CCNA Cyber Ops (PDFDrive)
CCNA Cyber Ops (PDFDrive)
CCNA Cyber Ops (PDFDrive)
• Introduction
• Job Role of a Security Analyst
• CCNA Cyber Ops
• Highlights of SECFND Course
• Highlights of SECOPS Course
• Exam Prep Information
• Conclusion
The Problem
The Problem…
Anthem
Target
Mossack Fonseca
Ebay
JP Morgan Chase
Voter Database
Univ. of MD
Neiman Marcus
TJ Maxx
Sony
Zappos
LinkedIn
Citigroup
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Threat Landscape is Evolving…
Enterprise Antivirus IDS/IPS Reputation (Global) Intelligence and
Response (Host-Based) (Network Perimeter) and Sandboxing Analytics (Cloud)
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
The History of Hacking and Examples
Sophisticated Attacks,
Complex Landscape
Hacking Becomes
an Industry
Phishing, Low
Shamoon2
Sophistication Botnets
Aurora GRIZZLY STEPPE
Nimda Tedroo
ILOVEYOU Angler
SQL Slammer Rustock Shady Rat
Melissa
Conficker Conficker v2 Duqu
Anna Kournikova
1990 1995 2000 2005 2010 2015 2020
Viruses Worms Spyware and Rootkits APTs Cyberware
1990–2000 2000–2005 2005–Today Today +
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
How Industrial Hackers Monetize the Opportunity
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Source: CNBC
Job Role of a Security Analyst
Challenges Facing Organizations
• Detecting Advanced Persistent Threats. Malware that makes it
past perimeter security can remain in the enterprise waiting to strike
as lurking threats. These may be zero day threats that do not yet
have an antivirus signature or be hard to detect for other reasons.
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
New Focus - Attack Continuum
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
National Institute for Standards & Technology
Objective:
• Framework
• Job Role Alignment
• Students have clear job
prospects & opportunities
• Help Policy Makers promote
job growth
• Assist Employers with job skill
hire and development
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Continue: Security Analyst Challenges
Customized Threat
Bypasses Security Customized Threat
Gateways Enters from Inside
N-AV Threat
Spreads to
Web Sec Devices
Email Sec
1 2
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Functional Model for Security Analyst
Prevent Security Analyst
Network SOC Solution Components
Host IPS
IPS Detect
Email/Web Network IDS Adv. Malware
Firewall
Proxy
Behavioral NetFlow
Spam
Antivirus
Prevention
anomaly anomaly
Skill
Foundation Device Traffic Performance Device
Config Capture Monitoring Monitoring
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Example – Job Roles in a SOC
Data
Intel & Research
Analysis Investigate
SIEM, Packet Data Analysis,
Capture & Collaboration,
Flow Tools & Case Tools
Tools Evidence & Information
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
“Kimusky” Operation: A North Korean APT
• 4 Key South Korean Targets
• Phishing against Hyundai Merchant Marine
• Infecting Systems
• Trojan Dropper – DLL library against Windows 7
• Disable Firewall
• Communication
• Command and control Bot done through a Bulgarian web-based free email server
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
CCNA Cyber Operations
Certification
Simplified Security Team Model
Certifications Mapping
Secure Infrastructure
CSO / Manager
Architect & Engineers “Set Policy & Prioritize”
“Design and Secure”
Architect & Engineer
CCIE • CE Credits CISO, Manager
Legal/Compliance/Privacy
Cisco SAFE
Security • Cross-Training
Architecture • Product or Job- Threat Centric Model
Role Training
CCNP
Security
CCNA CCNA
Secure Infrastructure Security Operations Team
Engineers, Technicians Security Cyber Ops “Detect and Respond”
Security Analyst; First Responder; Network
& Administrators Auditor; Digital Forensics Investigator; SOC
“Build and Secure” Team Member
Engineer, Administrator, Technician
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Curriculum Paths: Security Career Training
“Traditional” Mix Newer Areas
Core (Job) Skills
Product Training Secure Cybersecurity Applied Security
Infrastructure Operations
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Security Fundamentals Course
(SECFND)
Security Fundamentals Course
14 Sections in this course that cover:
• Fundamentals of TCP/IP 75% of the Course is on
Foundation Skills
• Fundamentals Cryptography
• Information Security Focused on knowledge
• Network Applications and Attacks needed for SECOPS
Course
• Windows and Linux OS Overview
• Endpoint Attacks and Security Data Collection and Event
• Security Data Collection ** Analysis key feeder
concepts
• Security Event Analysis **
