Exam Questions and Answers for 350-201 Study Guide Questions and Answers! [Q67-Q86]

Share

Exam Questions and Answers for  350-201 Study Guide Questions and Answers!

Performing CyberOps Using Cisco Security Technologies Certification Sample Questions and Practice Exam

NEW QUESTION 67
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases

 

NEW QUESTION 68
Refer to the exhibit.

An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?

  • A. The file is redirecting users to a website that requests privilege escalations from the user.
  • B. The file is redirecting users to a website that harvests cookies and stored account information.
  • C. The file is redirecting users to a website that is determining users' geographic location.
  • D. The file is redirecting users to the website that is downloading ransomware to encrypt files.

Answer: C

 

NEW QUESTION 69

Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

  • A. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality
  • B. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine
  • C. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
  • D. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation

Answer: D

 

NEW QUESTION 70
A threat actor has crafted and sent a spear-phishing email with what appears to be a trustworthy link to the site of a conference that an employee recently attended. The employee clicked the link and was redirected to a malicious site through which the employee downloaded a PDF attachment infected with ransomware. The employee opened the attachment, which exploited vulnerabilities on the desktop. The ransomware is now installed and is calling back to its command and control server. Which security solution is needed at this stage to mitigate the attack?

  • A. web security solution
  • B. network security solution
  • C. email security solution
  • D. endpoint security solution

Answer: B

 

NEW QUESTION 71
Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.

Answer:

Explanation:

 

NEW QUESTION 72
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices.
Which technical architecture must be used?

  • A. DLP for removable data
  • B. DLP for data in motion
  • C. DLP for data in use
  • D. DLP for data at rest

Answer: C

Explanation:
Explanation/Reference: https://www.endpointprotector.com/blog/what-is-data-loss-prevention-dlp/

 

NEW QUESTION 73
Drag and drop the function on the left onto the mechanism on the right.

Answer:

Explanation:

 

NEW QUESTION 74
A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

  • A. Determine if there is internal knowledge of this incident.
  • B. Check incoming and outgoing communications to identify spoofed emails.
  • C. Disconnect the network from Internet access to stop the phishing threats and regain control.
  • D. Engage the legal department to explore action against the competitor that posted the spreadsheet.

Answer: D

 

NEW QUESTION 75
An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?

  • A. Implement restrictions within the VoIP VLANS
  • B. Initiate a triage meeting to acknowledge the vulnerability and its potential impact
  • C. Search for a patch to install from the vendor
  • D. Determine company usage of the affected products

Answer: C

 

NEW QUESTION 76
Which action should be taken when the HTTP response code 301 is received from a web application?

  • A. Update the cached header metadata.
  • B. Increase the allowed user limit.
  • C. Modify the session timeout setting.
  • D. Confirm the resource's location.

Answer: A

 

NEW QUESTION 77
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

  • A. Review the server backup and identify server content and data criticality to assess the intrusion risk
  • B. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
  • C. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
  • D. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

Answer: A

 

NEW QUESTION 78
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  • A. Run the sh command
  • B. Run the who command
  • C. Run the w command
  • D. Run the sudo sysdiagnose command

Answer: D

Explanation:
Explanation/Reference: https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/

 

NEW QUESTION 79

Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

  • A. SNMP and syslog data
  • B. NetFlow and event data
  • C. event data and syslog data
  • D. NetFlow and SNMP

Answer: C

 

NEW QUESTION 80
An engineer is analyzing a possible compromise that happened a week ago when the company database servers unexpectedly went down. The analysis reveals that attackers tampered with Microsoft SQL Server Resolution Protocol and launched a DDoS attack. The engineer must act quickly to ensure that all systems are protected. Which two tools should be used to detect and mitigate this type of future attack? (Choose two.)

  • A. autopsy
  • B. IPS
  • C. Wireshark
  • D. SHA512
  • E. firewall

Answer: C,E

 

NEW QUESTION 81
A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.921.2239.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?

  • A. malware outbreak
  • B. virus outbreak
  • C. DDoS attack
  • D. phishing attack

Answer: A

 

NEW QUESTION 82
An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

Answer:

Explanation:

 

NEW QUESTION 83

Refer to the exhibit. Where does it signify that a page will be stopped from loading when a scripting attack is detected?

  • A. x-content-type-options
  • B. x-test-debug
  • C. x-xss-protection
  • D. x-frame-options

Answer: C

Explanation:
Explanation/Reference: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security- headers-ad-fs

 

NEW QUESTION 84
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

  • A. HIPAA
  • B. COBIT
  • C. FISMA
  • D. PCI DSS

Answer: D

 

NEW QUESTION 85
Refer to the exhibit.

IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

  • A. Tune the count and seconds threshold of the rule
  • B. Set the rule to track the source IP
  • C. Block list of internal IPs from the rule
  • D. Change the rule content match to case sensitive

Answer: D

 

NEW QUESTION 86
......

350-201 certification dumps - CyberOps Professional 350-201 guides - 100% valid: https://www.exams4collection.com/350-201-latest-braindumps.html

100% Pass Your 350-201 at First Attempt with Exams4Collection: https://drive.google.com/open?id=1V5EFlr3WM9mwHiMEbD5LsQYHQoWc04cd