350-201: Performing CyberOps Using Cisco Security Technologies (CBRCOR)

This exam tests your knowledge and skills related to core cybersecurity operations, including:

◉ Fundamentals

◉ Techniques

◉ Processes

◉ Automation

350-201: Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Performing CyberOps Using Cisco Security Technologies v1.1 (CBRCOR 350-201) is a 120-minute exam that is associated with the Cisco CyberOps Professional Certification. This exam certifies a candidate's knowledge of core cybersecurity operations including cybersecurity fundamentals, techniques, processes, and automation.

Cisco 350-201 Exam Overview:

Exam Name	Performing CyberOps Using Cisco Security Technologies
Exam Number	350-201 CBRCOR
Exam Number	$400 USD
Duration	120 minutes
Number of Questions	90-110
Passing Score	Variable (750-850 / 1000 Approx.)
Recommended Training	Performing CyberOps Using Cisco Security Technologies (CBRCOR) CBRCOR study materials
Sample Questions	Cisco 350-201 Sample Questions
Practice Exam	Cisco Certified CyberOps Specialist - CyberOps Core Practice Test

Cisco 350-201 Exam Topics:

Section	Weight	Objectives
Fundamentals	20%	- Interpret the components within a playbook - Determine the tools needed based on a playbook scenario - Apply the playbook for a common scenario (for example, unauthorized elevation of privilege, DoS and DDoS, website defacement) - Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101) - Describe the concepts and limitations of cyber risk insurance - Analyze elements of a risk analysis (combination asset, vulnerability, and threat) - Apply the incident response workflow - Describe characteristics and areas of improvement using common incident response metrics - Describe types of cloud environments (for example, IaaS platform) - Compare security operations considerations of cloud platforms (for example, IaaS, PaaS)
Techniques	30%	- Recommend data analytic techniques to meet specific needs or answer specific questions - Describe the use of hardening machine images for deployment - Describe the process of evaluating the security posture of an asset - Evaluate the security controls of an environment, diagnose gaps, and recommend improvement - Determine resources for industry standards and recommendations for hardening of systems - Determine patching recommendations, given a scenario - Recommend services to disable, given a scenario - Apply segmentation to a network - Utilize network controls for network hardening - Determine SecDevOps recommendations (implications) - Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence - Apply threat intelligence using tools - Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards - Describe the different mechanisms to detect and enforce data loss prevention techniques ◉ host-based ◉ network-based ◉ application-based ◉ cloud-based - Recommend tuning or adapting devices and software across rules, filters, and policies - Describe the concepts of security data management - Describe use and concepts of tools for security data analytics - Recommend workflow from the described issue through escalation and the automation needed for resolution - Apply dashboard data to communicate with technical, leadership, or executive stakeholders - Analyze anomalous user and entity behavior (UEBA) - Determine the next action based on user behavior alerts - Describe tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools) - Evaluate artifacts and streams in a packet capture file - Troubleshoot existing detection rules - Determine the tactics, techniques, and procedures (TTPs) from an attack
Processes	30%	- Prioritize components in a threat model - Determine the steps to investigate the common types of cases - Apply the concepts and sequence of steps in the malware analysis process: ◉ Extract and identify samples for analysis (for example, from packet capture or packet analysis tools) ◉ Perform reverse engineering ◉ Perform dynamic malware analysis using a sandbox environment ◉ Identify the need for additional static malware analysis ◉ Perform static malware analysis ◉ Summarize and share results - Interpret the sequence of events during an attack based on analysis of traffic patterns - Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices) - Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario - Determine IOCs in a sandbox environment (includes generating complex indicators) - Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario - Recommend the general mitigation steps to address vulnerability issues - Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques
Automation	20%	- Compare concepts, platforms, and mechanisms of orchestration and automation - Interpret basic scripts (for example, Python) - Modify a provided script to automate a security operations task - Recognize common data formats (for example, JSON, HTML, CSV, XML) - Determine opportunities for automation and orchestration - Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload) - Explain the common HTTP response codes associated with REST APIs - Evaluate the parts of an HTTP response (response code, headers, body) - Interpret API authentication mechanisms: basic, custom token, and API keys - Utilize Bash commands (file management, directory navigation, and environmental variables) - Describe components of a CI/CD pipeline - Apply the principles of DevOps practices - Describe the principles of Infrastructure as Code