New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Cisco Updated 350-201 Exam Questions and Answers by rebeca

Page: 10 / 10

Cisco 350-201 Exam Overview :

Exam Name: Performing CyberOps Using Core Security Technologies (CBRCOR)
Exam Code: 350-201 Dumps
Vendor: Cisco Certification: CyberOps Professional
Questions: 139 Q&A's Shared By: rebeca
Question 40

A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

Options:

A.

Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.

B.

Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

C.

Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.

D.

Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

Discussion
Question 41

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization’s service area. What are the next steps the engineer must take?

Options:

A.

Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

B.

Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

C.

Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in QUESTION NO:, and cross-correlate other source events.

D.

Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Discussion
Page: 10 / 10

350-201
PDF

$40.25  $114.99

350-201 Testing Engine

$47.25  $134.99

350-201 PDF + Testing Engine

$61.25  $174.99