Performing CyberOps Using Core Security Technologies (CBRCOR)
Last Update May 6, 2024
Total Questions : 139
We are offering FREE 350-201 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 350-201 free exam questions and then go for complete pool of Performing CyberOps Using Core Security Technologies (CBRCOR) test questions that will help you more.
An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.
Refer to the exhibit.
The Cisco Secure Network Analytics (Stealthwatch) console alerted with “New Malware Server Discovered” and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.
A company launched an e-commerce website with multiple points of sale through internal and external e- stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?
An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?
Refer to the exhibit.
Where are the browser page rendering permissions displayed?
Refer to the exhibit.
Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?
An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?
Refer to the exhibit.
Where does it signify that a page will be stopped from loading when a scripting attack is detected?
Which bash command will print all lines from the “colors.txt” file containing the non case-sensitive pattern “Yellow”?
Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.
Refer to the exhibit.
An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?
An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?
Refer to the exhibit.
An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.
An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?
Refer to the exhibit.
Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?
Refer to the exhibit.
At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?