Cisco (350-201-CBRCOR) Exam Questions And Answers page 11
What is idempotence?
the ability to recover from failures while keeping critical services running
the necessity of setting maintenance of individual deployment environments
the ability to set the target environment configuration regardless of the starting state
Security Concepts
Refer to the exhibit. An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?
Top Peers
Top Hosts
Top Conversations
Top Ports
Network Security
Security Operations and Technology
An engineer detects an intrusion event inside an organization s network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?
Disconnect the affected server from the network.
Analyze the source.
Access the affected server to confirm compromised files are encrypted.
Determine the attack surface.
Network Security
Threat Intelligence and Incident Response
What is a limitation of cyber security risk insurance?
It does not cover the costs to restore stolen identities as a result of a cyber attack
It does not cover the costs to hire forensics experts to analyze the cyber attack
It does not cover the costs of damage done by third parties as a result of a cyber attack
It does not cover the costs to hire a public relations company to help deal with a cyber attack
Security Concepts
Threat Intelligence and Incident Response
A security architect in an automotive factory is working on the Cyber Security Management System and is implementing procedures and creating policies to prevent attacks. Which standard must the architect apply?
IEC62446
IEC62443
IEC62439-3
IEC62439-2
Security Concepts
Network Security
Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?
Threat scores are low and no malicious file activity is detected
Threat scores are high, malicious ransomware has been detected, and files have been modified
Threat scores are low, malicious ransomware has been detected, and files have been modified
Threat scores are high, malicious activity is detected, but files have not been modified
Endpoint Security
Threat Intelligence and Incident Response
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?
eradication and recovery
post-incident activity
containment
detection and analysis
Network Security
Threat Intelligence and Incident Response
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?
Run the sudo sysdiagnose command
Run the sh command
Run the w command
Run the who command
Security Concepts
Network Security
Refer to the exhibit. An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim s spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address. Which action does the engineer recommend?
Use command ip verify reverse-path interface
Use global configuration command service tcp-keepalives-out
Use subinterface command no ip directed-broadcast
Use logging trap 6
Network Security
Threat Intelligence and Incident Response
What is the outcome of executing this script?
Single Choice
Refer to the exhibit. What results from this script?
Seeds for existing domains are checked
A search is conducted for additional seeds
Domains are compared to seed rules
A list of domains as seeds is blocked
Security Concepts
Endpoint Security
Comments