The eCIR is a highly technical certification that requires advanced knowledge
of networks, systems and cyber attacks. Anyone can attempt the certification
exam; however, below are suggested skills to possess for a successful outcome
The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber
security professionals to solve complex Incident Handling & Response scenarios
in order to become certified.
Only individuals who provide proof of their findings in addition to
identifying any attacker activities are awarded the eCIR Certification.
You will need to blend multiple detection and analysis methodologies to
effectively respond to the exam’s incidents. Traffic analysis, event/log
analysis within ELK and Splunk and event correlation are required. A skillset
like this will make you a valuable asset in the corporate sector.
Here are some of the ways eLearnSecurity Certified Incident Responder
certification is different from conventional exams:
Instead of putting you through a series of multiple-choice questions, you are
expected to perform actual Incident Response activities on two different
corporate networks. Both Incident Response simulations are modeled after real-
world scenarios and cutting-edge attacking techniques.
Contenuto del corso :
* Letters of engagement and the basics related to an Incident Response engagement
* Advanced networking concepts
* Knowledge of Incident Response processes and methodologies
* Packet/traffic analysis
* Ability to correlate events and logs
* Familiarly with tools such as Wireshark, ELK & Splunk
* Cyber crime Techniques, Tactics & Procedures
* Detection of all stages of the “Cyber Kill Chain”
* Familiarity with ELK and Splunk searches
* Ability to effectively analyze thousands of events within a SIEM
* Good understanding of Windows (and Sysmon) events
* Attacker activity detection through process analysis
Pagina di Vendita:
