Cisco (350-201-CBRCOR) Exam Questions And Answers page 4
Refer to the exhibit. What is the connection status of the ICMP event?
allowed by a configured access policy rule
blocked by an intrusion policy rule
allowed in the default action
Security Concepts
Network Security
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?
IaaS
PaaS
DaaS
SaaS
Security Concepts
Cloud Security
What is the outcome of executing this script?
Single Choice
Refer to the exhibit. What results from this script?
Seeds for existing domains are checked
A search is conducted for additional seeds
Domains are compared to seed rules
A list of domains as seeds is blocked
Security Concepts
Endpoint Security
Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?
The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
Security Concepts
Network Security
Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)
Evaluate the intrusion detection system alerts to determine the threat source and attack surface.
Communicate with employees to determine who opened the link and isolate the affected assets.
Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.
Review the mail server and proxy logs to identify the impact of a potential breach.
Check the email header to identify the sender and analyze the link in an isolated environment.
Security Concepts
Network Security
Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.
Security Concepts
Network Security
Which asset has the highest risk value?
Single Choice
Refer to the exhibit. Which asset has the highest risk value?
servers
website
payment process
secretary workstation
Security Concepts
Cloud Security
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.
Threat Intelligence and Incident Response
Security Operations and Technology
An engineer has created a bash script to automate a complicated process. During script execution, this error occurs: permission denied. Which command must be added to execute this script?
chmod +x ex.sh
source ex.sh
chroot ex.sh
sh ex.sh
Endpoint Security
Refer to the exhibit. Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?
SNMP
syslog
REST API
pxGrid
Network Security
Endpoint Security
Comments