The CSX Cybersecurity Practitioner (CSX-P) Certification Suite allows individuals to purchase the training and exam at the same time at
a reduced rate! Through purchasing the bundle, individuals will gain access to the full prep course and receive
a voucher for the exam!
Training Description
The CSX Cybersecurity Practitioner Certification Prep Course provides students with 6 months of access to informative lessons and in-depth, skills-based labs to hone their technical cybersecurity skills and prepare for the [CSX Cybersecurity Practitioner Certification Exam]. Upon completion of each lab, students are provided a detailed analytic report, identifying student strengths and weaknesses. Additionally, as students complete the course, they are awarded continuing professional education (CPE) credits which are applicable to the maintenance of their professional certifications.
Continuing Professional Education (CPE) Credit Count: 48
Content
Lesson Network Infrastructure and Digital Assets
- Network infrastructure analysis
- Digital asset analysis
Lab/Instructional Asset Identification
Understanding how to perform basic asset identification is an important skill for any cybersecurity practitioner. Leveraging Nmap, students will learn how to scan a network and ascertain the identity of computers for which they are responsible.
Lesson Network Topology and Data Flow Analysis
- Network topology construction
- Network topology diagrams
- Data flow identification and mapping
- Tools used to construc a network topology diagram
- Tools used to identify data flow
Lab/Instructional Data Flow Identification
In order to capture and analyze data flow, it is important to understand how to use Wireshark and Tshark, two critical tools in the packet analysis field. This lab uses these tools to map endpoints on the network.
Lesson Security Reviews and Gap Identifications
- Importance of security reviews
- Gap analysis and its usage
Lab/Instructional Enterprise Asset Identification
In addition to small networks, it is also just as important to practice working with large networks. Using nmap and zenmap, students will identify assets on an enterprise network in order to build a topology.
Lesson Security Policy and Procedure Development
- Security policies and procedures
- NDevelopment processes for policies and procedures
Lab/Instructional Data Flow Analysis
In this lab, students will be identifying packets with Wireshark. Due to the fact that data loss is a prevalent aspect of technology, we will need to recover the packet identification data using the tool Foremost.
Lab/Instructional Enterprise Data Flow Analysis
Since Wireshark cannot handle large amounts of data, students will be using SiLK for this lab. SiLK is a command line network protocol analyzer to help students map out endpoints within a network.
Lesson Regulation and Legal Impact
- Information sharing
- Importance of understanding legal and regulatory requirements
Lesson Threat Modeling
- Information sharing
- Elements of threat modeling
Lab/Challenge Identify Challenge
In this lab students will utilize their skills learned during the Identify module to map their network and identify an attack on a local machine.
Lesson Vulnerability Testing
- Vulnerability scanning
- Vulnerability scanning personnel
- Vulnerability scanning tools
Lesson Security Tools and Systems
- Configuring monitoring systems and alert criteria
- Implementing, configuring, and monitoring security tools and systems
- Developing use cases for security monitoring
Lab/Instructional Firewall Setup
In this lab, students will create firewall rules for a pfSense firewall based on their networks layout.
Lesson Incident Response Plans
- Incident response plan development
- Incident response plan testing
Lesson Security and Business Functions
- Incorporation of security considerations into business functions
- Monitoring user access, privileges, and permissions
- Monitoring compliance with security procedures and requirements
- Development of security training
Lab/Instructional Backup
In this lab, students will create a Windows restore point and backup Linux servers from a baseline functioning.
Lesson Security Configuration Evaluation
- Evaluating security configurations against established configuration standards and baselines
Lab/Instructional File System Protections
In this lab, students will learn how to set file permissions on a Windows Server as well as an Ubuntu machine.
Lab/Instructional OS Baseline
In this lab, students will get more practice with MBSA, as well as be introduced to the Linux Tiger IDS.
Lab/Challenge Protect Challenge
In this lab, students will utilize skills learned during the Protect module to complete a challenge.
Lesson Event and Incident Identification
- Assessing threat level and potential impact of anomalous behavior and security events
- Researching, analyzing, and correlating system activity and security events
- Monitoring and analyzing outputs from security tools, systems, and logs
Lab/Instructional SecOnion Setup and Testing
In this lab, students will set up a standalone Security Onion Server and explore and test its functionality.
Lab/Instructional Snort Rules
In this lab, students will learn to construct simple SNORT rules and use Kibana to conduct post-attack analysis.
Lab/Instructional Event Detection
An investigation is needed for an intrusion detection system alert. It is up to you to find out what is occurring in the network.
Lesson Malicious Activity Analysis
- Analyzing malicious activity to determine weaknesses and exploitation methods
Lab/Instructional Data and Network Analysis
In this lab, students will use WireShark to conduct a live packet capture while they are under attack. Using WireShark, students will identify the attackers IP, type of attack, and isolate anomalous packets related to the attack,
Lab/Instructional Vulnerability Analysis
This lab focuses on the security of the local area network. Vulnerability scans are key when maintaining strong security within a network. In this lab, vulnerability assessments will be conducted.
Lab/Challenge Detect Challenge
In this lab, students will utilize skills learned during the Detect module to complete a challenge.
Lesson Incident Notification and Containment
- Notifying appropriate incident response teams according to established protocols
- Identifying and implementing appropriate containment measures, countermeasures, and corrective actions
Lab/Instructional Incident Correlation
SecOnion has reported a possible threat to the network. Investigate the tripped SNORT rule and the system logs of the possible affected systems via Kibana.
Lesson Evidence Collection and Technical Analysis
- Collecting and preserving digital evidence according to relevant regulations and laws
- Conducting post-incident analysis
- Communicating and documenting notifications and outcomes of incident response
Lab/Instructional Network Forensics
After snort reported a network issue, conduct network forensics on the compromised system to identify and isolate the possible malware.
Lab/Instructional Malware Investigation and Evaluation
This lab utilizes various tools (ClamAV, strings, PDF Parser, and PDF Toolkit), to not only investigate, but also evaluate, possible malware that has been attached to emails in the form of PDFs.
Lab/Instructional Notification Escalation
Properly document and preserve evidence of an attack, and notify the appropriate personnel in accordance with the Incident Response Plan.
Lab/Challenge Respond Challenge
Using Security Onion, SGUIL, Snort, SSH, and ClamAV, students will put their Respond domain skills to the test.
Lesson System Validation
- Validating whether restored systems meet security requirements
Lab/Instructional Re-Imaging
In this lab, students will restore a Linux server from an image. Students will use Clonezilla in order to restore the Linux system to its baseline.
Lesson Post Incident Security Plan and Procedure Update
- Updating security plans and procedures following incident response
Lab/Instructional Restore Points
In this labs, students will restore a Windows Server using the restore point created in Lab 2.2 "Restore and Backup".
Exam Description
The CSX Practitioner Certification (CSX-P) Exam has been updated to reflect the job tasks of today's cybersecurity practitioner.
Be recognized among the world’s most-qualified cybersecurity professionals with ISACA®’s award-winning CSX® Cybersecurity Practitioner Certification (CSX-P).
CSX-P remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover – derived from the NIST Cybersecurity Framework. CSX-P requires that candidates demonstrate critical cybersecurity skills in a live, proctored, virtual environment that assesses their analytical ability to identify assets and resolve network and host cybersecurity issues, by applying the foundational cybersecurity knowledge and skills required of an evolving cyber first responder.
Candidates are strongly encouraged to review the CSX-P Exam Content Outline prior to purchase.
Continuing Professional Education (CPE) Credit Count: 8 (2 CPEs per examination hour) when a passing score is achieved.
Exam Information