cisco 350-201 practice test

Performing CyberOps Using Core Security Technologies (CBRCOR)


Question 1


Refer to the exhibit. An engineer is performing static analysis of a file received and reported by a user. Which risk is
indicated in this STIX?

  • A. The file is redirecting users to a website that requests privilege escalations from the user.
  • B. The file is redirecting users to the website that is downloading ransomware to encrypt files.
  • C. The file is redirecting users to a website that harvests cookies and stored account information.
  • D. The file is redirecting users to a website that is determining users’ geographic location.
Answer:

D

Discussions

Question 2

A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected
parties are notified, and the incident response team is assigned to the case.
According to the NIST incident response handbook, what is the next step in handling the incident?

  • A. Create a follow-up report based on the incident documentation.
  • B. Perform a vulnerability assessment to find existing vulnerabilities.
  • C. Eradicate malicious software from the infected machines.
  • D. Collect evidence and maintain a chain-of-custody during further analysis.
Answer:

D

Discussions

Question 3

Which action should be taken when the HTTP response code 301 is received from a web application?

  • A. Update the cached header metadata.
  • B. Confirm the resource’s location.
  • C. Increase the allowed user limit.
  • D. Modify the session timeout setting.
Answer:

A

Discussions

Question 4


Refer to the exhibit. Where is the MIME type that should be followed indicated?

  • A. x-test-debug
  • B. strict-transport-security
  • C. x-xss-protection
  • D. x-content-type-options
Answer:

A

Discussions

Question 5

A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was
fraudulently posted on a competitors website. The spreadsheet contains names, salaries, and social security numbers. What
is the next step the engineer should take in this investigation?

  • A. Determine if there is internal knowledge of this incident.
  • B. Check incoming and outgoing communications to identify spoofed emails.
  • C. Disconnect the network from Internet access to stop the phishing threats and regain control.
  • D. Engage the legal department to explore action against the competitor that posted the spreadsheet.
Answer:

D

Discussions

Question 6

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to
the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking
host. What is the next step in the incident response workflow?

  • A. eradication and recovery
  • B. post-incident activity
  • C. containment
  • D. detection and analysis
Answer:

A

Discussions

Question 7

How is a SIEM tool used?

  • A. To collect security data from authentication failures and cyber attacks and forward it for analysis
  • B. To search and compare security data against acceptance standards and generate reports for analysis
  • C. To compare security alerts against configured scenarios and trigger system responses
  • D. To collect and analyze security data from network devices and servers and produce alerts
Answer:

D

Explanation:
Reference: https://www.varonis.com/blog/what-is-siem/

Discussions

Question 8

DRAG DROP
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.
Select and Place:

Answer:

Explanation:
Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases

Discussions

Question 9

Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple
concurrent API requests. These requests made the application unresponsive. Which solution protects the application from
being overloaded and ensures more equitable application access across the end-user community?

  • A. Limit the number of API calls that a single client is allowed to make
  • B. Add restrictions on the edge router on how often a single client can access the API
  • C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
  • D. Increase the application cache of the total pool of active clients that call the API
Answer:

A

Discussions

Question 10

What do 2xx HTTP response codes indicate for REST APIs?

  • A. additional action must be taken by the client to complete the request
  • B. the server takes responsibility for error status codes
  • C. communication of transfer protocol-level information
  • D. successful acceptance of the client’s request
Answer:

D

Explanation:
Reference: https://restfulapi.net/http-status-
codes/#:~:text=HTTP%20defines%20these%20standard%20status,results%20of%20a%20client%27s%20request.&text=2xx
%3A%20Success%20% 20Indicates%20that%20the,order%20to%20complete%20their%20request.

Discussions
To page 2