Cisco (350-201-CBRCOR) Exam Questions And Answers page 1
Refer to the exhibit. Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?
Security Concepts
Threat Intelligence and Incident Response
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.
Cloud Security
Threat Intelligence and Incident Response
After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?
Analyze the applications and services running on the affected workstation.
Compare workstation configuration and asset configuration policy to identify gaps.
Inspect registry entries for recently executed files.
Review audit logs for privilege escalation events.
Security Concepts
Endpoint Security
Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system s startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?
Remove the shortcut files
Check the audit logs
Identify affected systems
Investigate the malicious URLs
Network Security
Endpoint Security
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.
Network Security
Security Operations and Technology
Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.
Cloud Security
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.
Security Concepts
Network Security
Refer to the exhibit. Where are the browser page rendering permissions displayed?
X-Frame-Options
X-XSS-Protection
Content-Type
Cache-Control
Security Concepts
Network Security
An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?
Host a discovery meeting and define configuration and policy updates
Update the IDS/IPS signatures and reimage the affected hosts
Identify the systems that have been affected and tools used to detect the attack
Identify the traffic with data capture using Wireshark and review email filters
Network Security
Threat Intelligence and Incident Response
An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)
domain belongs to a competitor
log in during non-working hours
email forwarding to an external domain
log in from a first-seen country
increased number of sent mails
Security Concepts
Network Security
Comments