[footag]
The Learning Initiative is an Authorized Training Partner to CertNexus.
CYBERSEC FIRST RESPONDER® IS THE “BLUE TEAM” CERTIFICATION FOR CYBERSECURITY.
Cybersecurity professionals require a well-rounded understanding of the tools, processes, and strategies that can be employed to defend their information systems from constantly evolving threats. CyberSec First Responder® (CFR) is a comprehensive certification designed to validate the knowledge and skills required to protect these critical information systems before, during, and after an incident.
The CFR exam is accredited under the ANSI/ISO/IEC 17024 standard and is approved by the U.S. Department of Defense (DoD) to fulfill Directive 8570/8140 requirements.
The CFR-210 version of the CyberSec First Responder examination retired in September 2019. Certifications will no longer be issued for CyberSec First Responder under the retired CFR-210 scheme. All future candidates and current certificants must take and pass the updated exam, CFR-310, in order to hold a valid CyberSec First Responder certification.
This cyber security course is delivered as a blend of eLearning and six 4-hour virtual sessions with a certified instructor.
This cyber security course covers network defense and incident response methods, tactics, and procedures that are in alignment with industry frameworks such as NIST 800-61r2 (Computer Security Incident Handling Guide), US-CERT’s National Cyber Incident Response Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents. The course introduces tools, tactics, and procedures to manage cybersecurity risks, identify various types of common threats, evaluate the organization’s security, collect and analyze cybersecurity intelligence, and remediate and report incidents as they occur. This course provides a comprehensive methodology for individuals responsible for defending the cybersecurity of their organization. This course is designed to assist students in preparing for the CertNexus CyberSec First Responder (Exam CFR-310) certification examination. What you learn and practice in this course can be a significant part of your preparation.
In addition, this course and subsequent certification (CFR-310) meet all requirements for personnel requiring DoD directive 8570.01-M position certification baselines:
This cyber security certification is designed primarily for cybersecurity practitioners preparing for or who currently perform job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. It is ideal for those roles within federal contracting companies and private sector firms whose mission or strategic objectives require the execution of Defensive Cyber Operations (DCO) or DoD Information Network (DoDIN) operation and incident handling.
This course focuses on the knowledge, ability, and skills necessary to provide for the defense of those information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes. In addition, the course ensures that all members of an IT team—regardless of size, rank, or budget—understand their role in the cyber defense, incident response, and incident handling process.
Target Candidate: Individuals with between 3 and 5 years of experience working in a computing environment as part of a CERT/CSIRT/SOC who protect critical information systems before, during, and after an incident.
Common Job Titles
To ensure your success in this course, you should meet the following requirements:
Exam Description: The CyberSec First Responder™ exam will certify that the successful candidate has the knowledge, skills, and abilities required to deal with a changing threat landscape and will be able to assess risk and vulnerabilities, acquire data, perform analysis, continuously communicate, determine scope, recommend remediation actions, and accurately report results.
Number of Questions: 100 questions
Item Formats: Multiple Choice/Multiple Response
Exam Duration: 120 minutes (including 5 minutes for Candidate Agreement and 5 minutes for Pearson VUE tutorial)
Exam Options: In person at Pearson VUE test centers
Passing Score: 70% or 71%, depending on exam form
Topic B: Assess Risk
Topic C: Mitigate Risk
Topic D: Integrate Documentation into Risk Management
Topic A: Classify Threats and Threat Profiles
Topic B: Perform Ongoing Threat Research
Topic A: Implement Threat Modeling
Topic B: Assess the Impact of Reconnaissance
Topic C: Assess the Impact of Social Engineering
Topic A: Assess the Impact of System Hacking Attacks
Topic B: Assess the Impact of Web-Based Attacks
Topic C: Assess the Impact of Malware
Topic D: Assess the Impact of Hijacking and Impersonation Attacks
Topic E: Assess the Impact of DoS Incidents
Topic F: Assess the Impact of Threats to Mobile Security
Topic G: Assess the Impact of Threats to Cloud Security
Topic A: Assess Command and Control Techniques
Topic B: Assess Persistence Techniques
Topic C: Assess Lateral Movement and Pivoting Techniques
Topic D: Assess Data Exfiltration Techniques
Topic E: Assess Anti-Forensics Techniques
Topic A: Implement a Vulnerability Management Plan
Topic B: Assess Common Vulnerabilities
Topic C: Conduct Vulnerability Scans
Topic A: Conduct Penetration Tests on Network Assets
Topic B: Follow Up on Penetration Testing
Topic A: Deploy a Security Intelligence Collection and Analysis Platform
Topic B: Collect Data from Network-Based Intelligence Sources
Topic C: Collect Data from Host-Based Intelligence Sources
Topic A: Use Common Tools to Analyze Logs
Topic B: Use SIEM Tools for Analysis
Topic A: Analyze Incidents with Windows-Based Tools
Topic B: Analyze Incidents with Linux-Based Tools
Topic C: Analyze Malware
Topic D: Analyze Indicators of Compromise
Topic A: Deploy an Incident Handling and Response Architecture
Topic B: Contain and Mitigate Incidents
Topic C: Prepare for Forensic Investigation as a CSIRT
Topic A: Apply a Forensic Investigation Plan
Topic B: Securely Collect and Analyze Electronic Evidence
Topic C: Follow Up on the Results of an Investigation
Appendix A: Mapping Course Content to CyberSec First Responder™ (Exam CFR-310)
Appendix B: Regular Expressions
Appendix C: Security Resources Appendix D: U.S. Department of Defense Operational Security practices
For this course, you will need one Microsoft® Windows Server® 2016 computer and one Microsoft® Windows® 10 computer for each student and for the instructor. Make sure that each computer meets the classroom hardware specifications: Windows Server 2016
Miscellaneous software that is not included in the course data files due to licensing restrictions:
The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.
Miscellaneous software that is included in the course data files:
VirtualBox, Wireshark, Snort, and icmpsh are distributed with the course data files under version 2 of the GNU General Public License (GPL). XAMPP is distributed under version 3 of the GNU GPL. SeaMonster is distributed under version 3 of the GNU Lesser General Public License (LGPL). OpenSSH for Windows is distributed with the course data files under a Berkeley Software Distribution (BSD) license. PuTTY is distributed with the course data files under the MIT License.
Drop us a line so we can help you on your learning journey.
Driven by our core values of Agility, Partnership, Transparency & Results we ensure our clients succeed in their goals by helping them translate strategy into action and organize around value in a complex digital world.
Dubai Knowledge Park
G11, Al Sufouh 2, Dubai
United Arab Emirates
Trademarks: PRINCE®, ITIL® and IT Infrastructure Library® are registered trade mark of AXELOS Limited, used under permission of AXELOS Limited. The Swirl logo™ is a trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. PMI, the Registered Education Provider logo, PMBOK, PMP, PgMP, PFMP, CAPM, PMI-SP, PMI-PBA, PM Network, PMI Today, Pulse of the Profession, the PMI logo, the PMP logo and PMBOK are registered marks of the Project Management Institute, Inc. The Self-Study courses on this page are offered by Professional Training Center of Excellence ATO/Affiliate of AXELOS Limited. All rights reserved.
All prices are exclusive of VAT.
® 2020 The Learning Initiative. All rights reserved.