350-201 Practice Exam Questions with Answers Performing CyberOps Using Core Security Technologies (CBRCOR) Certification

Continuous delivery is a software development approach that enables teams to produce software in short cycles, ensuring that the software can be reliably released at any time. It aims to build, test, and release software with greater speed and frequency. This approach helps in closing feedback loops and enables teams to quickly apply patches, making it ideal for situations where code updates need to reach the market as often as possible

At this stage of a ransomware attack, where the ransomware is installed and calling back to its command and control server, an endpoint security solution is needed to mitigate the attack. Endpoint security solutions can detect and respond to threats at the device level, isolate infected machines, and prevent the spread of ransomware within the network4.

When there is a significant load of network activity from locations outside the organization’s service area, especially at unusual times, it is important to investigate the nature of this traffic. The engineer should review the logs from network monitoring tools like StealthWatch or SIEM to identify the access points through which the traffic is coming. Understanding the services being accessed during these hours and cross-correlating with other source events can help in determining whether the activity is legitimate or if it indicates a potential security threat1

In the context of Cisco Secure Network Analytics (formerly known as Stealthwatch) and ISE (Identity Services Engine), pxGrid (Platform Exchange Grid) is used for sharing context-aware information across different security tools toenable rapid threat containment. When a malware-infected endpoint is detected, Cisco Secure Network Analytics can communicate with ISE using pxGrid to signal the need for quarantine. This allows ISE to place the infected endpoint into a designated quarantine VLAN using an Adaptive Network Control policy, effectively isolating the threat and preventing it from spreading through the network.

References:

Cisco’s guide on pxGrid

Cisco’s solution overview on Rapid Threat Containment

The bash command grep -i “yellow” colors.txt will print all lines from the “colors.txt” file containing the non case-sensitive pattern “Yellow”. The -i option in the grep command is used to ignore case distinctions in both the pattern and the input files, allowing it to match both “Yellow”, “yellow”, “YELLOW”, etc.

Wireshark decrypts TLS network traffic by using a key log file that contains per-session secrets1. This method is effective even when Diffie-Hellman (DH) key exchange is used, which is common in modern encrypted communications. The key log file is typically generated by applications like web browserswhen the SSLKEYLOGFILE environment variable is set. This file records the necessary per-session secrets that Wireshark can then use to decrypt the traffic1.

It’s important to note that while this method is universal and works across different TLS versions, including TLS 1.3, other methods such as using an RSA private key are limited to certain conditions and do not work with TLS 1.3 or when (EC)DHE cipher suites are selected1. Therefore, the key log file method is the most reliable and widely applicable approach for decrypting TLS in Wireshark.

One limitation of cyber security risk insurance is that it often does not cover the costs of damage done by third parties as a result of a cyber attack. This can include damages that result from the actions of partners, suppliers, or other external entities affected by the attack

 To prevent a security breach exploiting the Netlogon Remote Protocol vulnerability from reoccurring, the incident response team should implement a patch management process and apply existing patches to the company servers5. Patch management ensures that all systems are up-to-date with the latest security patches, which can prevent known vulnerabilities from being exploited6. Applying existing patches is a critical step in securing systems against identified threats, such as the Netlogon Remote Protocol vulnerability5.

To prevent similar incidents in the future, engineers should configure shorter timeout periods to reduce the number of inactive sessions that can accumulate and potentially crash the system. Additionally, determining API rate-limiting requirements will help control the spike of API call requests by limiting the number of calls a user can make within a given time frame, thus preventing overloading the system

Following behavioral analysis in a controlled laboratory, the next step in the malware analysis process is to perform static and dynamic code analysis of the specimen. Static analysis involves examining the malware without executing it, while dynamic analysis involves observing the malware’s behavior in a controlled environment. These analyses provide deeper insights into the malware’s capabilities and intentions2.

The type of attack described, where users are redirected to a malicious website instead of the intended company website, is known as Domain Name System (DNS) poisoning. This attack involves corrupting the DNS cache with incorrect information,leading users to fraudulent websites even when they enter the correct domain name. This can be used to collect sensitive personal data from unsuspecting users.

To resolve the issue of a denial of service condition triggered by a remote attacker using SNMPv2, the ports associated with SNMP should be disabled. Ports UDP 161 and UDP 162 are used by SNMP for sending and receiving requests. Disabling these ports can prevent the attacker from exploiting the vulnerability associated with the ciscoFlashMIB OID on the affected device. It’s important to note that simply disabling SNMPv2 (option A) without addressing the specific ports may not fully mitigate the risk, and TCP small services (option B) and UDP small services (option D) are not directly related to SNMP traffic.

The browser page rendering permissions are displayed in the HTTP response header named x-frame-options. This header is used to control whether a browser should be allowed to render a page in a ,