Cisco (350-201-CBRCOR) Exam Questions And Answers page 16
An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?
Determine company usage of the affected products
Search for a patch to install from the vendor
Implement restrictions within the VoIP VLANS
Network Security
Endpoint Security
Refer to the exhibit. How are tokens authenticated when the REST API on a device is accessed from a REST API client?
The token is obtained by providing a password. The REST client requests access to a resource using the access token. The REST API validates the access token and gives access to the resource.
The token is obtained by providing a password. The REST API requests access to a resource using the access token, validates the access token, and gives access to the resource.
The token is obtained before providing a password. The REST API provides resource access, refreshes tokens, and returns them to the REST client. The REST client requests access to a resource using the access token.
The token is obtained before providing a password. The REST client provides access to a resource using the access token. The REST API encrypts the access token and gives access to the resource.
Security Concepts
Network Security
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?
401
402
403
404
405
Security Concepts
Network Security
A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company s confidential document management folder using a company-owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?
Measure confidentiality level of downloaded documents.
Report to the incident response team.
Escalate to contractor s manager.
Communicate with the contractor to identify the motives.
Security Concepts
Network Security
Refer to the exhibit. Based on the detected vulnerabilities, what is the next recommended mitigation step?
Evaluate service disruption and associated risk before prioritizing patches.
Perform root cause analysis for all detected vulnerabilities.
Remediate all vulnerabilities with descending CVSS score order.
Temporarily shut down unnecessary services until patch deployment ends.
Security Concepts
Cloud Security
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?
Scan the network to identify unknown assets and the asset owners.
Analyze the components of the infected hosts and associated business services.
Scan the host with updated signatures and remove temporary containment.
Analyze the impact of the malware and contain the artifacts.
Network Security
Endpoint Security
Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
There is a possible data leak because payloads should be encoded as UTF-8 text
There is a malware that is communicating via encrypted channels to the command and control server
Network Security
Security Operations and Technology
What is the difference between process orchestration and automation?
Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
Orchestration arranges the tasks, while automation arranges processes.
Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.
Security Concepts
Security Operations and Technology
An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?
Move the IPS to after the firewall facing the internal network
Move the IPS to before the firewall facing the outside network
Configure the proxy service on the IPS
Configure reverse port forwarding on the IPS
Network Security
Threat Intelligence and Incident Response
Which action should be taken when the HTTP response code 301 is received from a web application?
Update the cached header metadata.
Confirm the resource s location.
Increase the allowed user limit.
Modify the session timeout setting.
Security Concepts
Network Security
Comments