can be enabled via the Cisco Networking Academy LMS. Once enabled, learners will see additional lab activities in the CCNA Cyber Ops course table of contents. Clicking on lab activities will launch the NDG Lab Service directly from the Cisco LMS. Instructors of the class are automatically granted access at no charge for evaluation and support purposes. Students need to purchase lab access or have access purchased on their behalf. When a learner launches a lab for the first time, they will be presented with payment options and create and NDG account for lab support.
    Demo Content

    Ordering Information

    Join the Cisco Networking Academy

    Learn more about CCNA Cybersecurity Operations

    FAQ - Creating courses and adding learners

    The CCNA Cyber Ops Labs are also available with NETLAB+.

    Teaching Options

    Support Information

    NDG Online provides technical support specifically related to the functionality of the lab environment only. Any questions or concerns regarding the learning material or lab content must be directed to your instructor. Self-paced learners who find they require additional support are encouraged to seek out a course at a local academic institution.

    Support Center

    Requirements

  • Offered through Cisco Networking Academy