[2022] Valid 350-201 test answers & Cisco 350-201 exam pdf [Q40-Q57]

Share

[2022] Valid 350-201 test answers & Cisco 350-201 exam pdf

Verified 350-201 dumps Q&As - Pass Guarantee or Full Refund

NEW QUESTION 40
Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

  • A. delivery
  • B. actions on objectives
  • C. exploitation
  • D. reconnaissance

Answer: A

 

NEW QUESTION 41
An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

Answer:

Explanation:

 

NEW QUESTION 42
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

  • A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
  • B. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
  • C. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
  • D. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

Answer: D

 

NEW QUESTION 43
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 44
The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

  • A. Conduct a risk assessment of systems and applications
  • B. Analyze network traffic on the host's subnet
  • C. Install malware prevention software on the host
  • D. Isolate the infected host from the rest of the subnet

Answer: D

 

NEW QUESTION 45
Refer to the exhibit.

An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?

  • A. Top Conversations
  • B. Top Ports
  • C. Top Peers
  • D. Top Hosts

Answer: D

 

NEW QUESTION 46
Refer to the exhibit.

An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

  • A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
  • B. Deploy IDS within sensitive areas and continuously update signatures
  • C. Deploy a SOAR solution and correlate log alerts from customer zones
  • D. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses

Answer: A

 

NEW QUESTION 47
A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.921.2239.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?

  • A. phishing attack
  • B. malware outbreak
  • C. virus outbreak
  • D. DDoS attack

Answer: B

 

NEW QUESTION 48
An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service are a. What are the next steps the engineer must take?

  • A. Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
  • B. Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.
  • C. Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
  • D. Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in Question:, and cross-correlate other source events.

Answer: A

 

NEW QUESTION 49
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?

  • A. PCI-DSS
  • B. GDPR
  • C. HIPAA
  • D. Sarbanes-Oxley

Answer: B

 

NEW QUESTION 50
Refer to the exhibit. What is occurring in this packet capture?

  • A. DNS tunneling
  • B. TCP flood
  • C. TCP port scan
  • D. DNS flood

Answer: B

 

NEW QUESTION 51
A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled. Which activity triggered the behavior analytics tool?

  • A. accessing the Active Directory server
  • B. downloading more than 10 files
  • C. accessing the server with financial data
  • D. accessing multiple servers

Answer: D

 

NEW QUESTION 52
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?

  • A. SNMPv2
  • B. TCP small services
  • C. port UDP 161 and 162
  • D. UDP small services

Answer: A

 

NEW QUESTION 53
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

  • A. Install IPS software
  • B. Perform vulnerability assessment
  • C. Contain the malware
  • D. Determine the escalation path

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 54
Refer to the exhibit. What is the connection status of the ICMP event?

  • A. allowed in the default action
  • B. blocked by an intrusion policy rule
  • C. allowed by a configured access policy rule
  • D. blocked by a configured access policy rule

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 55
Refer to the exhibit.

A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

  • A. firewall manager
  • B. SIEM
  • C. packet sniffer
  • D. malware analysis

Answer: C

 

NEW QUESTION 56
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

  • A. Perform analysis based on the established risk factors
  • B. Isolate critical hosts from the network
  • C. Assess the network for unexpected behavior
  • D. Patch detected vulnerabilities from critical hosts

Answer: B

 

NEW QUESTION 57
......


Understanding valuable and specific pieces of 350-201 CISCO Performing CyberOps Using Cisco Security

The going with will be analyzed in CISCO 350-201 dumps:

  • Techniques
  • Processes
  • Automation
  • Fundamentals

350-201 Exam Questions – Valid 350-201 Dumps Pdf: https://www.exam4labs.com/350-201-practice-torrent.html

350-201 PDF Dumps Recently Updated Questions: https://drive.google.com/open?id=1M7m2WfU2tlSOP6CT2fM24q85H_OD2_0E