The CSX Practitioner Exam Prep Course prepares students for the CSX Practitioner exam by providing them informative lessons and in-depth, performance-based labs to hone their technical cybersecurity skills. Upon completion of each lab, students are provided a detailed analytic report, identifying student strengths and weaknesses. Additionally, as students complete the course, they are awarded continuing professional education credits which are applicable to the maintenance of their professional certifications.
Continuing Professional Education (CPE) Credit Count: 48
Lesson Network Infrastructure and Digital Assets
- Network infrastructure analysis
- Digital asset analysis
Lab/Instructional Asset Identification
Understanding how to perform basic asset identification is an important skill for any cybersecurity practitioner. Leveraging Nmap, students will learn how to scan a network and ascertain the identity of computers for which they are responsible.
Lesson Network Topology and Data Flow Analysis
- Network topology construction
- Network topology diagrams
- Data flow identification and mapping
- Tools used to construc a network topology diagram
- Tools used to identify data flow
Lab/Instructional Data Flow Identification
In order to capture and analyze data flow, it is important to understand how to use Wireshark and Tshark, two critical tools in the packet analysis field. This lab uses these tools to map endpoints on the network.
Lesson Security Reviews and Gap Identifications
- Importance of security reviews
- Gap analysis and its usage
Lab/Instructional Enterprise Asset Identification
In addition to small networks, it is also just as important to practice working with large networks. Using nmap and zenmap, students will identify assets on an enterprise network in order to build a topology.
Lesson Security Policy and Procedure Development
- Security policies and procedures
- NDevelopment processes for policies and procedures
Lab/Instructional Data Flow Analysis
In this lab, students will be identifying packets with Wireshark. Due to the fact that data loss is a prevalent aspect of technology, we will need to recover the packet identification data using the tool Foremost.
Lab/Instructional Enterprise Data Flow Analysis
Since Wireshark cannot handle large amounts of data, students will be using SiLK for this lab. SiLK is a command line network protocol analyzer to help students map out endpoints within a network.
Lesson Regulation and Legal Impact
- Information sharing
- Importance of understanding legal and regulatory requirements
Lesson Threat Modeling
- Information sharing
- Elements of threat modeling
Lab/Challenge Identify Challenge
In this lab students will utilize their skills learned during the Identify module to map their network and identify an attack on a local machine.
Lesson Vulnerability Testing
- Vulnerability scanning
- Vulnerability scanning personnel
- Vulnerability scanning tools
Lesson Security Tools and Systems
- Configuring monitoring systems and alert criteria
- Implementing, configuring, and monitoring security tools and systems
- Developing use cases for security monitoring
Lab/Instructional Firewall Setup
In this lab, students will create firewall rules for a pfSense firewall based on their networks layout.
Lesson Incident Response Plans
- Incident response plan development
- Incident response plan testing
Lesson Security and Business Functions
- Incorporation of security considerations into business functions
- Monitoring user access, privileges, and permissions
- Monitoring compliance with security procedures and requirements
- Development of security training
In this lab, students will create a Windows restore point and backup Linux servers from a baseline functioning.
Lesson Security Configuration Evaluation
- Evaluating security configurations against established configuration standards and baselines
Lab/Instructional File System Protections
In this lab, students will learn how to set file permissions on a Windows Server as well as an Ubuntu machine.
Lab/Instructional OS Baseline
In this lab, students will get more practice with MBSA, as well as be introduced to the Linux Tiger IDS.
Lab/Challenge Protect Challenge
In this lab, students will utilize skills learned during the Protect module to complete a challenge.
Lesson Event and Incident Identification
- Assessing threat level and potential impact of anomalous behavior and security events
- Researching, analyzing, and correlating system activity and security events
- Monitoring and analyzing outputs from security tools, systems, and logs
Lab/Instructional SecOnion Setup and Testing
In this lab, students will set up a standalone Security Onion Server and explore and test its functionality.
Lab/Instructional Snort Rules
In this lab, students will learn to construct simple SNORT rules and use Kibana to conduct post-attack analysis.
Lab/Instructional Event Detection
An investigation is needed for an intrusion detection system alert. It is up to you to find out what is occurring in the network.
Lesson Malicious Activity Analysis
- Analyzing malicious activity to determine weaknesses and exploitation methods
Lab/Instructional Data and Network Analysis
In this lab, students will use WireShark to conduct a live packet capture while they are under attack. Using WireShark, students will identify the attackers IP, type of attack, and isolate anomalous packets related to the attack,
Lab/Instructional Vulnerability Analysis
This lab focuses on the security of the local area network. Vulnerability scans are key when maintaining strong security within a network. In this lab, vulnerability assessments will be conducted.
Lab/Challenge Detect Challenge
In this lab, students will utilize skills learned during the Detect module to complete a challenge.
Lesson Incident Notification and Containment
- Notifying appropriate incident response teams according to established protocols
- Identifying and implementing appropriate containment measures, countermeasures, and corrective actions
Lab/Instructional Incident Correlation
SecOnion has reported a possible threat to the network. Investigate the tripped SNORT rule and the system logs of the possible affected systems via Kibana.
Lesson Evidence Collection and Technical Analysis
- Collecting and preserving digital evidence according to relevant regulations and laws
- Conducting post-incident analysis
- Communicating and documenting notifications and outcomes of incident response
Lab/Instructional Network Forensics
After snort reported a network issue, conduct network forensics on the compromised system to identify and isolate the possible malware.
Lab/Instructional Malware Investigation and Evaluation
This lab utilizes various tools (ClamAV, strings, PDF Parser, and PDF Toolkit), to not only investigate, but also evaluate, possible malware that has been attached to emails in the form of PDFs.
Lab/Instructional Notification Escalation
Properly document and preserve evidence of an attack, and notify the appropriate personnel in accordance with the Incident Response Plan.
Lab/Challenge Respond Challenge
Using Security Onion, SGUIL, Snort, SSH, and ClamAV, students will put their Respond domain skills to the test.
Lesson System Validation
- Validating whether restored systems meet security requirements
In this lab, students will restore a Linux server from an image. Students will use Clonezilla in order to restore the Linux system to its baseline.
Lesson Post Incident Security Plan and Procedure Update
- Updating security plans and procedures following incident response
Lab/Instructional Restore Points
In this labs, students will restore a Windows Server using the restore point created in Lab 2.2 "Restore and Backup".