← Back to exam page

350-201 Performing CyberOps Using Core Security Technologies (CBRCOR)

Loading demo links...

Showing 4–6 of 10 questions

Question 4

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)

Select all that apply, then click Submit answer.

  • Implement a patch management process.

  • Scan the company server files for known viruses.

  • Apply existing patches to the company servers.

  • Automate antivirus scans of the company servers.

  • Define roles and responsibilities in the incident response playbook.
Question 5

Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non-secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

Select all that apply, then click Submit answer.

  • Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.

  • Identify who installed the application by reviewing the logs and gather a user access log from the HR department.

  • Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.

  • Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.
Question 6

Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

Select all that apply, then click Submit answer.

  • Evaluate the intrusion detection system alerts to determine the threat source and attack surface.

  • Communicate with employees to determine who opened the link and isolate the affected assets.

  • Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.

  • Review the mail server and proxy logs to identify the impact of a potential breach.

  • Check the email header to identify the sender and analyze the link in an isolated environment.