Labour Day Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Cisco > CyberOps Professional > 350-201

350-201 Performing CyberOps Using Core Security Technologies (CBRCOR) Question and Answers

Question # 4

Refer to the exhibit.

Which asset has the highest risk value?

A.

servers

B.

website

C.

payment process

D.

secretary workstation

Full Access
Question # 5

Refer to the exhibit.

Which command was executed in PowerShell to generate this log?

A.

Get-EventLog -LogName*

B.

Get-EventLog -List

C.

Get-WinEvent -ListLog* -ComputerName localhost

D.

Get-WinEvent -ListLog*

Full Access
Question # 6

Which action should be taken when the HTTP response code 301 is received from a web application?

A.

Update the cached header metadata.

B.

Confirm the resource’s location.

C.

Increase the allowed user limit.

D.

Modify the session timeout setting.

Full Access
Question # 7

An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

A.

Investigate the vulnerability to prevent further spread

B.

Acknowledge the vulnerabilities and document the risk

C.

Apply vendor patches or available hot fixes

D.

Isolate the assets affected in a separate network

Full Access
Question # 8

Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Full Access
Question # 9

After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?

A.

Analyze the applications and services running on the affected workstation.

B.

Compare workstation configuration and asset configuration policy to identify gaps.

C.

Inspect registry entries for recently executed files.

D.

Review audit logs for privilege escalation events.

Full Access
Question # 10

An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight. Which type of compromise is indicated?

A.

phishing

B.

dumpster diving

C.

social engineering

D.

privilege escalation

Full Access
Question # 11

How is a SIEM tool used?

A.

To collect security data from authentication failures and cyber attacks and forward it for analysis

B.

To search and compare security data against acceptance standards and generate reports for analysis

C.

To compare security alerts against configured scenarios and trigger system responses

D.

To collect and analyze security data from network devices and servers and produce alerts

Full Access
Question # 12

Refer to the exhibit.

Based on the detected vulnerabilities, what is the next recommended mitigation step?

A.

Evaluate service disruption and associated risk before prioritizing patches.

B.

Perform root cause analysis for all detected vulnerabilities.

C.

Remediate all vulnerabilities with descending CVSS score order.

D.

Temporarily shut down unnecessary services until patch deployment ends.

Full Access
Question # 13

An engineer is analyzing a possible compromise that happened a week ago when the company ? (Choose two.)

A.

firewall

B.

Wireshark

C.

autopsy

D.

SHA512

E.

IPS

Full Access
Question # 14

An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

A.

Host a discovery meeting and define configuration and policy updates

B.

Update the IDS/IPS signatures and reimage the affected hosts

C.

Identify the systems that have been affected and tools used to detect the attack

D.

Identify the traffic with data capture using Wireshark and review email filters

Full Access
Question # 15

An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

A.

Verify hash integrity.

B.

Remove all personally identifiable information.

C.

Ensure the online sandbox is GDPR compliant.

D.

Lock the file to prevent unauthorized access.

Full Access
Question # 16

Refer to the exhibit.

What is the connection status of the ICMP event?

A.

blocked by a configured access policy rule

B.

allowed by a configured access policy rule

C.

blocked by an intrusion policy rule

D.

allowed in the default action

Full Access
Question # 17

Refer to the exhibit.

An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim’s spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address. Which action does the engineer recommend?

A.

Use command ip verify reverse-path interface

B.

Use global configuration command service tcp-keepalives-out

C.

Use subinterface command no ip directed-broadcast

D.

Use logging trap 6

Full Access
Question # 18

Refer to the exhibit.

An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company’s user creation policy:

  • minimum length: 3
  • usernames can only use letters, numbers, dots, and underscores
  • usernames cannot begin with a number

The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?

A.

modify code to return error on restrictions def return false_user(username, minlen)

B.

automate the restrictions def automate_user(username, minlen)

C.

validate the restrictions, def validate_user(username, minlen)

D.

modify code to force the restrictions, def force_user(username, minlen)

Full Access
Question # 19

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default

administrator account login. Which step should an engineer take after receiving this alert?

A.

Initiate a triage meeting to acknowledge the vulnerability and its potential impact

B.

Determine company usage of the affected products

C.

Search for a patch to install from the vendor

D.

Implement restrictions within the VoIP VLANS

Full Access
Question # 20

Refer to the exhibit.

Which indicator of compromise is represented by this STIX?

A.

website redirecting traffic to ransomware server

B.

website hosting malware to download files

C.

web server vulnerability exploited by malware

D.

cross-site scripting vulnerability to backdoor server

Full Access
Copyright myexamcollection.com. All Right Reserved.