Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

CyberOps Professional 350-201 Full Course Free

Previous
Page: 3 / 4
Next
Question 12

An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?

Options:

A.

ExecutedMalware.ioc

B.

Crossrider.ioc

C.

ConnectToSuspiciousDomain.ioc

D.

W32 AccesschkUtility.ioc

Question 13

Refer to the exhibit.

An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

Options:

A.

The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.

B.

The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.

C.

The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.

D.

The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

Question 14

A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

Options:

A.

Allow list only authorized hosts to contact the application’s IP at a specific port.

B.

Allow list HTTP traffic through the corporate VLANS.

C.

Allow list traffic to application’s IP from the internal network at a specific port.

D.

Allow list only authorized hosts to contact the application’s VLAN.

Question 15

Which action should be taken when the HTTP response code 301 is received from a web application?

Options:

A.

Update the cached header metadata.

B.

Confirm the resource’s location.

C.

Increase the allowed user limit.

D.

Modify the session timeout setting.

Previous
Page: 3 / 4
Next
PDF 350-201 Study Guide, CyberOps Professional 350-201 Full Course Free, Pass Using 350-201 Exam Dumps,
Exam Code: 350-201
Exam Name: Performing CyberOps Using Core Security Technologies (CBRCOR)
Last Update: Apr 18, 2024
Questions: 139
350-201 pdf

350-201 PDF

$36  $90
 Add to Cart
350-201 Engine

350-201 Testing Engine

$42  $105
 Add to Cart
350-201 PDF + Engine

350-201 PDF + Testing Engine

$56  $140
 Add to Cart