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Example Lifecycle of Detection
SIEM Tools &
Preparation Workflow
Management
Containment
and Security
Eradication Engineer
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Attacker Methodology
Gather Info
• Understand what type of
Attackers there are. Scan
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Malware and Attacker tools
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Example of a Complex Threat Visibility Concept
Leveraging Netflow to investigate a potential IT policy violation investigation
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Attack Example – SQL Injection
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Kill Chain
• Understand what Attackers Do
Source: Mandiant Report – APT1 Exposing One of China’s Cyber Espionage Units
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Diamond Model
• Diamond Model was
developed to help derive order
from chaos.
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Security Operations Course
(SECOPS)
Security Operations Course
14 Sections plus some Appendix Information:
• Define a SOC and job roles in a SOC Course focuses on entry-
• SOC Infrastructure Tools and Systems
level Security Analyst skills
• Incident Analysis for a Threat Centric SOC
• Resources to Assist with an Investigation Solid Network Foundation
is Critical
• Event Correlation and Normalization
• Common Attack Vectors
Generic SOC Approach
• Identifying Malicious Activity
• Using the Playbook
• Incident Respond Handbook
• SOC Metrics/Threat Integration
• SOC Workflow and Automation
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Types of SOC’s
• Analogy – Threat Centric SOC is like predicting the weather 100% correct all the
time
• One SOC does not fit all
• Threat-Centric – proactively hunts for threats on a network
• Telemetry and Data Analytics
• Versus Compliance-Based SOC
• Detection of unauthorized changes
• Policy violations
• Compliance with PCI or DSS 2.0
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Generic SOC Architecture
Threat
Intelligence Applications & Analyst Tools
Feeds
Full Packet Capture
NetFlow
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
External Resources
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
SOC Analyst Tier 1
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Stages of Attack
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Network Security Monitoring & Tools
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
NetFlow Information
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Example NetFlow Traffic Flow
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Specific NetFlow Host Communications
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
DNS Record
Label TTL Internet Record Type Data
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Abnormal Traffic Indicators
DMZ servers scanning the
inside network
SOC Analyst
understanding “Well
Known Ports”
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Log Data Search
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Malware Site – Identify Malicious Payloads
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
SGUIL Log Analysis
• Session Data
• Raw Packet
captures
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Further Investigation
Consolidation of
messages on single
interface
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Playbook
Playbook
• The playbook is a prescriptive collection of repeatable plays (reports or
methods) to elicit a specific response to a security event
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
SOC Playbook Example
What does this playbook example
show?
Mitigation Action
Analysis – Bulk of the documentation
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Workflow
Workflow Components in a SOC
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Workflow Management Systems
• New Solution
• Software that tags and SIEM Ticketing System
Information Flow
• Tracks events Security Workflow Management System
• Supports playbook
process Security Devices
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Workflow Tool
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
How to Prepare for the Exams
Exam Preparation
• How to Prepare for the Exams (SECFND 210-250 / SECOPS 210-255)
• Exam Blueprint:
http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-
list/secfnd.html
• Resources
• Books – Cisco Press
• Publically available resources
• Cisco Learning Network – Study Group
• Labs “Build your own with Security Onion”
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
How to Prepare
• Where to Start?
