Cisco 350-201 CBRCOR Exam Practice Test Instant Access

Question 1

An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?

#!/usr/bin/python import sys import requests

A{1}, {2}

B{1}, {3}

Cconsole_ip, api_token

Dconsole_ip, reference_set_name

Answer : C

Question 2

A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?

AIaaS

BPaaS

CDaaS

DSaaS

Answer : A

Question 3

A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

ABlock local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.

BInform the user by enabling an automated email response when the rule is triggered.

CInform the incident response team by enabling an automated email response when the rule is triggered.

DCreate an automation script for blocking URLs on the firewall when the rule is triggered.

Answer : A

Question 4

Refer to the exhibit.

An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?

AThe file is redirecting users to a website that requests privilege escalations from the user.

BThe file is redirecting users to the website that is downloading ransomware to encrypt files.

CThe file is redirecting users to a website that harvests cookies and stored account information.

DThe file is redirecting users to a website that is determining users' geographic location.

Answer : D

Question 5

A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

ADetermine if there is internal knowledge of this incident.

BCheck incoming and outgoing communications to identify spoofed emails.

CDisconnect the network from Internet access to stop the phishing threats and regain control.

DEngage the legal department to explore action against the competitor that posted the spreadsheet.

Answer : D

Question 6

A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

Apost-authorization by non-issuing entities if there is a documented business justification

Bby entities that issue the payment cards or that perform support issuing services

Cpost-authorization by non-issuing entities if the data is encrypted and securely stored

Dby issuers and issuer processors if there is a legitimate reason

Answer : C

Question 7

A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

AAllow list only authorized hosts to contact the application's IP at a specific port.

BAllow list HTTP traffic through the corporate VLANS.

CAllow list traffic to application's IP from the internal network at a specific port.

DAllow list only authorized hosts to contact the application's VLAN.

Answer : D

Cisco 350-201 Performing CyberOps Using Core Security Technologies CBRCOR Exam Practice Test