Performing CyberOps Using Core Security Technologies (CBRCOR) v1.0 (350-201)

Page:    1 / 7   
Total 100 questions

DRAG DROP -
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.
Select and Place:




Answer :

A company"™s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

  • A. assessment scope
  • B. event severity and likelihood
  • C. incident response playbook
  • D. risk model framework


Answer : D

DRAG DROP -
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.
Select and Place:




Answer :

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases

An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)

  • A. domain belongs to a competitor
  • B. log in during non-working hours
  • C. email forwarding to an external domain
  • D. log in from a first-seen country
  • E. increased number of sent mails


Answer : AB

How is a SIEM tool used?

  • A. To collect security data from authentication failures and cyber attacks and forward it for analysis
  • B. To search and compare security data against acceptance standards and generate reports for analysis
  • C. To compare security alerts against configured scenarios and trigger system responses
  • D. To collect and analyze security data from network devices and servers and produce alerts


Answer : D

Reference:
https://www.varonis.com/blog/what-is-siem/


Refer to the exhibit. An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?

  • A. a DOS MZ executable format
  • B. a MS-DOS executable archive
  • C. an archived malware
  • D. a Windows executable file


Answer : D

Reference:
https://stackoverflow.com/questions/2577545/why-is-this-program-cannot-be-run-in-dos-mode-text-present-in-dll-files#:~:text=The%20linker%20places
%20a%20default,using%20the%20%2FSTUB%20linker%20option.&text=This%20information%20enables%20Windows%20to,has%20an%20MS-DOS%20stub
.


Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

  • A. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
  • B. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
  • C. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
  • D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.


Answer : B

An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

  • A. HIPAA
  • B. FISMA
  • C. COBIT
  • D. PCI DSS


Answer : D

Reference:
https://upserve.com/restaurant-insider/restaurant-pos-pci-compliance-checklist/

A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?

  • A. SNMPv2
  • B. TCP small services
  • C. port UDP 161 and 162
  • D. UDP small services


Answer : A

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-0161

DRAG DROP -
Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.
Select and Place:




Answer :

Refer to the exhibit. Which indicator of compromise is represented by this STIX?


  • A. website redirecting traffic to ransomware server
  • B. website hosting malware to download files
  • C. web server vulnerability exploited by malware
  • D. cross-site scripting vulnerability to backdoor server


Answer : C

Refer to the exhibit. What is occurring in this packet capture?


  • A. TCP port scan
  • B. TCP flood
  • C. DNS flood
  • D. DNS tunneling


Answer : B

DRAG DROP -
Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.
Select and Place:




Answer :


Refer to the exhibit. What is the threat in this Wireshark traffic capture?

  • A. A high rate of SYN packets being sent from multiple sources toward a single destination IP
  • B. A flood of ACK packets coming from a single source IP to multiple destination IPs
  • C. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
  • D. A flood of SYN packets coming from a single source IP to a single destination IP


Answer : D

An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?

  • A. data clustering
  • B. data regression
  • C. data ingestion
  • D. data obfuscation


Answer : A

Page:    1 / 7   
Total 100 questions