New 2020 CyberOps 350-201 CBRCOR exam questions from PassLeader 350-201 dumps! Welcome to download the newest PassLeader 350-201 VCE and PDF dumps: https://www.passleader.com/350-201.html (105 Q&As –> 126 Q&As –> 142 Q&As)
P.S. Free 2020 CyberOps 350-201 CBRCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1zPcauiMjVR_TIbRfw4TwLxwrleyLePbQ
NEW QUESTION 1
A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator’s account was disabled. Which activity triggered the behavior analytics tool?
A. accessing the Active Directory server
B. accessing the server with financial data
C. accessing multiple servers
D. downloading more than 10 files
Answer: C
NEW QUESTION 2
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?
A. Determine the assets to which the attacker has access.
B. Identify assets the attacker handled or acquired.
C. Change access controls to high risk assets in the enterprise.
D. Identify movement of the attacker in the enterprise.
Answer: D
NEW QUESTION 3
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)
A. incident response playbooks
B. asset vulnerability assessment
C. report of staff members with asset relations
D. key assets and executives
E. malware analysis report
Answer: BE
Explanation:
https://cloudogre.com/risk-assessment/
NEW QUESTION 4
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
A. Perform a vulnerability assessment.
B. Conduct a data protection impact assessment.
C. Conduct penetration testing.
D. Perform awareness testing.
Answer: B
Explanation:
https://apdcat.gencat.cat/web/.content/03-documentacio/Reglament_general_de_proteccio_de_dades/documents/DPIA-Guide.pdf
NEW QUESTION 5
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?
A. HIPAA
B. PCI-DSS
C. Sarbanes-Oxley
D. GDPR
Answer: D
Explanation:
https://www.thesslstore.com/blog/10-data-privacy-and-encryption-laws-every-business-needs-to-know/
NEW QUESTION 6
An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?
A. diagnostic
B. qualitative
C. predictive
D. statistical
Answer: C
Explanation:
https://insights.principa.co.za/4-types-of-data-analytics-descriptive-diagnostic-predictive-prescriptive
NEW QUESTION 7
Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?
A. chmod 666
B. chmod 774
C. chmod 775
D. chmod 777
Answer: D
Explanation:
https://www.pluralsight.com/blog/it-ops/linux-file-permissions
NEW QUESTION 8
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?
A. Contain the malware.
B. Install IPS software.
C. Determine the escalation path.
D. Perform vulnerability assessment.
Answer: D
NEW QUESTION 9
An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?
A. Initiate a triage meeting to acknowledge the vulnerability and its potential impact.
B. Determine company usage of the affected products.
C. Search for a patch to install from the vendor.
D. Implement restrictions within the VoIP VLANS.
Answer: C
NEW QUESTION 10
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?
A. DLP for data in motion.
B. DLP for removable data.
C. DLP for data in use.
D. DLP for data at rest.
Answer: C
Explanation:
https://www.endpointprotector.com/blog/what-is-data-loss-prevention-dlp/
NEW QUESTION 11
A security expert is investigating a breach that resulted in a $32 million loss from customer accounts. Hackers were able to steal API keys and two-factor codes due to a vulnerability that was introduced in a new code a few weeks before the attack. Which step was missed that would have prevented this breach?
A. use of the Nmap tool to identify the vulnerability when the new code was deployed
B. implementation of a firewall and intrusion de ection system
C. implementation of an endpoint protection system
D. use of SecDevOps to detect the vulnerability during development
Answer: D
Explanation:
https://securityintelligence.com/how-to-prioritize-security-vulnerabilities-in-secdevops/
NEW QUESTION 12
How does Wireshark decrypt TLS network traffic?
A. with a key log file using per-session secrets
B. using an RSA public key
C. by observing DH key exchange
D. by defining a user-specified decode-as
Answer: A
Explanation:
https://wiki.wireshark.org/TLS
NEW QUESTION 13
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?
A. 401
B. 402
C. 403
D. 404
E. 405
Answer: A
NEW QUESTION 14
A company’s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?
A. assessment scope
B. event severity and likelihood
C. incident response playbook
D. risk model framework
Answer: D
NEW QUESTION 15
An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then l go out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)
A. domain belongs to a competitor
B. log in during non-working hours
C. email forwarding to an external domain
D. log in from a first-seen country
E. increased number of sent mails
Answer: AB
NEW QUESTION 16
How is a SIEM tool used?
A. To collect security data from authentication failures and cyber-attacks and forward it for analysis.
B. To search and compare security data against acceptance standards and generate reports for analysis.
C. To compare security alerts against configured scenarios and trigger system responses.
D. To collect and analyze security data from network devices and servers and produce alerts.
Answer: D
Explanation:
https://www.varonis.com/blog/what-is-siem/
NEW QUESTION 17
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?
A. HIPAA
B. FISMA
C. COBIT
D. PCI DSS
Answer: D
Explanation:
https://upserve.com/restaurant-insider/restaurant-pos-pci-compliance-checklist/
NEW QUESTION 18
An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?
A. continuous delivery
B. continuous integration
C. continuous deployment
D. continuous monitoring
Answer: A
NEW QUESTION 19
Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system’s startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?
A. Remove the shortcut files.
B. Check the audit logs.
C. Identify affected systems.
D. Investigate the malicious URLs.
Answer: C
NEW QUESTION 20
What is a limitation of cyber security risk insurance?
A. It does not cover the costs to restore stolen identities as a result of a cyber attack.
B. It does not cover the costs to hire forensics experts to analyze the cyber attack.
C. It does not cover the costs of damage done by third parties as a result of a cyber attack.
D. It does not cover the costs to hire a public relations company to help deal with a cyber attack.
Answer: A
Explanation:
https://tplinsurance.com/products/cyber-risk-insurance/
NEW QUESTION 21
Drag and Drop
Drag and drop the function on the left onto the mechanism on the right.
NEW QUESTION 22
Drag and Drop
Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.
NEW QUESTION 23
……
New 2020 CyberOps 350-201 CBRCOR exam questions from PassLeader 350-201 dumps! Welcome to download the newest PassLeader 350-201 VCE and PDF dumps: https://www.passleader.com/350-201.html (105 Q&As –> 126 Q&As –> 142 Q&As)
P.S. Free 2020 CyberOps 350-201 CBRCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1zPcauiMjVR_TIbRfw4TwLxwrleyLePbQ