Exam Logo

Cisco (350-201-CBRCOR) Exam Questions And Answers page 16

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?
Network Security Endpoint Security

Refer to the exhibit. How are tokens authenticated when the REST API on a device is accessed from a REST API client?
Security Concepts Network Security
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?
Security Concepts Network Security
A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company s confidential document management folder using a company-owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?
Security Concepts Network Security

Refer to the exhibit. Based on the detected vulnerabilities, what is the next recommended mitigation step?
Security Concepts Cloud Security
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?
Network Security Endpoint Security

Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
Network Security Security Operations and Technology
What is the difference between process orchestration and automation?
Security Concepts Security Operations and Technology
An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?
Network Security Threat Intelligence and Incident Response
Which action should be taken when the HTTP response code 301 is received from a web application?
Security Concepts Network Security