A great way to start the Cisco Certified CyberOps Professional (CBRCOR) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Cisco 350-201 certification exam. This study guide is an instrument to get you on the same page with Cisco and understand the nature of the Cisco CyberOps Professional exam.
Our team of experts has composed this Cisco 350-201 exam preparation guide to provide the overview about Performing CyberOps Using Cisco Security Technologies exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Cisco CBRCOR exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Cisco CyberOps Professional certification exam.
Cisco 350-201 Exam Overview:
| Exam Name | Performing CyberOps Using Cisco Security Technologies |
| Exam Number | 350-201 CBRCOR |
| Exam Price | $400 USD |
| Duration | 120 minutes |
| Number of Questions | 90-110 |
| Passing Score | Variable (750-850 / 1000 Approx.) |
| Recommended Training |
Performing CyberOps Using Cisco Security Technologies (CBRCOR) CBRCOR study materials |
| Exam Registration | PEARSON VUE |
| Sample Questions | Cisco 350-201 Sample Questions |
| Practice Exam | Cisco Certified CyberOps Professional Practice Test |
Cisco 350-201 Exam Topics:
| Section | Weight | Objectives |
|---|---|---|
| Fundamentals | 20% |
- Interpret the components within a playbook - Determine the tools needed based on a playbook scenario - Apply the playbook for a common scenario (for example, unauthorized elevation of privilege, DoS and DDoS, website defacement) - Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101) - Describe the purpose of cyber risk insurance - Analyze elements of a risk analysis (combination asset, vulnerability, and threat) - Apply the incident response workflow - Describe characteristics and areas of improvement using common incident response metrics - Describe types of cloud environments - Compare security operations considerations of cloud platforms (for example, IaaS, PaaS) |
| Techniques | 30% |
- Recommend data analytic techniques to meet specific needs or answer specific questions - Describe the use of hardening machine images for deployment - Describe the process of evaluating the security posture of an asset - Evaluate the security controls of an environment, diagnose gaps, and recommend improvement - Determine resources for industry standards and recommendations for hardening of systems - Determine patching recommendations, given a scenario - Recommend services to disable, given a scenario - Apply segmentation to a network - Utilize network controls for network hardening - Determine SecDevOps recommendations (implications) - Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence - Apply threat intelligence using tools - Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards - Describe the different mechanisms to detect and enforce data loss prevention techniques
- Recommend tuning or adapting devices and software across rules, filters, and policies |
| Processes | 30% |
- Analyze components in a threat model - Determine the steps to investigate the common types of cases - Apply the concepts and sequence of steps in the malware analysis process:
- Interpret the sequence of events during an attack based on analysis of traffic patterns |
| Automation | 20% |
- Compare concepts, platforms, and mechanisms of orchestration and automation - Interpret basic scripts (for example, Python) - Modify a provided script to automate a security operations task - Recognize common data formats (for example, JSON, HTML, CSV, XML) - Determine opportunities for automation, orchestration, and machine learning - Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload) - Explain the common HTTP response codes associated with REST APIs - Evaluate the parts of an HTTP response (response code, headers, body) - Interpret API authentication mechanisms: basic, custom token, and API keys - Utilize Bash commands (file management, directory navigation, and environmental variables) - Describe components of a CI/CD pipeline - Apply the principles of DevOps practices - Describe the principles of Infrastructure as Code |
Cisco CBRCOR Exam Description:
Performing CyberOps Using Cisco Security Technologies v1.1 (CBRCOR 350-201) is a 120-minute exam that is associated with the Cisco CyberOps Professional Certification. This exam certifies a candidate's knowledge of core cybersecurity operations including cybersecurity fundamentals, techniques, processes, and automation. The course Performing CyberOps Using Cisco Security Technologies helps candidates to prepare for this exam.