Exam Logo

Cisco (350-201-CBRCOR) Exam Questions And Answers page 8

An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?
Network Security Threat Intelligence and Incident Response

Refer to the exhibit. How must these advisories be prioritized for handling?
Threat Intelligence and Incident Response Security Operations and Technology

Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company s user creation policy:
• minimum length: 3
• usernames can only use letters, numbers, dots, and underscores
• usernames cannot begin with a number

The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?
Security Concepts Endpoint Security
How is a SIEM tool used?
Security Concepts Threat Intelligence and Incident Response
An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?
Security Concepts Endpoint Security
A company s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?
Network Security Threat Intelligence and Incident Response
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?
Network Security Cloud Security
The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?
Network Security Endpoint Security
Refer to the exhibit. Which indicator of compromise is represented by this STIX?

Security Concepts Threat Intelligence and Incident Response

Refer to the exhibit. Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?
Security Concepts Cloud Security