March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Cisco 350-201 Performing CyberOps Using Core Security Technologies (CBRCOR) Exam Practice Test

Demo: 20 questions
Total 139 questions

Performing CyberOps Using Core Security Technologies (CBRCOR) Questions and Answers

Question 1

A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

Options:

A.

post-authorization by non-issuing entities if there is a documented business justification

B.

by entities that issue the payment cards or that perform support issuing services

C.

post-authorization by non-issuing entities if the data is encrypted and securely stored

D.

by issuers and issuer processors if there is a legitimate reason

Question 2

An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

Options:

A.

HIPAA

B.

FISMA

C.

COBIT

D.

PCI DSS

Question 3

An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?

Options:

A.

continuous delivery

B.

continuous integration

C.

continuous deployment

D.

continuous monitoring

Question 4

Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

Options:

A.

Limit the number of API calls that a single client is allowed to make

B.

Add restrictions on the edge router on how often a single client can access the API

C.

Reduce the amount of data that can be fetched from the total pool of active clients that call the API

D.

Increase the application cache of the total pool of active clients that call the API

Question 5

What is a limitation of cyber security risk insurance?

Options:

A.

It does not cover the costs to restore stolen identities as a result of a cyber attack

B.

It does not cover the costs to hire forensics experts to analyze the cyber attack

C.

It does not cover the costs of damage done by third parties as a result of a cyber attack

D.

It does not cover the costs to hire a public relations company to help deal with a cyber attack

Question 6

Refer to the exhibit.

What is occurring in this packet capture?

Options:

A.

TCP port scan

B.

TCP flood

C.

DNS flood

D.

DNS tunneling

Question 7

What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

Options:

A.

401

B.

402

C.

403

D.

404

E.

405

Question 8

An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

Options:

A.

Scan the network to identify unknown assets and the asset owners.

B.

Analyze the components of the infected hosts and associated business services.

C.

Scan the host with updated signatures and remove temporary containment.

D.

Analyze the impact of the malware and contain the artifacts.

Question 9

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization’s service area. What are the next steps the engineer must take?

Options:

A.

Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

B.

Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

C.

Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in QUESTION NO:, and cross-correlate other source events.

D.

Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Question 10

The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

Options:

A.

Perform static and dynamic code analysis of the specimen.

B.

Unpack the specimen and perform memory forensics.

C.

Contain the subnet in which the suspicious file was found.

D.

Document findings and clean-up the laboratory.

Question 11

What is a principle of Infrastructure as Code?

Options:

A.

System maintenance is delegated to software systems

B.

Comprehensive initial designs support robust systems

C.

Scripts and manual configurations work together to ensure repeatable routines

D.

System downtime is grouped and scheduled across the infrastructure

Question 12

A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

Options:

A.

incident response playbooks

B.

asset vulnerability assessment

C.

report of staff members with asset relations

D.

key assets and executives

E.

malware analysis report

Question 13

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user’s laptop while traveling. The attacker has the user’s credentials and is attempting to connect to the network.

What is the next step in handling the incident?

Options:

A.

Block the source IP from the firewall

B.

Perform an antivirus scan on the laptop

C.

Identify systems or services at risk

D.

Identify lateral movement

Question 14

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

Options:

A.

eradication and recovery

B.

post-incident activity

C.

containment

D.

detection and analysis

Question 15

Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

Options:

A.

customer data

B.

internal database

C.

internal cloud

D.

Internet

Question 16

An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

Options:

A.

Utilize the SaaS tool team to gather more information on the potential breach

B.

Contact the incident response team to inform them of a potential breach

C.

Organize a meeting to discuss the services that may be affected

D.

Request that the purchasing department creates and sends the payments manually

Question 17

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default

administrator account login. Which step should an engineer take after receiving this alert?

Options:

A.

Initiate a triage meeting to acknowledge the vulnerability and its potential impact

B.

Determine company usage of the affected products

C.

Search for a patch to install from the vendor

D.

Implement restrictions within the VoIP VLANS

Question 18

A company launched an e-commerce website with multiple points of sale through internal and external e- stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?

Options:

A.

Mask PAN numbers

B.

Encrypt personal data

C.

Encrypt access

D.

Mask sales details

Question 19

Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon – Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

Options:

A.

malware break

B.

data theft

C.

elevation of privileges

D.

denial-of-service

Question 20

Refer to the exhibit.

An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

Options:

A.

Use VLANs to segregate zones and the firewall to allow only required services and secured protocols

B.

Deploy a SOAR solution and correlate log alerts from customer zones

C.

Deploy IDS within sensitive areas and continuously update signatures

D.

Use syslog to gather data from multiple sources and detect intrusion logs for timely responses

Demo: 20 questions
Total 139 questions