Cisco 350-201 CBRCOR Exam Questions Instant Access

Question 1

Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?

ARemove the shortcut files

BCheck the audit logs

CIdentify affected systems

DInvestigate the malicious URLs

Answer : C

Question 2

An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)

Adomain belongs to a competitor

Blog in during non-working hours

Cemail forwarding to an external domain

Dlog in from a first-seen country

Eincreased number of sent mails

Answer : A, B

Question 3

How is a SIEM tool used?

ATo collect security data from authentication failures and cyber attacks and forward it for analysis

BTo search and compare security data against acceptance standards and generate reports for analysis

CTo compare security alerts against configured scenarios and trigger system responses

DTo collect and analyze security data from network devices and servers and produce alerts

Answer : D

Question 4

An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

AHIPAA

BFISMA

CCOBIT

DPCI DSS

Answer : D

Question 5

How does Wireshark decrypt TLS network traffic?

Awith a key log file using per-session secrets

Busing an RSA public key

Cby observing DH key exchange

Dby defining a user-specified decode-as

Answer : A

Question 6

A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?

ADLP for data in motion

BDLP for removable data

CDLP for data in use

DDLP for data at rest

Answer : C

Question 7

What is a principle of Infrastructure as Code?

ASystem maintenance is delegated to software systems

BComprehensive initial designs support robust systems

CScripts and manual configurations work together to ensure repeatable routines

DSystem downtime is grouped and scheduled across the infrastructure

Answer : B

Cisco Performing CyberOps Using Core Security Technologies 350-201 CBRCOR Exam Questions