350-201 Practice Dumps - Verified By TorrentValid Updated 141 Questions [Q55-Q77]

Share

350-201 Practice Dumps - Verified By TorrentValid Updated 141 Questions

Updated 350-201 Exam Dumps - PDF Questions and Testing Engine

NEW QUESTION # 55
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

  • A. Allow list only authorized hosts to contact the application's VLAN.
  • B. Allow list only authorized hosts to contact the application's IP at a specific port.
  • C. Allow list HTTP traffic through the corporate VLANS.
  • D. Allow list traffic to application's IP from the internal network at a specific port.

Answer: B

Explanation:
When dealing with an outdated application in a private VLAN, the IPS should be tuned to allow list only authorized hosts to contact the application's IP at a specific port. This ensures that only known and trusted entities can communicate with the application, reducing the risk of unauthorized access or data leakage3.


NEW QUESTION # 56

Refer to the exhibit. What results from this script?

  • A. Seeds for existing domains are checked
  • B. Domains are compared to seed rules
  • C. A list of domains as seeds is blocked
  • D. A search is conducted for additional seeds

Answer: D


NEW QUESTION # 57
A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time. What is the first step the analyst should take to address this incident?

  • A. Review system and application logs to identify errors in the portal code
  • B. Turn off all access to the patient portal to secure patient records
  • C. Evaluate visibility tools to determine if external access resulted in tampering
  • D. Contact the third-party handling provider to respond to the incident as critical

Answer: B


NEW QUESTION # 58
What is needed to assess risk mitigation effectiveness in an organization?

  • A. analysis of key performance indicators
  • B. cost-effectiveness of control measures
  • C. updated list of vulnerable systems
  • D. compliance with security standards

Answer: A


NEW QUESTION # 59
What is a principle of Infrastructure as Code?

  • A. Comprehensive initial designs support robust systems
  • B. System maintenance is delegated to software systems
  • C. System downtime is grouped and scheduled across the infrastructure
  • D. Scripts and manual configurations work together to ensure repeatable routines

Answer: A


NEW QUESTION # 60
A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled. Which activity triggered the behavior analytics tool?

  • A. accessing the server with financial data
  • B. accessing the Active Directory server
  • C. downloading more than 10 files
  • D. accessing multiple servers

Answer: C

Explanation:
The behavior analytics tool was likely triggered by the action of downloading more than 10 files. Behavior analytics tools, such as User and Entity Behavior Analytics (UEBA), are designed to detect anomalous behavior that deviates from a user's normal activity patterns. In this scenario, the downloading of a large number of files in a short period is an unusual activity that could indicate a data exfiltration attempt. This is especially true if the baseline or normal behavior for the administrator account does not include frequent bulk file downloads. The sudden spike in file download activity would be flagged by the behavior analytics tool as potentially malicious, leading to the disconnection of the session and the disabling of the administrator's account to prevent further unauthorized access or data loss.


NEW QUESTION # 61
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases


NEW QUESTION # 62
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

  • A. Modify the output module rule to "output alert_quick: output filename"
  • B. Modify the output module rule to "output alert_fast: output filename"
  • C. Modify the alert rule to "output alert_syslog: output header"
  • D. Modify the alert rule to "output alert_syslog: output log"

Answer: D

Explanation:
Reference:
%2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382


NEW QUESTION # 63
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?

  • A. SNMPv2
  • B. port UDP 161 and 162
  • C. UDP small services
  • D. TCP small services

Answer: B

Explanation:
To resolve the issue of a denial of service condition triggered by a remote attacker using SNMPv2, the ports associated with SNMP should be disabled. Ports UDP 161 and UDP 162 are used by SNMP for sending and receiving requests. Disabling these ports can prevent the attacker from exploiting the vulnerability associated with the ciscoFlashMIB OID on the affected device. It's important to note that simply disabling SNMPv2 (option A) without addressing the specific ports may not fully mitigate the risk, and TCP small services (option B) and UDP small services (option D) are not directly related to SNMP traffic.


NEW QUESTION # 64
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?

  • A. Sarbanes-Oxley
  • B. GDPR
  • C. PCI-DSS
  • D. HIPAA

Answer: B

Explanation:
Explanation/Reference: https://www.thesslstore.com/blog/10-data-privacy-and-encryption-laws-every-business-needs-to- know/


NEW QUESTION # 65
Refer to the exhibit.

What is the threat in this Wireshark traffic capture?