• Blueprint
• Create a study plan
• Study Group on Cisco Learning Network
• CCNA Cyber Ops
• Posted documents
• https://learningnetwork.cisco.com/groups/cyber-security-study-group
• Example of Resources
• NIST Documents
• http://csrc.nist.gov/publications/PubsSPs.html
• csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
• NetFlow Overview
• Wireshark Usage
• www.wireshark.org/docs/wsug_html_chunked
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
210-250 (SECFND) Cisco Cybersecurity
Fundamentals—Topics and Weighting
SECFND (210-250) Exam—Topics and Weighting
12% 1.0 Network Concepts
17% 2.0 Security Concepts
12% 3.0 Cryptography
19% 4.0 Host-Based Analysis
19% 5.0 Security Monitoring
21% 6.0 Attack Methods
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Example – Course Material SECFND
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
210-250(SECFND) Cisco Security Fundamentals
1.0 Network Concepts
1.1 Describe the function of the network layers as specified by the OSI and 1.0 Network Concepts – continued.
the TCP/IP network models
1.2 – Describe the operation of the following 1.7 Describe the relationship between VLANs and data visibility
1.2.a IP 1.8 Describe the operation of ACLs applied as packet filters on the interfaces
1.2.b TCP of network devices
1.2.c UDP 1.9 Compare and contrast deep packet inspection with packet filtering and
1.2.d ICMP stateful firewall operation
1.3 Describe the operation of these network services 1.10 Compare and contrast inline traffic interrogation and taps or traffic
1.3.a ARP mirroring
1.3.b DNS 1.11 Compare and contrast the characteristics of data obtained from taps or
1.3.c DHCP traffic mirroring and NetFlow in the analysis of network traffic
1.4 Describe the basic operation of these network device types 1.12 Identify potential data loss from provided traffic profiles
1.4.a Router 2.0 Security Concept
1.4.b Switch 2.1 – Describe the principles of defense in depth strategy?
1.4.c Hub 2.2 Compare and contrast these concepts
1.4.d Bridge 2.2.a Risk
1.4.e Wireless access point (WAP) 2.2.b Threat
1.4.f Wireless LAN controller (WLC) 2.2.c Vulnerability
1.5 Describe the functions of these network security systems as deployed on 2.2.d Exploit
the host, network, or the cloud: 2.3 Describe these terms
1.5.a Firewall 2.3.aT hreat actor
1.5.b Cisco Intrusion Prevention System (IPS) 2.3.b Run book automation (RBA)
1.5.c Cisco Advanced Malware Protection (AMP) 2.3.c Chain of custody (evidentiary)
1.5.d Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS) 2.3.d Reverse engineering
1.5.e Email Security Appliance (ESA) / Cisco Cloud Email Security (CES) 2.3.e Sliding window anomaly detection
