Summer Sale - Special Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

  1. Home
  2. Cisco
  3. CyberOps Professional
  4. 350-201
  5. Performing CyberOps Using Core Security Technologies (CBRCOR) Questions and Answers

350-201 Performing CyberOps Using Core Security Technologies (CBRCOR) Questions and Answers

Questions 4

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

Options:

A.

Modify the alert rule to “output alert_syslog: output log”

B.

Modify the output module rule to “output alert_quick: output filename”

C.

Modify the alert rule to “output alert_syslog: output header”

D.

Modify the output module rule to “output alert_fast: output filename”

Buy Now
Questions 5

After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?

Options:

A.

Analyze the applications and services running on the affected workstation.

B.

Compare workstation configuration and asset configuration policy to identify gaps.

C.

Inspect registry entries for recently executed files.

D.

Review audit logs for privilege escalation events.

Buy Now
Questions 6

Refer to the exhibit.

350-201 Question 6

How must these advisories be prioritized for handling?

Options:

A.

The highest priority for handling depends on the type of institution deploying the devices

B.

Vulnerability #2 is the highest priority for every type of institution

C.

Vulnerability #1 and vulnerability #2 have the same priority

D.

Vulnerability #1 is the highest priority for every type of institution

Buy Now
Questions 7

According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

Options:

A.

Perform a vulnerability assessment

B.

Conduct a data protection impact assessment

C.

Conduct penetration testing

D.

Perform awareness testing

Buy Now
Questions 8

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default

administrator account login. Which step should an engineer take after receiving this alert?

Options:

A.

Initiate a triage meeting to acknowledge the vulnerability and its potential impact

B.

Determine company usage of the affected products

C.

Search for a patch to install from the vendor

D.

Implement restrictions within the VoIP VLANS

Buy Now
Questions 9

Refer to the exhibit.

350-201 Question 9

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

Options:

A.

An attacker can initiate a DoS attack.

B.

An attacker can read or change data.

C.

An attacker can transfer data to an external server.

D.

An attacker can modify the access logs.

Buy Now
Questions 10

Refer to the exhibit.

350-201 Question 10

Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?

Options:

A.

SNMP

B.

syslog

C.

REST API

D.

pxGrid

Buy Now
Questions 11

Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

350-201 Question 11

Options:

Buy Now
Questions 12

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

Options:

A.

Assess the network for unexpected behavior

B.

Isolate critical hosts from the network

C.

Patch detected vulnerabilities from critical hosts

D.

Perform analysis based on the established risk factors

Buy Now
Questions 13

An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight. Which type of compromise is indicated?

Options:

A.

phishing

B.

dumpster diving

C.

social engineering

D.

privilege escalation

Buy Now
Questions 14

A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator’s account was disabled. Which activity triggered the behavior analytics tool?

Options:

A.

accessing the Active Directory server

B.

accessing the server with financial data

C.

accessing multiple servers

D.

downloading more than 10 files

Buy Now
Questions 15

A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

Options:

A.

incident response playbooks

B.

asset vulnerability assessment

C.

report of staff members with asset relations

D.

key assets and executives

E.

malware analysis report

Buy Now
Questions 16

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly

typed credentials. How should the workflow be improved to resolve these issues?

Options:

A.

Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts

B.

Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats

C.

Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts

D.

Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Buy Now
Questions 17

Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

Options:

A.

Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.

B.

Identify who installed the application by reviewing the logs and gather a user access log from the HR department.

C.

Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.

D.

Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.

Buy Now
Questions 18

How is a SIEM tool used?

Options:

A.

To collect security data from authentication failures and cyber attacks and forward it for analysis

B.

To search and compare security data against acceptance standards and generate reports for analysis

C.

To compare security alerts against configured scenarios and trigger system responses

D.

To collect and analyze security data from network devices and servers and produce alerts

Buy Now
Questions 19

Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system’s startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?

Options:

A.

Remove the shortcut files

B.

Check the audit logs

C.

Identify affected systems

D.

Investigate the malicious URLs

Buy Now
Questions 20

An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

Options:

A.

Disable memory limit.

B.

Disable CPU threshold trap toward the SNMP server.

C.

Enable memory tracing notifications.

D.

Enable memory threshold notifications.

Buy Now
Exam Code: 350-201
Exam Name: Performing CyberOps Using Core Security Technologies (CBRCOR)
Last Update: Apr 18, 2024
Questions: 139

PDF + Testing Engine

$78.75  $174.99
buy now 350-201 pdf + testing engine

Testing Engine

$60.75  $134.99
buy now 350-201 testing engine

PDF (Q&A)

$54  $119.99
buy now 350-201 pdf