Exam Logo

Cisco (350-201-CBRCOR) Exam Questions And Answers page 1


Refer to the exhibit. Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?
Security Concepts Threat Intelligence and Incident Response
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Cloud Security Threat Intelligence and Incident Response
After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?
Security Concepts Endpoint Security
Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system s startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?
Network Security Endpoint Security
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Network Security Security Operations and Technology
Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.

Cloud Security
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Security Concepts Network Security

Refer to the exhibit. Where are the browser page rendering permissions displayed?
Security Concepts Network Security
An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?
Network Security Threat Intelligence and Incident Response
An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)
Security Concepts Network Security