This page was exported from PassLeader New Cisco Exam Dumps - CCNA, CCNP, CCIE, DevNet, CCDE Certification Exam Dumps VCE and PDF and Braindumps and Practice Tests [ https://www.ciscovceplus.com ]
Export date: Fri Mar 29 0:15:17 2024 / +0000 GMT

[23-May-2021] New 2020 CyberOps 350-201 CBRCOR Dumps with VCE and PDF from PassLeader (Update Questions)



New 2020 CyberOps 350-201 CBRCOR exam questions from PassLeader 350-201 dumps! Welcome to download the newest PassLeader 350-201 VCE and PDF dumps: https://www.passleader.com/350-201.html (126 Q&As --> 142 Q&As)

P.S. Free 2020 CyberOps 350-201 CBRCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1zPcauiMjVR_TIbRfw4TwLxwrleyLePbQ

NEW QUESTION 111 An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

A.    Scan the network to identify unknown assets and the asset owners. B.    Analyze the components of the infected hosts and associated business services. C.    Scan the host with updated signatures and remove temporary containment. D.    Analyze the impact of the malware and contain the artifacts.

Answer: B

NEW QUESTION 112 The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

A.    Perform static and dynamic code analysis of the specimen. B.    Unpack the specimen and perform memory forensics. C.    Contain the subnet in which the suspicious file was found. D.    Document findings and clean-up the laboratory.

Answer: B

NEW QUESTION 113 A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

A.    Allow list only authorized hosts to contact the application's IP at a specific port. B.    Allow list HTTP traffic through the corporate VLANS. C.    Allow list traffic to application's IP from the internal network at a specific port. D.    Allow list only authorized hosts to contact the application's VLAN.

Answer: D

NEW QUESTION 114 A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

A.    post-authorization by non-issuing entities if there is a documented business justification B.    by entities that issue the payment cards or that perform support issuing services C.    post-authorization by non-issuing entities if the data is encrypted and securely stored D.    by issuers and issuer processors if there is a legitimate reason

Answer: C

NEW QUESTION 115 A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

A.    Determine if there is internal knowledge of this incident. B.    Check incoming and outgoing communications to identify spoofed emails. C.    Disconnect the network from Internet access to stop the phishing threats and regain control. D.    Engage the legal department to explore action against the competitor that posted the spreadsheet.

Answer: D

NEW QUESTION 116 An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

A.    Disable memory limit. B.    Disable CPU threshold trap toward the SNMP server. C.    Enable memory tracing notifications. D.    Enable memory threshold notifications.

Answer: D

NEW QUESTION 117 A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

A.    Create a follow-up report based on the incident documentation. B.    Perform a vulnerability assessment to find existing vulnerabilities. C.    Eradicate malicious software from the infected machines. D.    Collect evidence and maintain a chain-of-custody during further analysis.

Answer: D

NEW QUESTION 118 A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company- owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

A.    Measure confidentiality level of downloaded documents. B.    Report to the incident response team. C.    Escalate to contractor's manager. D.    Communicate with the contractor to identify the motives.

Answer: B

NEW QUESTION 119 An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

A.    Disconnect the affected server from the network. B.    Analyze the source. C.    Access the affected server to confirm compromised files are encrypted. D.    Determine the attack surface.

Answer: C

NEW QUESTION 120 An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

A.    Verify hash integrity. B.    Remove all personally identifiable information. C.    Ensure the online sandbox is GDPR compliant. D.    Lock the file to prevent unauthorized access.

Answer: B

NEW QUESTION 121 What is needed to assess risk mitigation effectiveness in an organization?

A.    analysis of key performance indicators B.    compliance with security standards C.    cost-effectiveness of control measures D.    updated list of vulnerable systems

Answer: C

NEW QUESTION 122 The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

A.    eradication and recovery B.    post-incident activity C.    containment D.    detection and analysis

Answer: A

NEW QUESTION 123 A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

A.    Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause. B.    Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps. C.    Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step. D.    Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

Answer: D

NEW QUESTION 124 Which action should be taken when the HTTP response code 301 is received from a web application?

A.    Update the cached header metadata. B.    Confirm the resource's location. C.    Increase the allowed user limit. D.    Modify the session timeout setting.

Answer: A

NEW QUESTION 125 Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

A.    Evaluate the intrusion detection system alerts to determine the threat source and attack surface. B.    Communicate with employees to determine who opened the link and isolate the affected assets. C.    Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation. D.    Review the mail server and proxy logs to identify the impact of a potential breach. E.    Check the email header to identify the sender and analyze the link in an isolated environment.

Answer: CE

NEW QUESTION 126 ......


New 2020 CyberOps 350-201 CBRCOR exam questions from PassLeader 350-201 dumps! Welcome to download the newest PassLeader 350-201 VCE and PDF dumps: https://www.passleader.com/350-201.html (126 Q&As --> 142 Q&As)

P.S. Free 2020 CyberOps 350-201 CBRCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1zPcauiMjVR_TIbRfw4TwLxwrleyLePbQ

 

 


Post date: 2021-05-23 22:43:00
Post date GMT: 2021-05-23 22:43:00
Post modified date: 2021-07-16 10:49:03
Post modified date GMT: 2021-07-16 10:49:03

Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com