Exam Logo

Cisco (350-201-CBRCOR) Exam Questions And Answers page 3


Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?
Security Concepts Threat Intelligence and Incident Response

Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?
Endpoint Security Threat Intelligence and Incident Response
An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?
Security Concepts Threat Intelligence and Incident Response
An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?
Security Concepts Endpoint Security

Refer to the exhibit. An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?
Network Security Security Operations and Technology
Refer to the exhibit. What is the connection status of the ICMP event?

Security Concepts Network Security
Refer to the exhibit. What is occurring in this packet capture?

Security Concepts Network Security

Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization s mail server. How should the Snort rule be modified to improve performance?
Network Security Threat Intelligence and Incident Response
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?
Security Concepts Network Security

Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company s user creation policy:
• minimum length: 3
• usernames can only use letters, numbers, dots, and underscores
• usernames cannot begin with a number

The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?
Security Concepts Endpoint Security