Cisco (350-201-CBRCOR) Exam Questions And Answers page 7
Refer to the exhibit. Based on the detected vulnerabilities, what is the next recommended mitigation step?
Perform root cause analysis for all detected vulnerabilities.
Remediate all vulnerabilities with descending CVSS score order.
Temporarily shut down unnecessary services until patch deployment ends.
Security Concepts
Cloud Security
What is the data format being used in the exhibit?
Single Choice
Refer to the exhibit. Which data format is being used?
JSON
HTML
XML
CSV
Security Concepts
Network Security
A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross-correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?
Disable BIND forwarding from the DNS server to avoid reconnaissance.
Disable affected assets and isolate them for further investigation.
Configure affected devices to disable NETRJS protocol.
Configure affected devices to disable the Finger service.
Network Security
Threat Intelligence and Incident Response
Refer to the exhibit. An employee is a victim of a social engineering phone call and installs remote access software to allow an MS Support technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee s laptop and the remote technician s system?
No database files were disclosed
The database files were disclosed
The database files integrity was violated
The database files were intentionally corrupted, and encryption is possible
Security Concepts
Network Security
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?
Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
Inform the user by enabling an automated email response when the rule is triggered.
Inform the incident response team by enabling an automated email response when the rule is triggered.
Create an automation script for blocking URLs on the firewall when the rule is triggered.
Network Security
Threat Intelligence and Incident Response
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?
HIPAA
PCI-DSS
Sarbanes-Oxley
GDPR
Network Security
Endpoint Security
Refer to the exhibit. An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?
compromised insider
compromised root access
compromised database tables
compromised network
Security Concepts
Network Security
Refer to the exhibit. Where are the browser page rendering permissions displayed?
x-frame-options
x-xss-protection
x-content-type-options
x-test-debug
Security Concepts
Network Security
An engineer is analyzing a possible compromise that happened a week ago when the company database servers unexpectedly went down. The analysis reveals that attackers tampered with Microsoft SQL Server Resolution Protocol and launched a DDoS attack. The engineer must act quickly to ensure that all systems are protected. Which two tools should be used to detect and mitigate this type of future attack? (Choose two.)
firewall
Wireshark
autopsy
SHA512
IPS
Network Security
Threat Intelligence and Incident Response
Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?
Threat scores are high, malicious ransomware has been detected, and files have been modified
Threat scores are low, malicious ransomware has been detected, and files have been modified
Threat scores are high, malicious activity is detected, but files have not been modified
Threat scores are low and no malicious file activity is detected
Endpoint Security
Threat Intelligence and Incident Response
Comments