  • A. A high rate of SYN packets being sent from multiple sources toward a single destination IP
  • B. A flood of SYN packets coming from a single source IP to a single destination IP
  • C. A flood of ACK packets coming from a single source IP to multiple destination IPs
  • D. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs

Answer: B

Explanation:
The Wireshark traffic capture exhibits a pattern where a single source IP address is sending a series of SYN packets to a single destination IP address. This pattern is indicative of a SYN flood attack, which is a form of Denial-of-Service (DoS) attack. In a SYN flood attack, the attacker exploits the TCP handshake mechanism by sending a flood of SYN packets to the target's IP address. Theattacker does not complete the handshake with an ACK after receiving a SYN-ACK from the server, leaving connections half-open and eventually exhausting the server's resources, which can lead to denial of service.
References:
* The Cisco CyberOps curriculum, particularly the courses on Performing CyberOps Using Cisco Security Technologies (CBRCOR), would cover the identification and analysis of network threats, including SYN flood attacks.
* Cisco's official certification resources for the CyberOps Associate level would provide detailed information on various network threats and how to mitigate them, including the mechanisms of a SYN flood attack.


NEW QUESTION # 66
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: C

Explanation:
Explanation
Explanation/Reference: https://airbrake.io/blog/http-errors/401-unauthorized-error#:~:text=The%20401%20Unauthorized%
20Error%20is,client%20could%20not%20be%20authenticated.


NEW QUESTION # 67
What is the difference between process orchestration and automation?

  • A. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
  • B. Orchestration arranges the tasks, while automation arranges processes.
  • C. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
  • D. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.

Answer: D

Explanation:
Automation refers to the configuration of a single process or a small number of related tasks to run without human intervention. Orchestration, on the other hand, involves managing multiple automated tasks to create a dynamic workflow. While automation focuses on making individual tasks more efficient, orchestration looks at the bigger picture to optimize a series of tasks that make up a process


NEW QUESTION # 68
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Explanation:


NEW QUESTION # 69
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

  • A. Scan the host with updated signatures and remove temporary containment.
  • B. Scan the network to identify unknown assets and the asset owners.
  • C. Analyze the components of the infected hosts and associated business services.
  • D. Analyze the impact of the malware and contain the artifacts.

Answer: C


NEW QUESTION # 70
Which action should be taken when the HTTP response code 301 is received from a web application?

  • A. Increase the allowed user limit.
  • B. Modify the session timeout setting.
  • C. Update the cached header metadata.
  • D. Confirm the resource's location.

Answer: C


NEW QUESTION # 71
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

  • A. Change access controls to high risk assets in the enterprise
  • B. Identify movement of the attacker in the enterprise
  • C. Identify assets the attacker handled or acquired
  • D. Determine the assets to which the attacker has access

Answer: B

Explanation:
When an unauthorized person gains access to a secured premise, the immediate step is to understand the extent of the breach. This involves tracking the movement of the attacker within the enterprise to determine which areas were compromised. Identifying the attacker's movement helps in assessing the potential impact and aids in the development of an appropriate response plan. It is crucial to understand where the attacker went and what they had access to before further steps can be taken, such as changing access controls or determining the assets that might have been handled or acquired


NEW QUESTION # 72
What is the purpose of hardening systems?

  • A. to securely configure machines to limit the attack surface
  • B. to create the logic that triggers alerts when anomalies occur
  • C. to analyze attacks to identify threat actors and points of entry
  • D. to identify vulnerabilities within an operating system

Answer: A

Explanation:
System hardening is the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle, a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services1


NEW QUESTION # 73
An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

  • A. Identify the systems that have been affected and tools used to detect the attack
  • B. Update the IDS/IPS signatures and reimage the affected hosts
  • C. Identify the traffic with data capture using Wireshark and review email filters
  • D. Host a discovery meeting and define configuration and policy updates

Answer: B

Explanation:
During the recovery phase of the incident response process, especially after a phishing attack, it's crucial to update the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) signatures to detect and prevent similar attacks in the future. Additionally, reimaging the affected hosts ensures that any malware or changes made by the attacker are removed and that the systems are restored to a known good state. This step is essential to eradicate the threat and restore normal operations


NEW QUESTION # 74
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices.
Which technical architecture must be used?

  • A. DLP for removable data
  • B. DLP for data in motion
  • C. DLP for data at rest
  • D. DLP for data in use

Answer: D

Explanation:
Explanation/Reference: https://www.endpointprotector.com/blog/what-is-data-loss-prevention-dlp/


NEW QUESTION # 75
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

  • A. containment
  • B. post-incident activity
  • C. detection and analysis
  • D. eradication and recovery

Answer: D

Explanation:
Once the SOC analyst has stopped the malware from spreading and identified the attacking host, the next step in the incident response workflow is eradication and recovery. This involves removing the malware from all infected systems and restoring affected systems to normal operation. It's important to ensure that the malware is completely eradicated to prevent it from reactivating or spreading


NEW QUESTION # 76

Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

  • A. NetFlow and event data
  • B. event data and syslog data
  • C. SNMP and syslog data
  • D. NetFlow and SNMP

Answer: B


NEW QUESTION # 77
......

New (2024) Cisco 350-201 Exam Dumps: https://www.torrentvalid.com/350-201-valid-braindumps-torrent.html

Best Way To Study For Cisco 350-201 Exam Brilliant 350-201 Exam Questions PDF: https://drive.google.com/open?id=1VaeJ3_IpVlOsjdYR-XBUyuMKSPA8Kl0V