1.6 – Describe IP subnets and communication within an IP subnet and 2.3.f PII
between IP subnets 2.3.g PHI
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
210-250(SECFND) Cisco Security Fundamentals- Continue
2.0 Security Concepts – cont.
2.4 Describe these security terms 3.0 Cryptography – continued.
2.4.a Principle of least privilege
3.5 Describe the operation of a PKI
2.4.b Risk scoring/risk weighting
2.4.c Risk reduction 3.6 Describe the security impact of these commonly used hash
2.4.d Risk assessment algorithms
3.6.a MD5
2.5 Compare and contrast these access control models
3.6.b SHA-1
2.5.a Discretionary access control
2.5.b Mandatory access control 3.6.c SHA-256
2.5.c Nondiscretionary access control 3.6.d SHA-512
2.6 Compare and contrast these terms 3.7 Describe the security impact of these commonly used encryption
2.6.a Network and host antivirus algorithms and secure communications protocols
2.6.b Agentless and agent-based protections 3.7.a DES
2.6.c SIEM and log collection 3.7.b 3DES
2.7 Describe these concepts 3.7.c AES
2.7.a Asset management 3.7.d AES256-CTR
2.7.b Configuration management 3.7.e RSA
2.7.c Mobile device management 3.7.f DSA
2.7.d Patch management 3.7.g SSH
2.7.e Vulnerability management 3.7.h SSL/TLS
3.8 Describe how the success or failure of a cryptographic exchange
3.0 Cryptography impacts security investigation
3.1 Describe the uses of a hash algorithm 3.9 Describe these items in regards to SSL/TLS
3.9.a Cipher-suite
3.2 Describe the uses of encryption algorithms 3.9.b X.509 certificates
3.3 Compare and contrast symmetric and asymmetric encryption algorithms 3.9.c Key exchange
3.4 Describe the processes of digital signature creation and verification 3.9.d Protocol version
3.9.e PKCS
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
210-250(SECFND) Cisco Security Fundamentals- Continue
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Example – Course Material SECOPS
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
210-255(SECOPS) Cisco Security Operations
1.0 Endpoint Threat Analysis & Computer Forensics 1.0 Endpoint Threat Analysis & Computer Forensic – cont.
1.1 - Interpret the output report of a malware analysis tool such as AMP
1.6 - Compare and contrast three types of evidence
Threat Grid and Cuckoo Sandbox
1.6.a Best evidence
1.2 - Describe these terms as they are defined in the CVSS 3.0:
1.6.b Corroborative evidence
1.2.a Attack vector
1.6.c Indirect evidence
1.2.b Attack complexity
1.7 - Compare and contrast two types of image
1.2.c Privileges required
1.7.a Altered disk image
1.2.d User interaction
1.7.b Unaltered disk image
1.2.e Scope
1.8 Describe the role of attribution in an investigation
1.3 - Describe these terms as they are defined in the CVSS 3.0
1.8.a Assets
1.3.a Confidentiality
1.8.b Threat actor
1.3.b Integrity
1.3.c Availability
1.4 - Define these items as they pertain to the Microsoft Windows file system 2.0 Network Intrusion Analysis
1.4.a FAT32 2.1 Interpret basic regular expressions
1.4.b NTFS 2.2 Describe the fields in these protocol headers as they relate to intrusion
1.4.c Alternative data streams analysis:
1.4.d MACE 2.2.a Ethernet frame
1.4.e EFI 2.2.b IPv4
1.4.f Free space 2.2.c IPv6
1.4.g Timestamps on a file system 2.2.d TCP
1.5 – Define these terms as they pertain to the Linux file system 2.2.e UDP
1.5.aEXT4 2.2.f ICMP
1.5.bJournaling 2.2.g HTTP
1.5.cMBR 2.3 Identify the elements from a NetFlow v5 record from a security event
1.5.d Swap file system
1.5.e MAC
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
210-255(SECOPS) Cisco Security Operations
3.0 Incident Response - cont.
2.0 Network Intrusion Analysis – cont. 3.2 Map elements to these steps of analysis based on the NIST-SP800-61R2
2.6 Interpret common artifact elements from an event to identify an alert 3.2.a Preparation
2.6.a IP address (source / destination) 3.2.b Detection and analysis
2.6.b Client and Server Port Identity 3.2.c Containment, eradication, and recovery
2.6.c Process (file or registry) 3.2.d Post-incident analysis (lessons learned)
2.6.d System (API calls) 3.3 Map the organization stakeholders against the NIST IR categories (C2M2
2.6.e Hashes page 2, NIST.SP800-61 r2 p.21-p.41)
2.6.f URI / URL 3.3.a Preparation
2.7 Map the provided events to these source technologies 3.3.b Detection and analysis
2.7.a NetFlow 3.3.c Containment, eradication, and recovery
