Esame 350-201 CBRCOR –> Durata 120 minuti;

Negli esami sono presenti quesiti formulati in lingua inglese in forme differenti: Risposta Multipla; completamento di testo, collegamenti concettuali Drag and Drop; vere e proprie simulazioni laboratoriali.

Non ci sono prerequisiti formali. Si consiglia il possesso della Certificazione Cisco CyberOps Associate.

• Interpret the components within a playbook
• Determine the tools needed based on a playbook scenario
• Apply the playbook for a common scenario (for example, unauthorized elevation of privilege, DoS and DDoS, website defacement)
• Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101)
• Describe the concepts and limitations of cyber risk insurance
• Analyze elements of a risk analysis (combination asset, vulnerability, and threat)
• Apply the incident response workflow
• Describe characteristics and areas of improvement using common incident response metrics
• Describe types of cloud environments (for example, IaaS platform)
• Compare security operations considerations of cloud platforms (for example, IaaS, PaaS)
• Recommend data analytic techniques to meet specific needs or answer specific questions
• Describe the use of hardening machine images for deployment
• Describe the process of evaluating the security posture of an asset
• Evaluate the security controls of an environment, diagnose gaps, and recommend improvement
• Determine resources for industry standards and recommendations for hardening of systems
• Determine patching recommendations, given a scenario
• Recommend services to disable, given a scenario
• Apply segmentation to a network
• Utilize network controls for network hardening
• Determine SecDevOps recommendations (implications)
• Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence
• Apply threat intelligence using tools
• Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards
• Describe the different mechanisms to detect and enforce data loss prevention techniques
• host-based
• network-based
• application-based
• cloud-based
• Recommend tuning or adapting devices and software across rules, filters, and policies
• Describe the concepts of security data management
• Describe use and concepts of tools for security data analytics
• Recommend workflow from the described issue through escalation and the automation needed for resolution
• Apply dashboard data to communicate with technical, leadership, or executive stakeholders
• Analyze anomalous user and entity behavior (UEBA)
• Determine the next action based on user behavior alerts
• Describe tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools)
• Evaluate artifacts and streams in a packet capture file
• Troubleshoot existing detection rules
• Determine the tactics, techniques, and procedures (TTPs) from an attack
• Prioritize components in a threat model
• Determine the steps to investigate the common types of cases
• Apply the concepts and sequence of steps in the malware analysis process:
• Extract and identify samples for analysis (for example, from packet capture or packet analysis tools)
• Perform reverse engineering
• Perform dynamic malware analysis using a sandbox environment
• Identify the need for additional static malware analysis
• Perform static malware analysis
• Summarize and share results
• Interpret the sequence of events during an attack based on analysis of traffic patterns
• Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices)
• Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario
• Determine IOCs in a sandbox environment (includes generating complex indicators)
• Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario
• Recommend the general mitigation steps to address vulnerability issues
• Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques
• Compare concepts, platforms, and mechanisms of orchestration and automation
• Interpret basic scripts (for example, Python)
• Modify a provided script to automate a security operations task
• Recognize common data formats (for example, JSON, HTML, CSV, XML)
• Determine opportunities for automation and orchestration
• Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload)
• Explain the common HTTP response codes associated with REST APIs
• Evaluate the parts of an HTTP response (response code, headers, body)
• Interpret API authentication mechanisms: basic, custom token, and API keys
• Utilize Bash commands (file management, directory navigation, and environmental variables)
• Describe components of a CI/CD pipeline
• Describe the principles of Infrastructure as Code
• Apply the principles of DevOps practices