Cisco 350-201 Exam Dumps [2023] Practice Valid Exam Dumps Question [Q77-Q102]

Share

Cisco 350-201 Exam Dumps [2023] Practice Valid Exam Dumps Question

350-201 Dumps - Grab Out For [NEW-2023] Cisco Exam

NEW QUESTION # 77
What is the difference between process orchestration and automation?

  • A. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
  • B. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.
  • C. Orchestration arranges the tasks, while automation arranges processes.
  • D. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.

Answer: A


NEW QUESTION # 78
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

  • A. Update software to patch third-party software
  • B. Validate CSRF by executing exploits within Metasploit
  • C. Fix applications according to the risk scores
  • D. Identify the business applications running on the assets

Answer: C


NEW QUESTION # 79
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Answer:

Explanation:


NEW QUESTION # 80
Refer to the exhibit.

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

  • A. An attacker can read or change data.
  • B. An attacker can modify the access logs.
  • C. An attacker can transfer data to an external server.
  • D. An attacker can initiate a DoS attack.

Answer: D


NEW QUESTION # 81
An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?

  • A. ConnectToSuspiciousDomain.ioc
  • B. W32 AccesschkUtility.ioc
  • C. ExecutedMalware.ioc
  • D. Crossrider.ioc

Answer: B


NEW QUESTION # 82
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

  • A. asset vulnerability assessment
  • B. incident response playbooks
  • C. report of staff members with asset relations
  • D. malware analysis report
  • E. key assets and executives

Answer: A,D

Explanation:
Explanation/Reference: https://cloudogre.com/risk-assessment/


NEW QUESTION # 83
An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

Answer:

Explanation:


NEW QUESTION # 84
A security architect in an automotive factory is working on the Cyber Security Management System and is implementing procedures and creating policies to prevent attacks. Which standard must the architect apply?

  • A. IEC62446
  • B. IEC62439-2
  • C. IEC62439-3
  • D. IEC62443

Answer: D


NEW QUESTION # 85
The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

  • A. Unpack the specimen and perform memory forensics.
  • B. Document findings and clean-up the laboratory.
  • C. Contain the subnet in which the suspicious file was found.
  • D. Perform static and dynamic code analysis of the specimen.

Answer: A


NEW QUESTION # 86
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: E


NEW QUESTION # 87
An organization installed a new application server for IP phones. An automated process fetched user credentials from the Active Directory server, and the application will have access to on-premises and cloud services. Which security threat should be mitigated first?

  • A. exfiltration during data transfer
  • B. data exposure from backups
  • C. aligning access control policies
  • D. attack using default accounts

Answer: A


NEW QUESTION # 88
Drag and drop the function on the left onto the mechanism on the right.

Answer:

Explanation:


NEW QUESTION # 89
Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon - Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

  • A. data theft
  • B. elevation of privileges
  • C. malware break
  • D. denial-of-service

Answer: B


NEW QUESTION # 90
An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

  • A. Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu
  • B. Command and Control, Application Layer Protocol, Duqu
  • C. Discovery, Remote Services: SMB/Windows Admin Shares, Duqu
  • D. Discovery, System Network Configuration Discovery, Duqu

Answer: B


NEW QUESTION # 91

Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company's user creation policy:
* minimum length: 3
* usernames can only use letters, numbers, dots, and underscores
* usernames cannot begin with a number
The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?

  • A. modify code to return error on restrictions def return false_user(username, minlen)
  • B. automate the restrictions def automate_user(username, minlen)
  • C. validate the restrictions, def validate_user(username, minlen)
  • D. modify code to force the restrictions, def force_user(username, minlen)

Answer: B


NEW QUESTION # 92
Refer to the exhibit. Which indicator of compromise is represented by this STIX?

  • A. website redirecting traffic to ransomware server
  • B. website hosting malware to download files
  • C. cross-site scripting vulnerability to backdoor server
  • D. web server vulnerability exploited by malware

Answer: D


NEW QUESTION # 93
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases


NEW QUESTION # 94
Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Answer:

Explanation:

Reference:
https://www.securitymetrics.com/blog/6-phases-incident-response-plan


NEW QUESTION # 95
What is needed to assess risk mitigation effectiveness in an organization?

  • A. updated list of vulnerable systems
  • B. compliance with security standards
  • C. cost-effectiveness of control measures
  • D. analysis of key performance indicators

Answer: C


NEW QUESTION # 96
An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?
#!/usr/bin/python import sys import requests

  • A. {1}, {3}
  • B. console_ip, api_token
  • C. console_ip, reference_set_name
  • D. {1}, {2}

Answer: B


NEW QUESTION # 97
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  • A. Run the sudo sysdiagnose command
  • B. Run the w command
  • C. Run the who command
  • D. Run the sh command

Answer: A

Explanation:
Explanation/Reference: https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/


NEW QUESTION # 98
How does Wireshark decrypt TLS network traffic?

  • A. with a key log file using per-session secrets
  • B. using an RSA public key
  • C. by observing DH key exchange
  • D. by defining a user-specified decode-as

Answer: A

Explanation:
Explanation/Reference: https://wiki.wireshark.org/TLS


NEW QUESTION # 99
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

  • A. Analyze the components of the infected hosts and associated business services.
  • B. Scan the network to identify unknown assets and the asset owners.
  • C. Analyze the impact of the malware and contain the artifacts.
  • D. Scan the host with updated signatures and remove temporary containment.

Answer: A


NEW QUESTION # 100
A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

  • A. Create a follow-up report based on the incident documentation.
  • B. Perform a vulnerability assessment to find existing vulnerabilities.
  • C. Eradicate malicious software from the infected machines.
  • D. Collect evidence and maintain a chain-of-custody during further analysis.

Answer: D


NEW QUESTION # 101
Refer to the exhibit.

Where are the browser page rendering permissions displayed?

  • A. x-test-debug
  • B. x-xss-protection
  • C. x-content-type-options
  • D. x-frame-options

Answer: C


NEW QUESTION # 102
......

350-201 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions: https://www.exams4collection.com/350-201-latest-braindumps.html

Pass 350-201 Exam - Real Test Engine PDF with 141 Questions: https://drive.google.com/open?id=1V5EFlr3WM9mwHiMEbD5LsQYHQoWc04cd