Free Performing CyberOps Using Core Security Technologies (CBRCOR) Exam 350-201 Exam Practice Test

An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?A . Disable memory limit.B . Disable CPU threshold trap toward the SNMP server.C . Enable memory tracing notifications.D . Enable memory threshold notifications.

An engineer is analyzing a possible compromise that happened a week ago when the company ? (Choose two.)A . firewallB . WiresharkC . autopsyD . SHA512E . IPS

A company launched an e-commerce website with multiple points of sale through internal and external e- stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?A . Mask PAN numbersB . Encrypt personal dataC . Encrypt accessD . Mask sales details

An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)A . domain belongs to a competitorB . log in during non-working hoursC . email forwarding to an external domainD . log in from a first-seen countryE . increased number of sent mails

Which action should be taken when the HTTP response code 301 is received from a web application?A . Update the cached header metadata.B . Confirm the resource's location.C . Increase the allowed user limit.D . Modify the session timeout setting.

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?A . Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.B . Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.C . Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.D . Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?A . Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.B . Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.C . Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.D . Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?A . data clusteringB . data regressionC . data ingestionD . data obfuscation

An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?A . Run the program through a debugger to see the sequential actionsB . Unpack the file in a sandbox to see how it reactsC . Research the malware online to see if there are noted findingsD . Disassemble the malware to understand how it was constructed

The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?A . Determine the assets to which the attacker has accessB . Identify assets the attacker handled or acquiredC . Change access controls to high risk assets in the enterpriseD . Identify movement of the attacker in the enterprise