350-201 PDF Dumps Jan 11, 2022 Exam Questions – Valid 350-201 Dumps [Q66-Q91]

Share

350-201 PDF Dumps Jan 11, 2022 Exam Questions – Valid 350-201 Dumps

Ultimate 350-201 Guide to Prepare Free Latest Cisco Practice Tests Dumps


Processes – 30%

  • Performing dynamic malware analysis with the use of a sandbox environment;
  • Applying the concepts & sequence of steps in the malware analysis process;
  • Defining Indicators of Compromise & Indicators of Attack;
  • Performing static malware analysis;
  • Knowing the steps required to investigate the potential endpoint intrusion across a variety of platform types;
  • Identifying the need for the additional static malware analysis;
  • Recommending the general mitigation steps to address any vulnerability issues;
  • Determining Indicators of Compromise in a sandbox environment.
  • Performing reverse engineering;

 

NEW QUESTION 66
A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.
What is the next step in handling the incident?

  • A. Identify systems or services at risk
  • B. Perform an antivirus scan on the laptop
  • C. Block the source IP from the firewall
  • D. Identify lateral movement

Answer: A

 

NEW QUESTION 67

Refer to the exhibit. What is the threat in this Wireshark traffic capture?

  • A. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
  • B. A high rate of SYN packets being sent from multiple sources toward a single destination IP
  • C. A flood of ACK packets coming from a single source IP to multiple destination IPs
  • D. A flood of SYN packets coming from a single source IP to a single destination IP

Answer: D

 

NEW QUESTION 68
A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time. What is the first step the analyst should take to address this incident?

  • A. Contact the third-party handling provider to respond to the incident as critical
  • B. Turn off all access to the patient portal to secure patient records
  • C. Review system and application logs to identify errors in the portal code
  • D. Evaluate visibility tools to determine if external access resulted in tampering

Answer: B

 

NEW QUESTION 69
An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?

  • A. continuous monitoring
  • B. continuous delivery
  • C. continuous deployment
  • D. continuous integration

Answer: B

 

NEW QUESTION 70

Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

  • A. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
  • B. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine
  • C. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality
  • D. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation

Answer: D

 

NEW QUESTION 71
Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon - Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

  • A. denial-of-service
  • B. malware break
  • C. elevation of privileges
  • D. data theft

Answer: C

 

NEW QUESTION 72
A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities.
Which additional element is needed to calculate the risk?

  • A. incident response playbook
  • B. risk model framework
  • C. assessment scope
  • D. event severity and likelihood

Answer: B

 

NEW QUESTION 73
A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)

  • A. Automate server-side error reporting for customers.
  • B. Implement API key maintenance.
  • C. Configure shorter timeout periods.
  • D. Determine API rate-limiting requirements.
  • E. Decrease simultaneous API responses.

Answer: A,D

 

NEW QUESTION 74
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Explanation:

 

NEW QUESTION 75
A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.861.2117.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?

  • A. phishing attack
  • B. malware outbreak
  • C. DDoS attack
  • D. virus outbreak

Answer: B

 

NEW QUESTION 76
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

  • A. Scan the host with updated signatures and remove temporary containment.
  • B. Analyze the components of the infected hosts and associated business services.
  • C. Scan the network to identify unknown assets and the asset owners.
  • D. Analyze the impact of the malware and contain the artifacts.

Answer: B

 

NEW QUESTION 77
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

  • A. PCI DSS
  • B. HIPAA
  • C. COBIT
  • D. FISMA

Answer: A

 

NEW QUESTION 78
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

  • A. Determine the assets to which the attacker has access
  • B. Change access controls to high risk assets in the enterprise
  • C. Identify movement of the attacker in the enterprise
  • D. Identify assets the attacker handled or acquired

Answer: C

 

NEW QUESTION 79
Refer to the exhibit.

Based on the detected vulnerabilities, what is the next recommended mitigation step?

  • A. Perform root cause analysis for all detected vulnerabilities.
  • B. Remediate all vulnerabilities with descending CVSS score order.
  • C. Temporarily shut down unnecessary services until patch deployment ends.
  • D. Evaluate service disruption and associated risk before prioritizing patches.

Answer: A

 

NEW QUESTION 80
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

  • A. Isolate critical hosts from the network
  • B. Perform analysis based on the established risk factors
  • C. Assess the network for unexpected behavior
  • D. Patch detected vulnerabilities from critical hosts

Answer: A

 

NEW QUESTION 81
How does Wireshark decrypt TLS network traffic?

  • A. by defining a user-specified decode-as
  • B. by observing DH key exchange
  • C. using an RSA public key
  • D. with a key log file using per-session secrets

Answer: D

Explanation:
Explanation/Reference: https://wiki.wireshark.org/TLS

 

NEW QUESTION 82
What is the difference between process orchestration and automation?

  • A. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.
  • B. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
  • C. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
  • D. Orchestration arranges the tasks, while automation arranges processes.

Answer: B

 

NEW QUESTION 83
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 84
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: C

 

NEW QUESTION 85
What is the impact of hardening machine images for deployment?

  • A. reduces the attack surface
  • B. increases the availability of threat alerts
  • C. increases the speed of patch deployment
  • D. reduces the steps needed to mitigate threats

Answer: A

 

NEW QUESTION 86
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases

 

NEW QUESTION 87
An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

  • A. Disassemble the malware to understand how it was constructed
  • B. Unpack the file in a sandbox to see how it reacts
  • C. Run the program through a debugger to see the sequential actions
  • D. Research the malware online to see if there are noted findings

Answer: D

 

NEW QUESTION 88
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

  • A. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
  • B. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
  • C. Review the server backup and identify server content and data criticality to assess the intrusion risk
  • D. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

Answer: C

 

NEW QUESTION 89
Refer to the exhibit. What is occurring in this packet capture?

  • A. DNS tunneling
  • B. DNS flood
  • C. TCP port scan
  • D. TCP flood

Answer: D

 

NEW QUESTION 90
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Explanation:

 

NEW QUESTION 91
......

Passing Key To Getting 350-201 Certified Exam Engine PDF: https://www.pass4guide.com/350-201-exam-guide-torrent.html

Get Top-Rated Cisco 350-201 Exam Dumps Now: https://drive.google.com/open?id=17mWvBR7eLMMt29z_QLbVeTCcR668E58S