Cisco 300-220 Certification Exam Syllabus

300-220 Syllabus, CyberOps Professional Exam Questions PDF, Cisco 300-220 Dumps Free, CyberOps Professional PDF, 300-220 Dumps, 300-220 PDF, CyberOps Professional VCE, 300-220 Questions PDF, Cisco CyberOps Professional Questions PDF, Cisco 300-220 VCEA great way to start the Cisco Certified Specialist Threat Hunting and Defending (CBRTHD) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Cisco 300-220 certification exam. This study guide is an instrument to get you on the same page with Cisco and understand the nature of the Cisco CyberOps Professional exam.

Our team of experts has composed this Cisco 300-220 exam preparation guide to provide the overview about Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Cisco CBRTHD exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Cisco CyberOps Professional certification exam.

Cisco 300-220 Exam Overview:

Exam Name Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps
Exam Number 300-220 CBRTHD
Exam Price $300 USD
Duration 90 minutes
Number of Questions 55-65
Passing Score Variable (750-850 / 1000 Approx.)
Recommended Training
Exam Registration PEARSON VUE
Sample Questions Cisco 300-220 Sample Questions
Practice Exam Cisco Certified Specialist Threat Hunting and Defending Practice Test

Cisco 300-220 Exam Topics:

Section Weight Objectives
Threat Hunting Fundamentals 20% - Apply the Threat Hunting Maturity Model to an organization's environment, as it relates to the Pyramid of Pain
- Describe threats and how to model them with standards such as MITRE ATT&CK, MITRE CAPEC, TaHiTI, and PASTA
- Describe the limiting factors of detection tools for malware behavior, propagation, and detection
- Describe the advantages and disadvantages of automation (such as artificial intelligence and machine learning) in the operation of a SOC
- Determine differences in tactics, techniques, and procedures of an advanced persistent threat and threat actor using logs
- Interpret a threat intelligence report and draw conclusions about a threat actor (known advanced persistent threat/commodity human-driven/commodity machine-driven)
  • tactics
  • techniques
  • procedures
Threat Modeling Techniques 10% - Select the threat modeling approach for a given scenario
- Use MITRE ATT&CK to model threats (tactics, techniques, and procedures or changes in tactics, techniques, and procedures)
- Describe the uses of structured and unstructured threat hunting
- Determine the priority level of attacks based on the Cyber Kill Chain and MITRE ATT&CK
- Determine the priority level of attacks based on the MITRE CAPEC model
- Perform threat intelligence handling: gathering, cataloging, utilizing, and removing
Threat Actor Attribution Techniques 20% - Determine attack tactics, techniques, and procedures using logs
- Interpret tactics, techniques and procedures of a given threat actor
- Select the delivery method, payload, tactic, or timeline that indicates an authorized assessment or an attack (threat actor or penetration tester)
- Determine usable artifacts for detection of advanced persistent threat actors at all levels of the Pyramid of Pain
  • tactics
  • techniques
  • procedures
Threat Hunting Techniques 20% - Use scripting languages (such as Python and PowerShell) to augment detection or analytics
- Perform a cloud-native threat hunt
- Determine undetected threats using endpoint artifacts
- Determine the C2 communications to and from infected hosts using endpoint applications, processes, and logs
- Select suspicious activity using session and protocol data
- Determine the stage of infection within C2 communications using traffic data
- Select weakness in code using code-level analysis tools (such as PE Checker, BURP Suite, and SEM Grep)
- Describe the analysis process for applications and operating systems used by IoT devices
- Describe memory-resident attacks and how to perform analysis using memory-specific tools (such as Volatility)
- Construct a signature for detection or analysis
- Recognize the likelihood of attack by an attack vector within a given environment
Threat Hunting Processes 20% - Describe the process to identify memory-resident attacks
- Determine compromises by reverse engineering
- Determine known and unknown gaps in detection
  • vulnerabilities
  • configuration errors
  • threats

- Interpret data from memory-specific tools
- Construct a runbook or playbook to address a detectable scenario
- Recommend tools, configurations, detection, and deception techniques for a given scenario
- Recommend attack remediation strategies based on the results of a threat assessment
- Recommend changes to improve the effectiveness and efficiency of a threat hunt
- Recommend security countermeasures and mitigations for identified risks

Threat Hunting Outcomes 10% - Describe how multiproduct integration enhances data visibility within a product and accelerates analysis
- Diagnose analytical gaps using threat hunting methodologies
- Recommend a mitigation strategy to block C2 traffic
- Recommend changes in hunt capability to advance to the next Threat Hunting Maturity Model phase
- Recommend changes to a detection methodology to augment analytical and process gaps
- Use presentation resources to convey findings and direct environmental change

Cisco CBRTHD Exam Description:

The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps v1.0 (CBRTHD 300-220) exam is a 90-minute exam that is associated with the CyberOps Professional Certification. This exam certifies a candidate's knowledge for conducting threat hunting and defending including threat modeling techniques, threat actor attribution techniques, threat hunting techniques, threat hunting processes, and threat hunting outcomes. The course, Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps, helps candidates to prepare for this exam.

Rating: 5 / 5 (75 votes)