1. Home
  2. Cisco
  3. 350-201 CBRCOR Exam Syllabus

Cisco 350-201 Exam Syllabus

Cisco 350-201 Exam

Performing CyberOps Using Core Security Technologies

Total Questions: 139

What is Included in the Cisco 350-201 Exam?

Authentic information about the syllabus and an effective study guide is essential to go through the Cisco 350-201 exam in the first attempt. The study guide of Study4Exam provides you with comprehensive information about the syllabus of the Cisco 350-201 exam. You should get this information at the start of your preparation because it helps you make an effective study plan. We have designed this Cisco Certified CyberOps Professional certification exam preparation guide to give the exam overview, practice questions, practice test, prerequisites, and information about exam topics that help to go through the Cisco Performing CyberOps Using Core Security Technologies (2022) exam. We recommend you to the preparation material mentioned in this study guide to cover the entire Cisco 350-201 syllabus. Study4Exam offers 3 formats of Cisco 350-201 exam preparation material. Each format provides new practice questions in PDF format, web-based and desktop practice exams to get passing marks in the first attempt.

Cisco 350-201 Exam Overview :

Exam Name Performing CyberOps Using Core Security Technologies
Exam Code 350-201
Official Information https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/350-201-cbrcor.html
See Expected Questions Cisco 350-201 Expected Questions in Actual Exam
Take Self-Assessment Use Cisco 350-201 Practice Test to Assess your preparation - Save Time and Reduce Chances of Failure

Cisco 350-201 Exam Topics :

Section Weight Objectives
1.0 Fundamentals 20%

1.1 Interpret the components within a playbook

1.2 Determine the tools needed based on a playbook scenario

1.3 Apply the playbook for a common scenario (for example, unauthorized elevation of   privilege, DoS and DDoS, website defacement)

1.4  Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101)

1.5 Describe the concepts and limitations of cyber risk insurance

1.6 Analyze elements of a risk analysis (combination asset, vulnerability, and threat)

1.7 Apply the incident response workflow

1.8 Describe characteristics and areas of improvement using common incident response metrics

1.9  Describe types of cloud environments (for example, IaaS platform)

1.10 Compare security operations considerations of cloud platforms (for example, IaaS, PaaS)

2.0 Techniques 30%

2.1 Recommend data analytic techniques to meet specific needs or answer specific questions

2.2 Describe the use of hardening machine images for deployment

2.3 Describe the process of evaluating the security posture of an asset

2.4 Evaluate the security controls of an environment, diagnose gaps, and recommend improvement

2.5 Determine resources for industry standards and recommendations for hardening of systems

2.6 Determine patching recommendations, given a scenario

2.7  Recommend services to disable, given a scenario

2.8  Apply segmentation to a network

2.9 Utilize network controls for network hardening

2.10 Determine SecDevOps recommendations (implications)

2.11 Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence

2.12 Apply threat intelligence using tools

2.13 Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards

2.14 Describe the different mechanisms to detect and enforce data loss prevention techniques

2.14.a   host-based

2.14.b   network-based

2.14.c   application-based

2.14.d   cloud-based

2.15 Recommend tuning or adapting devices and software across rules, filters, and policies

2.16 Describe the concepts of security data management

2.17 Describe use and concepts of tools for security data analytics

2.18 Recommend workflow from the described issue through escalation and the automation needed for resolution

2.19 Apply dashboard data to communicate with technical, leadership, or executive stakeholders

2.20 Analyze anomalous user and entity behavior (UEBA)

2.21 Determine the next action based on user behavior alerts

2.22 Describe tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools) 

2.23 Evaluate artifacts and streams in a packet capture file

2.24 Troubleshoot existing detection rules

2.25 Determine the tactics, techniques, and procedures (TTPs) from an attack
3.0 Processes 30%

3.1 Prioritize components in a threat model

3.2 Determine the steps to investigate the common types of cases

3.3 Apply the concepts and sequence of steps in the malware analysis process:

3.3.a Extract and identify samples for analysis (for example, from packet capture or packet analysis tools)

3.3.b Perform reverse engineering

3.3.c Perform dynamic malware analysis using a sandbox environment

3.3.d  Identify the need for additional static malware analysis

3.3.e Perform static malware analysis

3.3.f  Summarize and share results

3.4 Interpret the sequence of events during an attack based on analysis of traffic patterns

3.5 Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices)

3.6 Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario

3.7 Determine IOCs in a sandbox environment (includes generating complex indicators)

3.8 Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario

3.9 Recommend the general mitigation steps to address vulnerability issues

3.10 Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques

4.0 Automation 20%

4.1 Compare concepts, platforms, and mechanisms of orchestration and automation

4.2 Interpret basic scripts (for example, Python)

4.3 Modify a provided script to automate a security operations task

4.4 Recognize common data formats (for example, JSON, HTML, CSV, XML)

4.5 Determine opportunities for automation and orchestration

4.6 Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload)

4.7 Explain the common HTTP response codes associated with REST APIs

4.8 Evaluate the parts of an HTTP response (response code, headers, body)

4.9 Interpret API authentication mechanisms: basic, custom token, and API keys

4.10 Utilize Bash commands (file management, directory navigation, and environmental variables)

4.11 Describe components of a CI/CD pipeline

4.12 Apply the principles of DevOps practices

4.13 Describe the principles of Infrastructure as Code

Updates in the Cisco 350-201 Exam Syllabus:

Cisco 350-201 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual Cisco Certified CyberOps Professional 350-201 exam on the first attempt, you need to put in hard work on these Cisco 350-201 questions that provide updated information about the entire exam syllabus. Besides studying actual questions, you should take the Cisco 350-201 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the Performing CyberOps Using Core Security Technologies 350-201 exam practice test. Online and windows-based formats of the 350-201 exam practice test are available for self-assessment.


350-201 Exam Details

Free 350-201 Questions