← Back to exam page

350-201 Performing CyberOps Using Core Security Technologies (CBRCOR)

Loading demo links...

Showing 7–9 of 10 questions

Question 7

A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

Select an option, then click Submit answer.

  • Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.

  • Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

  • Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.

  • Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.
Question 8

A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

Select an option, then click Submit answer.

  • Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

  • Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities

  • Review the server backup and identify server content and data criticality to assess the intrusion risk

  • Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
Question 9

Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?

Select an option, then click Submit answer.

  • chmod 666

  • chmod 774

  • chmod 775

  • chmod 777