CFR (CyberSec First Responder)

• Compare and contrast various threats and classify threat profile
• Explain the purpose and use of attack tools and technique
• Explain the purpose and use of post exploitation tools and tactic
• Explain the purpose and use of social engineering tactic
• Given a scenario, perform ongoing threat landscape research and use data to prepare for incident
• Explain the purpose and characteristics of various data source 
• Given a scenario, use appropriate tools to analyze log
• Given a scenario, use regular expressions to parse log files and locate meaningful data
• Given a scenario, use Windows tools to analyze incidents
• Given a scenario, use Linux-based tools to analyze incidents
• Summarize methods and tools used for malware analysis
• Given a scenario, analyze common indicators of potential compromise
• Explain the importance of best practices in preparation for incident response
• Given a scenario, execute incident response process
• Explain the importance of concepts that are unique to forensic analysis
• Explain general mitigation methods and devices

Assessment of Information Security Risks

•  The importance of risk management
•  Assess risk
•  Mitigate risk
•  Integrating documentation into risk management 

Analyzing the Threat Landscape

•  Classify threats and threat profiles
•  Perform ongoing threat research

Computing and Network Environments: Analyzing Reconnaissance Threats

•  Implementation of threat modeling
•  Reconnaissance: assessing the impact
•  Social engineering: assessing the impact

Analyzing Attacks on Computing and Network Environments

•  System hacking attacks: assessing the impact
•  Web-based attacks: assessing the impact
•  Malware: assessing the impact
•  Hijacking and impersonation attacks: assessing the impact
•  DoS incidents: assessing the impact
•  Threats to mobile security: assessing the impact
•  Threats to cloud security: assessing the impact

Examining Post-Attack Techniques

•  Examine command and control techniques
•  Examine persistence techniques
•  Examine lateral movement and pivoting techniques
•  Examine data ex-filtration techniques
•  Examine anti-forensics techniques

Manage Vulnerabilities in the Organization

•  Implement a vulnerability management plan
•  Examine common vulnerabilities
•  Conduct vulnerability scans

Evaluate Security by Implementing Penetration Testing

• Conduct penetration tests on network assets
•  Follow up on penetration testing

Collecting Cybersecurity Intelligence

• Deployment of a security intelligence collection and analysis platform
•  Data collection from network-based intelligence sources
•  Data collection from host-based intelligence sources

 Analyze Log Data

•  Common tools to analyze logs
• Course content (cont.)
•  SIEM tools for analysis

Performing Active Asset and Network Analysis

•  Analyze incidents using Windows-based tools
•  Analyze incidents using Linux-based tools
•  Analyze malware
•  Analyze indicators of compromise

Response to Cybersecurity Incidents

•  Deployment of incident handling and response architecture
•  Containment and mitigation of incidents
•  Preparation for forensic investigation as a CSIRT

 Investigating Cybersecurity Incidents

•  Use a forensic investigation plan
•  Securely collect and analyze electronic evidence
•  Follow up on the results of an investigation
• Appendix A: mapping course content to CyberSec First Responder (Exam CFR-310)
• Appendix B: regular expressions
• Appendix C: security resources
• Appendix D: U.S. Department of Defense operational security practices

Exam Details

• Exam: CFR-310
• Up to 100 Questions
• Types of Questions: Multiple choice and multiple response
• Passing Score: 70% or 71%, depending on exam form. Forms have been statistically equated.
• Test Duration: 120 minutes 
• Test Delivery: Pearson VUE