2.7.b IDS / IPS 3.3.d Post-incident analysis (lessons learned)
2.7.c Firewall 3.4 Describe the goals of the given CSIRT
2.7.d Network application control (https://www.cert.org/incident-management/csirt-development/csirt-faq.cfm)
2.7.e Proxy logs 3.4.a Internal CSIRT
2.7.f Antivirus 3.4.b National CSIRT
12.8 Compare and contrast impact and no impact for these items 3.4.c Coordination centers
2.8.a False Positive 3.4.d Analysis centers
2.8.b False Negative 3.4.e Vendor teams
2.8.c True Positive 3.4.f Incident response providers (MSSP)
2.8.d True Negative 3.5 Identify these elements used for network profiling
2.9 Interpret a provided intrusion event and host profile to calculate the 3.5.a Total throughput
impact flag generated by Firepower Management Center (FMC) 3.5.b Session duration
3.0 Incident Response 3.5.c Ports used
3.1 Describe the elements that should be included in an incident response 3.5.d Critical asset address space
plan as stated in NIST.SP800-61 r2 3.6 Identify these elements used for server profiling
3.6.a Listening ports
3.6.b Logged in users/service accounts
3.6.c Running processes
3.6.d Running tasks
3.6.e Applications 69
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
210-255(SECOPS) Cisco Security Operations
3.0 Incident Response - cont. 5.0 Incident Handling
3.7 Map data types to these compliance frameworks 5.1 Classify intrusion events into these categories as defined in the diamond
3.7.aPCI model of intrusion
3.7.bHIPPA (Health Insurance Portability and Accountability Act) 5.1.a Reconnaissance
3.7.cSOX 5.1.b Weaponization
3.8 Identify data elements that must be protected with regards to a specific 5.1.c Delivery
standard (PCI-DSS) 5.1.d Exploitation
5.1.e Installation
4.0 Data and Event Analysis 5.1.f Command and control
5.1.g Action on objectives
4.1 Describe the process of data normalization
5.2 Apply the NIST.SP800-61 r2 incident handling process to an event
4.2 Interpret common data values into a universal format
5.3 Define these activities as they relate to incident handling
4.3 Describe 5-tuple correlation
5.3.a Identification
4.4 Describe the 5-tuple approach to isolate a compromised host in a 5.3.b Scoping
grouped set of logs 5.3.c Containment
4.5 Describe the retrospective analysis method to find a malicious file, 5.3.d Remediation
provided file analysis report 5.3.e Lesson-based hardening
4.6 Identify potentially compromised hosts within the network based on a 5.3.f Reporting
threat analysis report containing malicious IP address or domains 5.4 Describe these concepts as they are documented in NIST SP800-86
4.7 Map DNS logs and HTTP logs together to find a threat actor 5.4.a Evidence collection order
4.8 Map DNS, HTTP, and threat intelligence data together 5.4.b Data integrity
4.9 Identify a correlation rule to distinguish the most significant alert from a 5.4.c Data preservation
given set of events from multiple data sources using the firepower 5.4.d Volatile data collection
management console 5.5 Apply the VERIS schema categories to a given incident
4.10 Compare and contrast deterministic and probabilistic analysis
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Recommended Books
CCNA Cyber Ops SECFND #210-250 Official Cert Guide
By Omar Santos, Joey Muniz, and Stefano De Crescenzo
ISBN: 9781587147029
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
More Resources…
Books
• Cisco Press - Network Security with NetFlow and IPFIX
• Cisco Press - Computer Incident and Product Vulnerability Handling
• The Tao of Network Security Monitoring – by Richard Bejtlich (SECOPS)
• Incident Response with NetFlow for Dummies
http://www.lancope.com/blog/incident-response-for-dummies/
• Real Digital Forensics: Computer Security and Incident Response
• Security Monitoring by Chris Fry and Martin Nystrom
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Cyber Range Service Delivery Platform
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Q&A
Complete Your Online Session Evaluation
Give us your feedback and receive a
Cisco Live 2017 Cap by completing the
overall event evaluation and 5 session
evaluations.
Caps can be collected Friday 10 March Learn online with Cisco Live!
at Registration. Visit us online after the conference
for full access to session videos and
presentations.
www.CiscoLiveAPAC.com
BRKCRT-2207 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Thank you