Cisco Practice Test 350-201 CBRCOR: Performing CyberOps Using Cisco Security Technologies

The 350-201 CBRCOR practice test contains 200 questions and covers the following topics: 

Fundamentals – 40 questions  

Interpret the components within a playbook

Determine the tools needed based on a playbook scenario

Apply the playbook for a common scenario (for example, unauthorized elevation of privilege, DoS and DDoS, website defacement)

Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101)

Describe the concepts and limitations of cyber risk insurance

Analyze elements of a risk analysis (combination asset, vulnerability, and threat)

Apply the incident response workflow

Describe characteristics and areas of improvement using common incident response metrics

Describe types of cloud environments (for example, IaaS platform)

Compare security operations considerations of cloud platforms (for example, IaaS, PaaS)

Techniques – 60 questions  

Recommend data analytic techniques to meet specific needs or answer specific questions

Describe the use of hardening machine images for deployment

Describe the process of evaluating the security posture of an asset

Evaluate the security controls of an environment, diagnose gaps, and recommend improvement

Determine resources for industry standards and recommendations for hardening of systems

Determine patching recommendations, given a scenario  

Recommend services to disable, given a scenario

Apply segmentation to a network

Utilize network controls for network hardening

Determine SecDevOps recommendations (implications)

Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence

Apply threat intelligence using tools

Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards

Describe the different mechanisms to detect and enforce data loss prevention techniques

• host-based  
• network-based  
• application-based
• cloud-based  

Recommend tuning or adapting devices and software across rules, filters, and policies

Describe the concepts of security data management

Describe use and concepts of tools for security data analytics

Recommend workflow from the described issue through escalation and the automation needed for resolution

Apply dashboard data to communicate with technical, leadership, or executive stakeholders

Analyze anomalous user and entity behavior (UEBA)

Determine the next action based on user behavior alerts

Describe tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools)

Evaluate artifacts and streams in a packet capture file

Troubleshoot existing detection rules

Determine the tactics, techniques, and procedures (TTPs) from an attack

Processes – 60 questions  

Prioritize components in a threat model  

Determine the steps to investigate the common types of cases  

Apply the concepts and sequence of steps in the malware analysis process:  

• Extract and identify samples for analysis (for example, from packet capture or packet analysis tools)  
• Perform reverse engineering  
• Perform dynamic malware analysis using a sandbox environment  
• Identify the need for additional static malware analysis  
• Perform static malware analysis  
• Summarize and share results  

Interpret the sequence of events during an attack based on analysis of traffic patterns

Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices)

Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario

Determine IOCs in a sandbox environment (includes generating complex indicators)

Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario

Recommend the general mitigation steps to address vulnerability issues

Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques

Automation – 40 questions

Compare concepts, platforms, and mechanisms of orchestration and automation

Interpret basic scripts (for example, Python)

Modify a provided script to automate a security operations task

Recognize common data formats (for example, JSON, HTML, CSV, XML)

Determine opportunities for automation and orchestration

Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload)

Explain the common HTTP response codes associated with REST APIs

Evaluate the parts of an HTTP response (response code, headers, body)

Interpret API authentication mechanisms: basic, custom token, and API keys

Utilize Bash commands (file management, directory navigation, and environmental variables)

Describe components of a CI/CD pipeline

Apply the principles of DevOps practices

Describe the principles of Infrastructure as Code