Exam Logo

Cisco (350-201-CBRCOR) Exam Questions And Answers page 6

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?
Network Security
A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user s laptop while traveling. The attacker has the user s credentials and is attempting to connect to the network.

What is the next step in handling the incident?
Network Security Threat Intelligence and Incident Response

Refer to the exhibit. Which data format is being used?
Security Concepts Network Security
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
Security Concepts Cloud Security
What is a benefit of key risk indicators?
Security Concepts
A threat actor attacked an organization s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator s account was disabled. Which activity triggered the behavior analytics tool?
Network Security Endpoint Security
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?
Security Concepts Threat Intelligence and Incident Response

Refer to the exhibit. Where is the MIME type that should be followed indicated?
Network Security

Refer to the exhibit. Where is the MIME type that should be followed indicated?
Security Concepts Network Security
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?
Security Concepts Network Security