Cisco 350-201 CBRCOR Exam Questions Instant Access

Question 1

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default

administrator account login. Which step should an engineer take after receiving this alert?

AInitiate a triage meeting to acknowledge the vulnerability and its potential impact

BDetermine company usage of the affected products

CSearch for a patch to install from the vendor

DImplement restrictions within the VoIP VLANS

Answer : C

Question 2

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?

AImplement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

BIntegrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

CImplement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

DIntegrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

Answer : C

Question 3

Refer to the exhibit.

What is the threat in this Wireshark traffic capture?

AA high rate of SYN packets being sent from multiple sources toward a single destination IP

BA flood of ACK packets coming from a single source IP to multiple destination IPs

CA high rate of SYN packets being sent from a single source IP toward multiple destination IPs

DA flood of SYN packets coming from a single source IP to a single destination IP

Answer : D

Question 4

An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

ARun the program through a debugger to see the sequential actions

BUnpack the file in a sandbox to see how it reacts

CResearch the malware online to see if there are noted findings

DDisassemble the malware to understand how it was constructed

Answer : C

Question 5

An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?

Adata clustering

Bdata regression

Cdata ingestion

Ddata obfuscation

Answer : A

Question 6

A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled. Which activity triggered the behavior analytics tool?

Aaccessing the Active Directory server

Baccessing the server with financial data

Caccessing multiple servers

Ddownloading more than 10 files

Answer : C

Question 7

A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

ARun the sudo sysdiagnose command

BRun the sh command

CRun the w command

DRun the who command

Answer : A

Cisco Performing CyberOps Using Core Security Technologies 350-201 CBRCOR Exam Questions