Cisco (350-201-CBRCOR) Exam Questions And Answers page 2
What is the impact of hardening machine images for deployment?
increases the speed of patch deployment
reduces the steps needed to mitigate threats
increases the availability of threat alerts
Security Concepts
Endpoint Security
An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.
Network Security
Endpoint Security
Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.
Security Concepts
Network Security
An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight. Which type of compromise is indicated?
phishing
dumpster diving
social engineering
privilege escalation
Network Security
Threat Intelligence and Incident Response
Which asset has the highest risk value?
Single Choice
Refer to the exhibit. Which asset has the highest risk value?
servers
website
payment process
secretary workstation
Security Concepts
Cloud Security
An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?
Utilize the SaaS tool team to gather more information on the potential breach
Contact the incident response team to inform them of a potential breach
Organize a meeting to discuss the services that may be affected
Request that the purchasing department creates and sends the payments manually
Security Concepts
Network Security
Refer to the exhibit. An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?
malware break
data theft
elevation of privileges
denial-of-service
Security Concepts
Network Security
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?
Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
Review the server backup and identify server content and data criticality to assess the intrusion risk
Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
Network Security
Endpoint Security
A security incident affected an organization s critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)
Configure shorter timeout periods.
Determine API rate-limiting requirements.
Implement API key maintenance.
Automate server-side error reporting for customers.
Decrease simultaneous API responses.
Network Security
Threat Intelligence and Incident Response
Refer to the exhibit. For IP 192.168.1.209, what are the risk level, activity, and next step?
high risk level, anomalous periodic communication, quarantine with antivirus
critical risk level, malicious server IP, run in a sandboxed environment
critical risk level, data exfiltration, isolate the device
high risk level, malicious host, investigate further
Security Concepts
Network Security
Comments