350-201 Exam Dumps - PDF Questions and Testing Engine [Q70-Q93]

Share

350-201 Exam Dumps - PDF Questions and Testing Engine

350-201 Dumps - The Sure Way To Pass Exam

NEW QUESTION 70
An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight. Which type of compromise is indicated?

  • A. social engineering
  • B. phishing
  • C. dumpster diving
  • D. privilege escalation

Answer: A

 

NEW QUESTION 71
Refer to the exhibit.

An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?

  • A. an archived malware
  • B. a Windows executable file
  • C. a DOS MZ executable format
  • D. a MS-DOS executable archive

Answer: B

 

NEW QUESTION 72
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

  • A. Contain the malware
  • B. Install IPS software
  • C. Perform vulnerability assessment
  • D. Determine the escalation path

Answer: C

 

NEW QUESTION 73
Refer to the exhibit.

Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)

  • A. Create an ACL on the firewall to allow only external connections
  • B. Move the webserver to the internal network
  • C. Create an ACL on the firewall to allow only TLS 1.3
  • D. Implement a proxy server in the DMZ network

Answer: B,D

 

NEW QUESTION 74
Refer to the exhibit.

Which data format is being used?

  • A. CSV
  • B. JSON
  • C. HTML
  • D. XML

Answer: C

 

NEW QUESTION 75
Refer to the exhibit.

An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim's spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address. Which action does the engineer recommend?

  • A. Use command ip verify reverse-path interface
  • B. Use logging trap 6
  • C. Use global configuration command service tcp-keepalives-out
  • D. Use subinterface command no ip directed-broadcast

Answer: A

 

NEW QUESTION 76
Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

  • A. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine
  • B. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation
  • C. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
  • D. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality

Answer: B

 

NEW QUESTION 77
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

  • A. compromised network
  • B. compromised database tables
  • C. compromised insider
  • D. compromised root access

Answer: A

 

NEW QUESTION 78
Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 79
An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

  • A. Inform the product security incident response team to investigate further
  • B. Inform the computer security incident response team to investigate further
  • C. Analyze environmental threats and causes
  • D. Analyze the precursors and indicators

Answer: D

 

NEW QUESTION 80
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Answer:

Explanation:

 

NEW QUESTION 81
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?

  • A. TCP small services
  • B. UDP small services
  • C. port UDP 161 and 162
  • D. SNMPv2

Answer: D

 

NEW QUESTION 82
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

  • A. Conduct penetration testing
  • B. Perform awareness testing
  • C. Perform a vulnerability assessment
  • D. Conduct a data protection impact assessment

Answer: D

 

NEW QUESTION 83

Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

  • A. reconnaissance
  • B. exploitation
  • C. delivery
  • D. actions on objectives

Answer: C

Explanation:
Explanation/Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-july2017.pdf

 

NEW QUESTION 84
Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Answer:

Explanation:

Reference:
https://www.securitymetrics.com/blog/6-phases-incident-response-plan

 

NEW QUESTION 85
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?

  • A. IaaS
  • B. SaaS
  • C. PaaS
  • D. DaaS

Answer: A

 

NEW QUESTION 86
An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

  • A. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts
  • B. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
  • C. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
  • D. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats

Answer: D

 

NEW QUESTION 87
Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

  • A. reconnaissance
  • B. exploitation
  • C. delivery
  • D. actions on objectives

Answer: C

 

NEW QUESTION 88
Refer to the exhibit.

For IP 192.168.1.209, what are the risk level, activity, and next step?

  • A. high risk level, anomalous periodic communication, quarantine with antivirus
  • B. critical risk level, data exfiltration, isolate the device
  • C. critical risk level, malicious server IP, run in a sandboxed environment
  • D. high risk level, malicious host, investigate further

Answer: A

 

NEW QUESTION 89
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Answer:

Explanation:

 

NEW QUESTION 90
Refer to the exhibit.

An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?

  • A. Top Peers
  • B. Top Hosts
  • C. Top Conversations
  • D. Top Ports

Answer: B

 

NEW QUESTION 91
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

  • A. The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.
  • B. The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.
  • C. The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.
  • D. The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.

Answer: A

 

NEW QUESTION 92
Refer to the exhibit.

Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

  • A. NetFlow and SNMP
  • B. NetFlow and event data
  • C. event data and syslog data
  • D. SNMP and syslog data

Answer: C

 

NEW QUESTION 93
......

Pass Cisco 350-201 Exam Quickly With ActualCollection: https://www.actualcollection.com/350-201-exam-questions.html

350-201 Exam Questions (Updated 2022) 100% Real Question Answers: https://drive.google.com/open?id=1lO1fMq9DUNK4-or8atufA9buMABV698F