100% OFF-200-201 CBROPS Cisco Cybersecurity Operations Fundamental QA

Are you ready to prepare for the Cisco Certified CyberOps Associate certification exam ?

The Cisco Certified CyberOps Associate program focuses on the latest operational skills and knowledge you need for real-world jobs in security operations centers (SOCs). SOC analysts serve as the front line of defense against cybersecurity threats – preventing and detecting threats to defend your organization.

The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam (200-201) is a 120-minute assessment that is associated with the Cisco Certified CyberOps Associate certification. The CBROPS exam tests a candidate’s knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. The course, Understanding Cisco Cybersecurity Operations Fundamentals, helps candidates to prepare for this exam.

Cisco 200-201 CBROPS Exam Topics :

1.0 Security Concepts

• Describe the CIA triad
• Compare security deployments
• Describe security terms
• Compare security concepts
• Describe the principles of the defense-in-depth strategy
• Compare access control models
• Describe terms as defined in CVSS
• Identify the challenges of data visibility (network, host, and cloud) in detection
• Identify potential data loss from provided traffic profiles
• Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
• Compare rule-based detection vs. behavioral and statistical detection

2.0 Security Monitoring

• Compare attack surface and vulnerability
• Identify the types of data provided by these technologies
• Describe the impact of these technologies on data visibility
• Describe the uses of these data types in security monitoring
• Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
• Describe web application attacks, such as SQL injection, command injections, and crosssite scripting
• Describe social engineering attacks
• Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
• Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies
• Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)

3.0 Host-Based Analysis

• Describe the functionality of these endpoint technologies in regard to security monitoring
• Identify components of an operating system (such as Windows and Linux)
• Describe the role of attribution in an investigation
• Identify type of evidence used based on provided logs
• Compare tampered and untampered disk image
• Interpret operating system, application, or command line logs to identify an event
• Interpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)

4.0 Network Intrusion Analysis

• Map the provided events to source technologies
• Compare impact and no impact for these items
• Compare deep packet inspection with packet filtering and stateful firewall operation
• Compare inline traffic interrogation and taps or traffic monitoring
• Compare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
• Extract files from a TCP stream when given a PCAP file and Wireshark
• Interpret the fields in protocol headers as related to intrusion analysis
• Interpret common artifact elements from an event to identify an alert
• Interpret basic regular expressions

5.0 Security Policies and Procedures

• Describe management concepts
• Describe the elements in an incident response plan as stated in NIST.SP800-61
• Apply the incident handling process (such as NIST.SP800-61) to an event
• Map elements to these steps of analysis based on the NIST.SP800-61
• Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800- 61)
• Describe concepts as documented in NIST.SP800-86
• Identify these elements used for network profiling
• Identify these elements used for server profiling
• Identify protected data in a network
• Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion
• Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)