Cisco (350-201-CBRCOR) Exam Questions And Answers page 8
An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?
Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.
Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.
Network Security
Threat Intelligence and Incident Response
Refer to the exhibit. How must these advisories be prioritized for handling?
The highest priority for handling depends on the type of institution deploying the devices
Vulnerability #2 is the highest priority for every type of institution
Vulnerability #1 and vulnerability #2 have the same priority
Vulnerability #1 is the highest priority for every type of institution
Threat Intelligence and Incident Response
Security Operations and Technology
Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company s user creation policy:
• minimum length: 3
• usernames can only use letters, numbers, dots, and underscores
• usernames cannot begin with a number
The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?
modify code to return error on restrictions def return false_user(username, minlen)
automate the restrictions def automate_user(username, minlen)
validate the restrictions, def validate_user(username, minlen)
modify code to force the restrictions, def force_user(username, minlen)
Security Concepts
Endpoint Security
What are the uses and functionalities of a SIEM tool?
Single Choice
How is a SIEM tool used?
To collect security data from authentication failures and cyber attacks and forward it for analysis
To search and compare security data against acceptance standards and generate reports for analysis
To compare security alerts against configured scenarios and trigger system responses
To collect and analyze security data from network devices and servers and produce alerts
Security Concepts
Threat Intelligence and Incident Response
An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?
ExecutedMalware.ioc
Crossrider.ioc
ConnectToSuspiciousDomain.ioc
W32.AccesschkUtility.ioc
Security Concepts
Endpoint Security
A company s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?
assessment scope
event severity and likelihood
incident response playbook
risk model framework
Network Security
Threat Intelligence and Incident Response
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?
Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.
Network Security
Cloud Security
The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?
Conduct a risk assessment of systems and applications
Isolate the infected host from the rest of the subnet
Install malware prevention software on the host
Analyze network traffic on the host s subnet
Network Security
Endpoint Security
Refer to the exhibit. Which indicator of compromise is represented by this STIX?
website redirecting traffic to ransomware server
website hosting malware to download files
web server vulnerability exploited by malware
cross-site scripting vulnerability to backdoor server
Security Concepts
Threat Intelligence and Incident Response
Refer to the exhibit. Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?
An attacker can initiate a DoS attack.
An attacker can read or change data.
An attacker can transfer data to an external server.
An attacker can modify the access logs.
Security Concepts
Cloud Security
Comments