CyberOps Associate (200-201 CBROPS) Practice Exam

CyberOps Associate (200-201 CBROPS) Practice Exam

• Security concepts
• Security monitoring
• Host-based analysis
• Network intrusion analysis
• Security policies and procedures
• Incident response
• Threat detection

Who Should Take the 200-201 CBROPS Exam?

• New or aspiring IT professionals
• Network engineers
• Anyone interested in cybersecurity

Exam Details 

• Exam Code: 200-201 CBROPS
• Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals
• Exam Languages: English
• Time: 120 minutes
• Price: $300 USD

Course Outline 

• Describe the CIA triad
• Compare security deployments
• Describe security terms
• Compare security concepts
• Describe the principles of the defense-in-depth strategy
• Compare access control models
• Describe terms as defined in CVSS
• Identify the challenges of data visibility (network, host, and cloud) in detection
• Identify potential data loss from traffic profiles
• Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
• Compare rule-based detection vs. behavioral and statistical detection

• Compare attack surface and vulnerability
• Identify the types of data provided by these technologies
• Describe the impact of these technologies on data visibility
• Describe the uses of these data types in security monitoring
• Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
• Describe web application attacks, such as SQL injection, command injections, and cross-site scripting
• Describe social engineering attacks
• Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
• Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies
• Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
• Identify the certificate components in a given scenario

• Describe the functionality of these endpoint technologies in regard to security monitoring
• Identify components of an operating system (such as Windows and Linux) in a given scenario
• Describe the role of attribution in an investigation
• Identify type of evidence used based on provided logs
• Compare tampered and untampered disk image
• Interpret operating system, application, or command line logs to identify an event
• Interpret the output report of a malware analysis tool such as a detonation chamber or sandbox

• Map the provided events to source technologies
• Compare impact and no impact for these items
• Compare deep packet inspection with packet filtering and stateful firewall operation
• Compare inline traffic interrogation and taps or traffic monitoring
• Compare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
• Extract files from a TCP stream when given a PCAP file and Wireshark
• Identify key elements in an intrusion from a given PCAP file
• Interpret the fields in protocol headers as related to intrusion analysis
• Interpret common artifact elements from an event to identify an alert
• Interpret basic regular expressions

• Describe management concepts
• Describe the elements in an incident response plan as stated in NIST.SP800-61
• Apply the incident handling process such as NIST.SP800-61 to an event
• Map elements to these steps of analysis based on the NIST.SP800-61
• Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
• Describe concepts as documented in NIST.SP800-86
• Identify these elements used for network profiling
• Identify these elements used for server profiling
• Identify protected data in a network
• Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion
• Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)