CertsTopics Logo

Pre-Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CyberOps Professional 350-201 Updated Exam

Page: 7 / 10
Total 139 questions
Get 350-201 Full Access Download 350-201 PDF

Performing CyberOps Using Core Security Technologies (CBRCOR) Questions and Answers

Question 25

Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

Options:

Question 26

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

Options:

A.

Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period

B.

Create a rule triggered by 1 successful VPN connection from any nondestination country

C.

Create a rule triggered by multiple successful VPN connections from the destination countries

D.

Analyze the logs from all countries related to this user during the traveling period

Question 27

An engineer is analyzing a possible compromise that happened a week ago when the company? (Choose two.)

Options:

A.

firewall

B.

Wireshark

C.

autopsy

D.

SHA512

E.

IPS

Question 28

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?

Options:

A.

Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

B.

Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

C.

Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

D.

Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

Page: 7 / 10
Total 139 questions
Get 350-201 Full Access Download 350-201 PDF