Exam Logo

Cisco (350-201-CBRCOR) Exam Questions And Answers page 13

An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?
Security Concepts Threat Intelligence and Incident Response
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?
Network Security Endpoint Security
An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)
Network Security Threat Intelligence and Incident Response
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled Invoice RE: 0004489 . The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?
Network Security Threat Intelligence and Incident Response
Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Threat Intelligence and Incident Response Security Operations and Technology

Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?
Network Security Threat Intelligence and Incident Response
What is the purpose of hardening systems?
Security Concepts Endpoint Security
An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?
Network Security Endpoint Security
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?
Network Security Security Operations and Technology
Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?
Network Security Threat Intelligence and Incident Response