Cisco (350-201-CBRCOR) Exam Questions And Answers page 15
Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?
The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
Security Concepts
Network Security
How to mitigate attacks on the webserver from the Internet?
Multiple Choice
Refer to the exhibit. Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)
Create an ACL on the firewall to allow only TLS 1.3
Implement a reverse server in the DMZ network
Create an ACL on the firewall to allow only external connections
Move the webserver to the internal network
Move the webserver to the external network
Security Concepts
Network Security
Drag and drop the function on the left onto the mechanism on the right.
Network Security
Security Operations and Technology
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?
Allow list HTTP traffic through the corporate VLANS.
Allow list only authorized hosts to contact the application s IP at a specific port.
Allow list traffic to application s IP from the internal network at a specific port.
Allow list only authorized hosts to contact the application s VLAN.
Network Security
Endpoint Security
What is needed to assess risk mitigation effectiveness in an organization?
analysis of key performance indicators
compliance with security standards
cost-effectiveness of control measures
updated list of vulnerable systems
Security Concepts
Threat Intelligence and Incident Response
A security expert is investigating a breach that resulted in a $32 million loss from customer accounts. Hackers were able to steal API keys and two-factor codes due to a vulnerability that was introduced in a new code a few weeks before the attack. Which step was missed that would have prevented this breach?
use of the Nmap tool to identify the vulnerability when the new code was deployed
implementation of a firewall and intrusion detection system
implementation of an endpoint protection system
use of SecDevOps to detect the vulnerability during development
Security Concepts
Endpoint Security
Refer to the exhibit. The Cisco Secure Network Analytics (Stealthwatch) console alerted with New Malware Server Discovered and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.
Network Security
Endpoint Security
An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?
Run the program through a debugger to see the sequential actions
Unpack the file in a sandbox to see how it reacts
Research the malware online to see if there are noted findings
Disassemble the malware to understand how it was constructed
Security Concepts
Endpoint Security
How to prioritize handling these advisories? [Exhibit]
Single Choice
Refer to the exhibit. How must these advisories be prioritized for handling?
The highest priority for handling depends on the type of institution deploying the devices
Vulnerability #2 is the highest priority for every type of institution
Vulnerability #1 and vulnerability #2 have the same priority
Vulnerability #1 is the highest priority for every type of institution
Threat Intelligence and Incident Response
Security Operations and Technology
An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?
diagnostic
qualitative
predictive
statistical
Threat Intelligence and Incident Response
Security Operations and Technology
Comments