Course Description
This five-session exam-prep course combines knowledge and practice to prepare learners for the CCOA exam. Instructors
are encouraged to tailor the course to the learners’ experience level. The initial domains may be better suited for review,
providing more time to focus on the complex concepts in Domains 4 and 5.
Course Agenda with Labs:
The following agenda recommends the domain content covered in class and labs for the learners’ homework outside of class. The instructor may leverage the CCOA Labs.pptx as appropriate to cover the homework labs.
Day 1
• Domains 1 and 2
• Labs
◦ Incident Management System (SOC Case)
◦ Threat Intelligence Platform (MISP)
◦ SIEM with Elastic
Day 2
• Domains 2 and 3
• Labs
◦ DNS and Email /SMTP Analysis
◦ HTTP/HTTPS Analysis
◦ Endpoint Security Analysis
Day 3
• Domain 4
• Labs
◦ Scanning and Analyzing Vulnerabilities
◦ Windows Logs
◦ Advanced Log Analysis
◦ Incident Containment
Day 4
• Domains 4 and 5
• Labs
◦ Collecting and Verifying Integrity of Data
◦ Collecting and Documenting Incidents
◦ Malware Analysis (Cyberchef)
Day 5
• Wrap up Domain 5
• Address questions and discuss labs
Domain 1: Technology Essentials
Learning Objectives:
• Identify the key components of both computer and cloud networking.
• Understand how databases, virtualization, and containerization are leveraged.
• Become familiar with command line interfaces.
• Identify the purpose, benefits, and use of APIs.
• Understand the principles and concepts of DevOps, SecDevOps, and the CI/CD pipeline.
• Fundamentally understand programming and scripting.
Topics:
• Part A: Networking
◦ Computer Networking Models
◦ Devices Ports Protocols
◦ Network Access Controls
◦ Network Tools
◦ Network Topology
◦ Segmentation
• Part B: System & Endpoint
◦ Databases
◦ Command Line
◦ Containers and Virtualization
◦ Middleware
◦ Operating Systems
• Part C: Applications
◦ Application Programming Interface
◦ Automated Deployment
◦ Programming and Scripting
Domain 2: Cybersecurity Principles and Risk
Learning Objectives:
• Understand cybersecurity governance and alignment with business drivers.
• Define cybersecurity strategy based on enterprise objectives.
• Establish effective cross-organizational communication for cybersecurity.
• Define roles and responsibilities for cybersecurity initiatives.
• Develop metrics for evaluating cybersecurity program performance.
• Inform stakeholders about investment needs for asset protection.
• Implement repeatable processes for cybersecurity risk management.
• Recognize internal and external compliance requirements.
• Document risk associated with enterprise operations.
Topics:
• Part A: Cybersecurity Principles
◦ Compliance
◦ Governance
◦ Risk Management
◦ Roles and Responsibility
◦ Security Models
• Part B: Cybersecurity Risk
◦ Application Security Risk
◦ Cloud Technology Risk
◦ Data Risk
◦ Network Security Risk
◦ Supply Chain Risk
◦ System Endpoint Risk
◦ Web Application Risk
◦ User Risk
Domain 3: Adversarial Tactics, Techniques, and Procedures
Learning Objectives:
• Understand common adversarial tactics, techniques, and procedures (TTPs).
• Develop critical and creative thinking skills for threat detection and response.
• Differentiate between dashboard events and attacker mindset insights.
• Tune baseline detections for malicious and anomalous behaviors.
• Implement time-optimized reactive detection capabilities.
• Engage in proactive threat-hunting activities.
• Explore the threat landscape, including attack vectors and threat actors.
• Identify motivations behind cyberattacks.
• Utilize threat intelligence sources effectively.
• Recognize various attack types and cyberattack stages.
• Analyze exploit techniques used by threat actors.
• Understand the significance of security testing in cybersecurity.
Topics:
• Part A: Treat Landscape
◦ Attack Vectors
◦ Threat Actors and Agents
◦ Threat Intelligence Sources
• Part B: Means and Methods
◦ Attack Types
◦ Cyber Attack Stages
◦ Exploit Techniques
◦ Security Testing
Domain 4: Incident Detection and Response
Learning Objectives:
• Understand the inevitability of cybersecurity incidents and the importance of incident preparedness.
• Recognize the significance of incident detection and response in mitigating the impact of cybersecurity events.
• Appreciate the role of proactive planning, practice, and process refinement in effective incident response.
• Identify the components and techniques involved in incident detection, from data analytics to security logs and alerts.
• Learn to develop detection use cases and recognize indicators of compromise for early threat identification.
• Explore the various security monitoring tools and technologies essential for effective incident detection.
• Master the fundamentals of incident response, including containment strategies and handling procedures.
• Gain proficiency in forensic analysis, malware analysis, network traffic analysis, packet analysis, and threat analysis for comprehensive incident response.
• Explore the various security monitoring tools and technologies essential for effective incident detection.
• Master the fundamentals of incident response, including containment strategies and handling procedures.
• Gain proficiency in forensic analysis, malware analysis, network traffic analysis, packet analysis, and threat analysis for comprehensive incident response.
Topics:
• Part A: Incident Detection
◦ Data Analysis
◦ Detection Analysis
◦ Indicators of Attack & Compromise
◦ Indicators of Attack Indicators of Compromise
◦ Logs and Alerts
◦ Advanced Log Analysis
• Part B: Incident Response
◦ Incident Containment
◦ Incident Handling
◦ Forensic Analysis
◦ Network Traffic Analysis
◦ Packet Analysis Threat Analysis
Domain 5: Securing Assets
Learning Objectives:
• Understand the importance of designing countermeasures to protect digital assets.
• Recognize the iterative nature of securing systems an their ecosystems.
• Appreciate the holistic approach to securing assets, considering technical aspects and organizational products, services, and critical business processes.
• Differentiate between the security needs of various industries based on the unique values assigned to digital assets and risk tolerance levels.
• Gain insight into how an organization’s business goals and risk assessments influence the selection of security controls.
• Develop foundational knowledge of contingency planning to ensure business continuity during security incidents.
• Explore different control techniques applicable to securing digital assets.
• Understand the principles and practices of identity and access management to ensure proper authorization and authentication.
• Become familiar with industry best practices, guidance, frameworks, and standards relevant to asset security.
• Master the processes of vulnerability assessment, identification, remediation, and tracking to effectively manage vulnerabilities and mitigate risk.
Topics:
• Part A: Controls
◦ Contingency Planning
◦ Controls and Techniques
◦ Identity and Access Management
◦ Industry Best
◦ Collecting and Verifying Integrity of Data
◦ Collecting and Documenting Incidents
• Part B: Vulnerability Management
◦ Vulnerability Assessment
◦ Vulnerability Identification
◦ Vulnerability Remediation
◦ Vulnerability Tracking
Full List of Labs:
1. Incident Management System (SOC Case)
2. Threat Intelligence Platform (MSP)
3. SIEM with Elastic
4. DNS and Email /SMTP Analysis
5. HTTP/HTTPS Analysis
6. Endpoint Security Analysis
7. Scanning and Analyzing Vulnerabilities
8. Windows Logs
9. Advanced Log Analysis
10. Incident Containment
11. Collecting and Verifying Integrity of Data
12. Collecting and Documenting Incidents
13. CyberChef for Security Analysts
