200-201 CBROPS Cisco Cybersecurity Operations Fundamental QA

via Udemy

Go to Course: https://www.udemy.com/course/cbrops-cisco-cybersecurity-operations-fundamental/

Overview

Are you ready to prepare for the Cisco Certified CyberOps Associate certification exam ?The Cisco Certified CyberOps Associate program focuses on the latest operational skills and knowledge you need for real-world jobs in security operations centers (SOCs). SOC analysts serve as the front line of defense against cybersecurity threats - preventing and detecting threats to defend your organization. The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam (200-201) is a 120-minute assessment that is associated with the Cisco Certified CyberOps Associate certification. The CBROPS exam tests a candidate's knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. The course, Understanding Cisco Cybersecurity Operations Fundamentals, helps candidates to prepare for this exam.Cisco 200-201 CBROPS Exam Topics:1.0 Security ConceptsDescribe the CIA triadCompare security deploymentsDescribe security termsCompare security conceptsDescribe the principles of the defense-in-depth strategyCompare access control modelsDescribe terms as defined in CVSSIdentify the challenges of data visibility (network, host, and cloud) in detectionIdentify potential data loss from provided traffic profilesInterpret the 5-tuple approach to isolate a compromised host in a grouped set of logsCompare rule-based detection vs. behavioral and statistical detection2.0 Security MonitoringCompare attack surface and vulnerabilityIdentify the types of data provided by these technologiesDescribe the impact of these technologies on data visibilityDescribe the uses of these data types in security monitoringDescribe network attacks, such as protocol-based, denial of service, distributed denial of service, and man-in-the-middleDescribe web application attacks, such as SQL injection, command injections, and crosssite scriptingDescribe social engineering attacksDescribe endpoint-based attacks, such as buffer overflows, command and control (C2), malware, and ransomwareDescribe evasion and obfuscation techniques, such as tunneling, encryption, and proxiesDescribe the impact of certificates on security (includes PKI, public/private crossing the network, asymmetric/symmetric)3.0 Host-Based AnalysisDescribe the functionality of these endpoint technologies in regard to security monitoringIdentify components of an operating system (such as Windows and Linux)Describe the role of attribution in an investigationIdentify type of evidence used based on provided logsCompare tampered and untampered disk imageInterpret operating system, application, or command line logs to identify an eventInterpret the output report of a malware analysis tool (such as a detonation chamber or sandbox)4.0 Network Intrusion AnalysisMap the provided events to source technologiesCompare impact and no impact for these itemsCompare deep packet inspection with packet filtering and stateful firewall operationCompare inline traffic interrogation and taps or traffic monitoringCompare the characteristics of data obtained from taps or traffic monitoring and transactional data (NetFlow) in the analysis of network trafficExtract files from a TCP stream when given a PCAP file and WiresharkInterpret the fields in protocol headers as related to intrusion analysisInterpret common artifact elements from an event to identify an alertInterpret basic regular expressions5.0 Security Policies and ProceduresDescribe management conceptsDescribe the elements in an incident response plan as stated in NIST.SP800-61Apply the incident handling process (such as NIST.SP800-61) to an eventMap elements to these steps of analysis based on the NIST.SP800-61Map the organization stakeholders against the NIST IR categories (CMMC, NIST.SP800- 61)Describe concepts as documented in NIST.SP800-86Identify these elements used for network profilingIdentify these elements used for server profilingIdentify protected data in a networkClassify intrusion events into categories as defined by security models, such as Cyber Kill Chain Model and Diamond Model of IntrusionDescribe the relationship of SOC metrics to scope analysis (time to detect, time to contain, time to respond, time to control)

Skills

Reviews