Rating 3.45 out of 5 (13 ratings in Udemy)
What you'll learn
- Get confidence for pass the Cisco 200-201 (CBROPS) Exam
Description
Cisco 200-201 (CBROPS) CyberOps Associate : Exams Updated
Exam 200-201 (CBROPS) Understanding Cisco Cybersecurity Operations Fundamentals exam is a 120-minute assessment that is associated with the Cisco Certified CyberOps Associate certification. The CBROPS 200-201 exam tests a candidate’s knowledge and skills related to security concepts, security monitoring, …
Rating 3.45 out of 5 (13 ratings in Udemy)
What you'll learn
- Get confidence for pass the Cisco 200-201 (CBROPS) Exam
Description
Cisco 200-201 (CBROPS) CyberOps Associate : Exams Updated
Exam 200-201 (CBROPS) Understanding Cisco Cybersecurity Operations Fundamentals exam is a 120-minute assessment that is associated with the Cisco Certified CyberOps Associate certification. The CBROPS 200-201 exam tests a candidate’s knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures.
Exam 200-201 (CBROPS) Syllabus Including :-
Security concepts (20%)
Describe the CIA triad
Compare security deployments
Network, endpoint, and application security systems
Agentless and agent-based protections
Legacy antivirus and antimalware
SIEM, SOAR, and log management
Describe security terms
Threat intelligence (TI)
Threat hunting
Malware analysis
Threat actor
Run book automation (RBA)
Reverse engineering
Sliding window anomaly detection
Principle of least privilege
Zero trust
Threat intelligence platform (TIP)
Compare security concepts
Risk (risk scoring/risk weighting, risk reduction, risk assessment)
Threat
Vulnerability
Exploit
Describe the principles of the defense-in-depth strategy
Compare access control models
Discretionary access control
Mandatory access control
Nondiscretionary access control
Authentication, authorization, accounting
Rule-based access control
Time-based access control
Role-based access control
Describe terms as defined in CVSS
Attack vector
Attack complexity
Privileges required
User interaction
Scope
Identify the challenges of data visibility (network, host, and cloud) in detection
Identify potential data loss from provided traffic profiles
Interpret the 5-tuple approach to isolate a compromised host in a grouped set of logs
Compare rule-based detection vs. behavioral and statistical detection
Security monitoring (25%)
Compare attack surface and vulnerability
Identify the types of data provided by these technologies
TCP dump
NetFlow
Next-gen firewall
Traditional stateful firewall
Application visibility and control
Web content filtering
Email content filtering
Describe the impact of these technologies on data visibility
Access control list
NAT/PAT
Tunneling
TOR
Encryption
P2P
Encapsulation
Load balancing
Describe the uses of these data types in security monitoring
Full packet capture
Session data
Transaction data
Statistical data
Metadata
Alert data
Describe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middle
Describe web application attacks, such as SQL injection, command injections, and cross-site scripting
Describe social engineering attacks
Describe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomware
Describe evasion and obfuscation techniques, such as tunneling, encryption, and proxies
Describe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)
Identify the certificate components in a given scenario
Cipher-suite
X.509 certificates
Key exchange
Protocol version
PKCS
Host-based analysis (20%)
Describe the functionality of these endpoint technologies in regard to security monitoring
Host-based intrusion detection
Antimalware and antivirus
Host-based firewall
Application-level listing/block listing
Systems-based sandboxing (such as Chrome, Java, Adobe Reader)
Identify components of an operating system (such as Windows and Linux) in a given scenario
Describe the role of attribution in an investigation
Assets
Threat actor
Indicators of compromise
Indicators of attack
Chain of custody
Identify type of evidence used based on provided logs
Best evidence
Corroborative evidence
Indirect evidence
Compare tampered and untampered disk image
Interpret operating system, application, or command line logs to identify an event
Interpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)
Hashes
URLs
Systems, events, and networking
Network intrusion analysis (20%)
Map the provided events to source technologies
IDS/IPS
Firewall
Network application control
Proxy logs
Antivirus
Transaction data (NetFlow)
Compare impact and no impact for these items
False positive
False negative
True positive
True negative
Benign
Compare deep packet inspection with packet filtering and stateful firewall operation
Compare inline traffic interrogation and taps or traffic monitoring
Compare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network traffic
Extract files from a TCP stream when given a PCAP file and Wireshark
Identify key elements in an intrusion from a given PCAP file
Source address
Destination address
Source port
Destination port
Protocols
Payloads
Interpret the fields in protocol headers as related to intrusion analysis
Ethernet frame
IPv4
IPv6
TCP
UDP
ICMP
DNS
SMTP/POP3/IMAP
HTTP/HTTPS/HTTP2
ARP
Interpret common artifact elements from an event to identify an alert
IP address (source / destination)
Client and server port identity
Process (file or registry)
System (API calls)
Hashes
URI / URL
Interpret basic regular expressions
Security policies and procedures (15%)
Describe management concepts
Asset management
Configuration management
Mobile device management
Patch management
Vulnerability management
Describe the elements in an incident response plan as stated in NIST.SP800-61
Apply the incident handling process (such as NIST.SP800-61) to an event
Map elements to these steps of analysis based on the NIST.SP800-61
Preparation
Detection and analysis
Containment, eradication, and recovery
Post-incident analysis (lessons learned)
Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800-61)
Preparation
Detection and analysis
Containment, eradication, and recovery
Post-incident analysis (lessons learned)
Describe concepts as documented in NIST.SP800-86
Evidence collection order
Data integrity
Data preservation
Volatile data collection
Identify these elements used for network profiling
Total throughput
Session duration
Ports used
Critical asset address space
Identify these elements used for server profiling
Listening ports
Logged in users/service accounts
Running processes
Running tasks
Applications
Identify protected data in a network
PII
PSI
PHI
Intellectual property
Classify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of Intrusion
Describe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)
I have prepared this practice test course for all those candidates who are planning of taking Cisco 200-201 (CBROPS) Exam in near future.
This is an Unofficial course and this course is not affiliated, licensed or trademarked withCisco any way.
Paid
Self paced
All Levels
English (India)
55
Rating 3.45 out of 5 (13 ratings in Udemy)
Go to the Course