Leading 350-201 Test Question For Performing CyberOps Using Core Security Technologies (CBRCOR) Certification

NEW QUESTION 1
Refer to the exhibit.

An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?

• A. Top Peers
• B. Top Hosts
• C. Top Conversations
• D. Top Ports

Answer: B

NEW QUESTION 2
Refer to the exhibit.

An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?

• A. a DOS MZ executable format
• B. a MS-DOS executable archive
• C. an archived malware
• D. a Windows executable file

Answer: D

NEW QUESTION 3
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?

• A. Threat scores are high, malicious ransomware has been detected, and files have been modified
• B. Threat scores are low, malicious ransomware has been detected, and files have been modified
• C. Threat scores are high, malicious activity is detected, but files have not been modified
• D. Threat scores are low and no malicious file activity is detected

Answer: B

NEW QUESTION 4
Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5
A company launched an e-commerce website with multiple points of sale through internal and external e- stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?

• A. Mask PAN numbers
• B. Encrypt personal data
• C. Encrypt access
• D. Mask sales details

Answer: B

NEW QUESTION 6
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

• A. Assess the network for unexpected behavior
• B. Isolate critical hosts from the network
• C. Patch detected vulnerabilities from critical hosts
• D. Perform analysis based on the established risk factors

Answer: B

NEW QUESTION 7
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

• A. Modify the alert rule to “output alert_syslog: output log”
• B. Modify the output module rule to “output alert_quick: output filename”
• C. Modify the alert rule to “output alert_syslog: output header”
• D. Modify the output module rule to “output alert_fast: output filename”

Answer: A

NEW QUESTION 8
An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?

• A. Initiate a triage meeting to acknowledge the vulnerability and its potential impact
• B. Determine company usage of the affected products
• C. Search for a patch to install from the vendor
• D. Implement restrictions within the VoIP VLANS

Answer: C

NEW QUESTION 9
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

• A. Run the sudo sysdiagnose command
• B. Run the sh command
• C. Run the w command
• D. Run the who command

Answer: A

NEW QUESTION 10
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?

• A. SNMPv2
• B. TCP small services
• C. port UDP 161 and 162
• D. UDP small services

Answer: A

NEW QUESTION 11
Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12
Refer to the exhibit.

Which data format is being used?

• A. JSON
• B. HTML
• C. XML
• D. CSV

Answer: B

NEW QUESTION 13
A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company’s infrastructure. Which steps should an engineer take at the recovery stage?

• A. Determine the systems involved and deploy available patches
• B. Analyze event logs and restrict network access
• C. Review access lists and require users to increase password complexity
• D. Identify the attack vector and update the IDS signature list

Answer: B

NEW QUESTION 14
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

• A. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
• B. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
• C. Review the server backup and identify server content and data criticality to assess the intrusion risk
• D. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

Answer: C

NEW QUESTION 15
Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

• A. Limit the number of API calls that a single client is allowed to make
• B. Add restrictions on the edge router on how often a single client can access the API
• C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
• D. Increase the application cache of the total pool of active clients that call the API

Answer: A

NEW QUESTION 16
Refer to the exhibit.

What is the threat in this Wireshark traffic capture?

• A. A high rate of SYN packets being sent from multiple sources toward a single destination IP
• B. A flood of ACK packets coming from a single source IP to multiple destination IPs
• C. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
• D. A flood of SYN packets coming from a single source IP to a single destination IP

Answer: D

NEW QUESTION 17
Refer to the exhibit.

What results from this script?

• A. Seeds for existing domains are checked
• B. A search is conducted for additional seeds
• C. Domains are compared to seed rules
• D. A list of domains as seeds is blocked

Answer: B

NEW QUESTION 18
Refer to the exhibit.

Which asset has the highest risk value?

• A. servers
• B. website
• C. payment process
• D. secretary workstation

Answer: C

NEW QUESTION 19
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

• A. HIPAA
• B. FISMA
• C. COBIT
• D. PCI DSS

Answer: D

NEW QUESTION 20
An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?

• A. data clustering
• B. data regression
• C. data ingestion
• D. data obfuscation

Answer: A

NEW QUESTION 21
......