Cisco 350-201 Performing CyberOps Using Core Security Technologies (CBRCOR) Online Training

Exam4Training has always verified and updated Cisco 350-201 Performing CyberOps Using Core Security Technologies (CBRCOR) Online Training which helps you to prepare your exam with less effort in very short time. It has latest and relevant study guide material which is useful for you to get prepare for Cisco 350-201 with ease.With the refreshed Cisco 350-201 Performing CyberOps Using Core Security Technologies (CBRCOR) Online Training given by Exam4Training, you can pass Performing CyberOps Using Core Security Technologies (CBRCOR) exam with no issue.Exam4Training give all the CyberOps Professional 350-201 questions you require to pass 350-201 exam in the first attempt.

Page 1 of 4

1. Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive.

Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

Limit the number of API calls that a single client is allowed to make

Add restrictions on the edge router on how often a single client can access the API

Reduce the amount of data that can be fetched from the total pool of active clients that call the API

Increase the application cache of the total pool of active clients that call the API

2. DRAG DROP

An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

3. A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator’s account was disabled.

Which activity triggered the behavior analytics tool?

accessing the Active Directory server

accessing the server with financial data

accessing multiple servers

downloading more than 10 files

4. Refer to the exhibit.

A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker.

Which tool should the analyst use to identify the source IP of the offender?

packet sniffer

malware analysis

SIEM

firewall manager

5. Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis.

What should be concluded from this report?

The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores do not indicate the likelihood of malicious ransomware.

The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores are high and do not indicate the likelihood of malicious ransomware.

The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are high and indicate the likelihood that malicious ransomware has been detected.

The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are low and indicate the likelihood that malicious ransomware has been detected.

6. The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze.

Which step should be taken at this stage?

Determine the assets to which the attacker has access

Identify assets the attacker handled or acquired

Change access controls to high risk assets in the enterprise

Identify movement of the attacker in the enterprise

7. A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets.

According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

incident response playbooks

asset vulnerability assessment

report of staff members with asset relations

key assets and executives

malware analysis report

8. Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

exploitation

actions on objectives

delivery

reconnaissance

9. Refer to the exhibit.

How must these advisories be prioritized for handling?

The highest priority for handling depends on the type of institution deploying the devices

Vulnerability #2 is the highest priority for every type of institution

Vulnerability #1 and vulnerability #2 have the same priority

Vulnerability #1 is the highest priority for every type of institution

10. Refer to the exhibit.

Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)

Create an ACL on the firewall to allow only TLS 1.3

Implement a proxy server in the DMZ network

Create an ACL on the firewall to allow only external connections

Move the webserver to the internal network

Page 2 of 4

11. DRAG DROP

Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.

12. According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

Perform a vulnerability assessment

Conduct a data protection impact assessment

Conduct penetration testing

Perform awareness testing

13. A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team.

Which actions should be taken at this step in the incident response workflow?

Classify the criticality of the information, research the attacker’s motives, and identify missing patches

Determine the damage to the business, extract reports, and save evidence according to a chain of custody

Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited

Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

14. A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

Identify the business applications running on the assets

Update software to patch third-party software

Validate CSRF by executing exploits within Metasploit

Fix applications according to the risk scores

15. An engineer is analyzing a possible compromise that happened a week ago when the company? (Choose two.)

firewall

Wireshark

autopsy

SHA512

IPS

16. A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads.

Which standard must the company follow to safeguard the resting data?

HIPAA

PCI-DSS

Sarbanes-Oxley

GDPR

17. An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process.

Which action should be taken during this phase?

Host a discovery meeting and define configuration and policy updates

Update the IDS/IPS signatures and reimage the affected hosts

Identify the systems that have been affected and tools used to detect the attack

Identify the traffic with data capture using Wireshark and review email filters

18. An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities.

What is the next step the engineer should take?

Investigate the vulnerability to prevent further spread

Acknowledge the vulnerabilities and document the risk

Apply vendor patches or available hot fixes

Isolate the assets affected in a separate network

19. The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource.

What is the next step?

Conduct a risk assessment of systems and applications

Isolate the infected host from the rest of the subnet

Install malware prevention software on the host

Analyze network traffic on the host’s subnet

20. DRAG DROP

An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident.

Drag and drop the activities from the left into the order for the response on the right.

Page 3 of 4

21. An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them.

Which data analytic technique should the engineer use to accomplish this task?

diagnostic

qualitative

predictive

statistical

22. A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat.

What is the first action for the incident response team?

Assess the network for unexpected behavior

Isolate critical hosts from the network

Patch detected vulnerabilities from critical hosts

Perform analysis based on the established risk factors

23. Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine.

What should be concluded from this report?

Threat scores are high, malicious ransomware has been detected, and files have been modified

Threat scores are low, malicious ransomware has been detected, and files have been modified

Threat scores are high, malicious activity is detected, but files have not been modified

Threat scores are low and no malicious file activity is detected

24. An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.

Which action will improve workflow automation?

Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

25. DRAG DROP

Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

26. Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?

chmod 666

chmod 774

chmod 775

chmod 777

27. A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user’s laptop while traveling. The attacker has the user’s credentials and is attempting to connect to the network.

What is the next step in handling the incident?

Block the source IP from the firewall

Perform an antivirus scan on the laptop

Identify systems or services at risk

Identify lateral movement

28. A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company’s infrastructure.

Which steps should an engineer take at the recovery stage?

Determine the systems involved and deploy available patches

Analyze event logs and restrict network access

Review access lists and require users to increase password complexity

Identify the attack vector and update the IDS signature list

29. A patient views information that is not theirs when they sign in to the hospital’s online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time.

What is the first step the analyst should take to address this incident?

Evaluate visibility tools to determine if external access resulted in tampering

Contact the third-party handling provider to respond to the incident as critical

Turn off all access to the patient portal to secure patient records

Review system and application logs to identify errors in the portal code

30. Refer to the exhibit.

What results from this script?

Seeds for existing domains are checked

A search is conducted for additional seeds

Domains are compared to seed rules

A list of domains as seeds is blocked

Page 4 of 4

31. DRAG DROP

Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

32. Refer to the exhibit.

Which data format is being used?

JSON

HTML

XML

CSV

33. The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability.

Which step was missed according to the NIST incident handling guide?

Contain the malware

Install IPS software

Determine the escalation path

Perform vulnerability assessment

34. Refer to the exhibit.

An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim’s spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address.

Which action does the engineer recommend?

Use command ip verify reverse-path interface

Use global configuration command service tcp-keepalives-out

Use subinterface command no ip directed-broadcast

Use logging trap 6

35. Refer to the exhibit.

An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable.

What does this STIX indicate?

The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible

The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information

There is a possible data leak because payloads should be encoded as UTF-8 text

There is a malware that is communicating via encrypted channels to the command and control server

Latest 350-201 Dumps Valid Version with 100 Q&As

Latest And Valid Q&A | 90 Days Free Update | Once Fail, Full Refund

Get Valid 350-201 Exam

Latest 350-201 Dumps Valid Version with 100 Q&As

Leave a Reply Cancel reply