Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

PDF 350-201 Study Guide

Previous
Page: 2 / 4
Next
Question 8

An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

Options:

A.

Move the IPS to after the firewall facing the internal network

B.

Move the IPS to before the firewall facing the outside network

C.

Configure the proxy service on the IPS

D.

Configure reverse port forwarding on the IPS

Question 9

According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

Options:

A.

Perform a vulnerability assessment

B.

Conduct a data protection impact assessment

C.

Conduct penetration testing

D.

Perform awareness testing

Question 10

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

Options:

A.

Assess the network for unexpected behavior

B.

Isolate critical hosts from the network

C.

Patch detected vulnerabilities from critical hosts

D.

Perform analysis based on the established risk factors

Question 11

How is a SIEM tool used?

Options:

A.

To collect security data from authentication failures and cyber attacks and forward it for analysis

B.

To search and compare security data against acceptance standards and generate reports for analysis

C.

To compare security alerts against configured scenarios and trigger system responses

D.

To collect and analyze security data from network devices and servers and produce alerts

Previous
Page: 2 / 4
Next
PDF 350-201 Study Guide, CyberOps Professional 350-201 Full Course Free, Pass Using 350-201 Exam Dumps,
Exam Code: 350-201
Exam Name: Performing CyberOps Using Core Security Technologies (CBRCOR)
Last Update: Apr 26, 2024
Questions: 139
350-201 pdf

350-201 PDF

$31.5  $90
 Add to Cart
350-201 Engine

350-201 Testing Engine

$36.75  $105
 Add to Cart
350-201 PDF + Engine

350-201 PDF + Testing Engine

$49  $140
 Add to Cart