Performing CyberOps Using Core Security Technologies (CBRCOR)

Here you have the best Cisco 350-201 practice exam questions

  • You have 129 total questions to study from
  • Each page has 5 questions, making a total of 26 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 16, 2024
Question 1 of 129

Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end- user community?

    Correct Answer: A

    To protect an application from being overloaded and ensure equitable access, implementing a rate limit on the number of API calls that a single client can make is a suitable approach. By limiting the number of requests a single client can send within a given timeframe, it helps prevent abuse from a single source while ensuring that legitimate users can access the application. This rate limiting can help mitigate the effects of denial-of-service (DoS) attacks and ensure more stable and fair access for all users.

Question 2 of 129

DRAG DROP -

An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Select and Place:

    Correct Answer:

Question 3 of 129

A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled. Which activity triggered the behavior analytics tool?

    Correct Answer: D

    The activity that most likely triggered the behavior analytics tool was downloading more than 10 files. Behavior analytics tools are designed to detect unusual activities, and downloading a large number of files in a short period typically stands out as suspicious behavior. Accessing multiple servers or the financial data server could raise flags, but the clear quantitative threshold of downloading more than 10 files makes it a decisive trigger.

Question 4 of 129

Refer to the exhibit. A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

    Correct Answer: A

    To identify the source IP of the offender, the analyst should use a packet sniffer. Packet sniffers, like Wireshark, capture and analyze the data packets traveling through the network. They can provide detailed information about the source and destination IP addresses, which is crucial in identifying the origin of suspicious connections. This allows the security analyst to pinpoint the source IP of the potential attacker by examining the network traffic in detail.

Question 5 of 129

Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

    Correct Answer: C

    The prioritized behavioral indicators of compromise justify the execution of the 'ransomware' because the scores are high and indicate the likelihood that malicious ransomware has been detected. The report shows multiple indicators with high severity and confidence levels. For instance, 'CTB Locker Detected' and 'Generic Ransomware Detected' both have severity and confidence scores of 100, strongly suggesting that ransomware activity has been detected.