Cisco (350-201-CBRCOR) Exam Questions And Answers page 13
An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?
Remove all personally identifiable information.
Ensure the online sandbox is GDPR compliant.
Lock the file to prevent unauthorized access.
Security Concepts
Threat Intelligence and Incident Response
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?
Identify the business applications running on the assets
Update software to patch third-party software
Validate CSRF by executing exploits within Metasploit
Fix applications according to the risk scores
Network Security
Endpoint Security
An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)
Implement a patch management process.
Scan the company server files for known viruses.
Apply existing patches to the company servers.
Automate antivirus scans of the company servers.
Define roles and responsibilities in the incident response playbook.
Network Security
Threat Intelligence and Incident Response
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled Invoice RE: 0004489 . The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?
Run and analyze the DLP Incident Summary Report from the Email Security Appliance
Ask the company to execute the payload for real time analysis
Investigate further in open source repositories using YARA to find matches
Obtain a copy of the file for detonation in a sandbox
Network Security
Threat Intelligence and Incident Response
Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.
Threat Intelligence and Incident Response
Security Operations and Technology
Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?
exploitation
actions on objectives
delivery
reconnaissance
Network Security
Threat Intelligence and Incident Response
What is the purpose of hardening systems?
to securely configure machines to limit the attack surface
to create the logic that triggers alerts when anomalies occur
to identify vulnerabilities within an operating system
to analyze attacks to identify threat actors and points of entry
Security Concepts
Endpoint Security
An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?
Command and Control, Application Layer Protocol, Duqu
Discovery, Remote Services: SMB/Windows Admin Shares, Duqu
Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu
Discovery, System Network Configuration Discovery, Duqu
Network Security
Endpoint Security
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?
SNMPv2
TCP small services
port UDP 161 and 162
UDP small services
Network Security
Security Operations and Technology
Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?
customer data
internal database
internal cloud
Internet
Network Security
Threat Intelligence and Incident Response
Comments