• Home
  • Articles
  • Latest [Oct 04, 2021] Cisco 350-201 Exam Practice Test To Gain Brilliante Result [Q49-Q72]

Latest [Oct 04, 2021] Cisco 350-201 Exam Practice Test To Gain Brilliante Result [Q49-Q72]

Share

Latest [Oct 04, 2021] Cisco 350-201 Exam Practice Test To Gain Brilliante Result

Take a Leap Forward in Your Career by Earning Cisco 350-201

NEW QUESTION 49
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

  • A. Modify the output module rule to "output alert_fast: output filename"
  • B. Modify the alert rule to "output alert_syslog: output log"
  • C. Modify the alert rule to "output alert_syslog: output header"
  • D. Modify the output module rule to "output alert_quick: output filename"

Answer: B

Explanation:
Explanation
Explanation/Reference: https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/249/original/ snort_manual.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%
2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382

 

NEW QUESTION 50
An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

  • A. Discovery, System Network Configuration Discovery, Duqu
  • B. Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu
  • C. Discovery, Remote Services: SMB/Windows Admin Shares, Duqu
  • D. Command and Control, Application Layer Protocol, Duqu

Answer: D

 

NEW QUESTION 51
A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.
What is the next step in handling the incident?

  • A. Perform an antivirus scan on the laptop
  • B. Identify systems or services at risk
  • C. Block the source IP from the firewall
  • D. Identify lateral movement

Answer: B

 

NEW QUESTION 52
An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?

  • A. Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
  • B. Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.
  • C. Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.
  • D. Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.

Answer: C

 

NEW QUESTION 53
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

  • A. Inform the incident response team by enabling an automated email response when the rule is triggered.
  • B. Inform the user by enabling an automated email response when the rule is triggered.
  • C. Create an automation script for blocking URLs on the firewall when the rule is triggered.
  • D. Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.

Answer: D

 

NEW QUESTION 54
Refer to the exhibit.

Based on the detected vulnerabilities, what is the next recommended mitigation step?

  • A. Evaluate service disruption and associated risk before prioritizing patches.
  • B. Perform root cause analysis for all detected vulnerabilities.
  • C. Temporarily shut down unnecessary services until patch deployment ends.
  • D. Remediate all vulnerabilities with descending CVSS score order.

Answer: B

 

NEW QUESTION 55
An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

  • A. Configure reverse port forwarding on the IPS
  • B. Move the IPS to after the firewall facing the internal network
  • C. Move the IPS to before the firewall facing the outside network
  • D. Configure the proxy service on the IPS

Answer: D

 

NEW QUESTION 56
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

  • A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
  • B. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
  • C. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
  • D. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

Answer: D

 

NEW QUESTION 57
Refer to the exhibit.

IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

  • A. Tune the count and seconds threshold of the rule
  • B. Set the rule to track the source IP
  • C. Block list of internal IPs from the rule
  • D. Change the rule content match to case sensitive

Answer: D

 

NEW QUESTION 58
A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)

  • A. Automate server-side error reporting for customers.
  • B. Configure shorter timeout periods.
  • C. Implement API key maintenance.
  • D. Decrease simultaneous API responses.
  • E. Determine API rate-limiting requirements.

Answer: A,E

 

NEW QUESTION 59
A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company- owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

  • A. Communicate with the contractor to identify the motives.
  • B. Escalate to contractor's manager.
  • C. Report to the incident response team.
  • D. Measure confidentiality level of downloaded documents.

Answer: C

 

NEW QUESTION 60
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

  • A. Modify the output module rule to "output alert_fast: output filename"
  • B. Modify the alert rule to "output alert_syslog: output log"
  • C. Modify the alert rule to "output alert_syslog: output header"
  • D. Modify the output module rule to "output alert_quick: output filename"

Answer: B

Explanation:
Reference:
%2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382

 

NEW QUESTION 61
A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

  • A. Identify the attack vector and update the IDS signature list
  • B. Determine the systems involved and deploy available patches
  • C. Review access lists and require users to increase password complexity
  • D. Analyze event logs and restrict network access

Answer: D

 

NEW QUESTION 62
An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?

  • A. Implement restrictions within the VoIP VLANS
  • B. Initiate a triage meeting to acknowledge the vulnerability and its potential impact
  • C. Search for a patch to install from the vendor
  • D. Determine company usage of the affected products

Answer: C

 

NEW QUESTION 63
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

  • A. report of staff members with asset relations
  • B. malware analysis report
  • C. key assets and executives
  • D. asset vulnerability assessment
  • E. incident response playbooks

Answer: B,D

 

NEW QUESTION 64
An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

  • A. Request that the purchasing department creates and sends the payments manually
  • B. Utilize the SaaS tool team to gather more information on the potential breach
  • C. Organize a meeting to discuss the services that may be affected
  • D. Contact the incident response team to inform them of a potential breach

Answer: B

 

NEW QUESTION 65

Refer to the exhibit. Where does it signify that a page will be stopped from loading when a scripting attack is detected?

  • A. x-content-type-options
  • B. x-test-debug
  • C. x-xss-protection
  • D. x-frame-options

Answer: C

Explanation:
Explanation/Reference: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security- headers-ad-fs

 

NEW QUESTION 66
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Answer:

Explanation:

 

NEW QUESTION 67
A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

  • A. event severity and likelihood
  • B. assessment scope
  • C. incident response playbook
  • D. risk model framework

Answer: D

 

NEW QUESTION 68

Refer to the exhibit. An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

  • A. Deploy IDS within sensitive areas and continuously update signatures
  • B. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
  • C. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses
  • D. Deploy a SOAR solution and correlate log alerts from customer zones

Answer: B

 

NEW QUESTION 69

Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?

  • A. There is a malware that is communicating via encrypted channels to the command and control server
  • B. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
  • C. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
  • D. There is a possible data leak because payloads should be encoded as UTF-8 text

Answer: D

 

NEW QUESTION 70
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Answer:

Explanation:

 

NEW QUESTION 71
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  • A. Run the sh command
  • B. Run the who command
  • C. Run the w command
  • D. Run the sudo sysdiagnose command

Answer: D

 

NEW QUESTION 72
......

Authentic Best resources for 350-201 Online Practice Exam: https://www.validdumps.top/350-201-exam-torrent.html

Updates Up to 365 days On Developing 350-201 Braindumps: https://drive.google.com/open?id=1JKBlacFTK2zb3-GHYJUCS8_maSFGDZR3

Related Articles

more
Cisco 350-201 Certification Practice Exam