VCETorrent 350-201 Exam Questions Real 350-201 Practice Dumps [Q27-Q49]

Share

VCETorrent 350-201 Exam Questions | Real 350-201 Practice Dumps

Verified 350-201 Exam Dumps Q&As - Provide 350-201 with Correct Answers


Understanding valuable and specific pieces of 350-201 CISCO Performing CyberOps Using Cisco Security

The going with will be analyzed in CISCO 350-201 dumps:

  • Processes
  • Fundamentals
  • Automation
  • Techniques

 

NEW QUESTION 27

Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

  • A. reconnaissance
  • B. exploitation
  • C. delivery
  • D. actions on objectives

Answer: C

Explanation:
Explanation/Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-july2017.pdf

 

NEW QUESTION 28
The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

  • A. Analyze network traffic on the host's subnet
  • B. Conduct a risk assessment of systems and applications
  • C. Isolate the infected host from the rest of the subnet
  • D. Install malware prevention software on the host

Answer: C

 

NEW QUESTION 29
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

  • A. Isolate the assets affected in a separate network
  • B. Investigate the vulnerability to prevent further spread
  • C. Acknowledge the vulnerabilities and document the risk
  • D. Apply vendor patches or available hot fixes

Answer: A

 

NEW QUESTION 30
Refer to the exhibit.

Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)

  • A. Create an ACL on the firewall to allow only TLS 1.3
  • B. Create an ACL on the firewall to allow only external connections
  • C. Move the webserver to the internal network
  • D. Implement a proxy server in the DMZ network

Answer: C,D

 

NEW QUESTION 31

Refer to the exhibit. An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?

  • A. a Windows executable file
  • B. a MS-DOS executable archive
  • C. a DOS MZ executable format
  • D. an archived malware

Answer: A

Explanation:
Explanation/Reference: https://stackoverflow.com/questions/2577545/why-is-this-program-cannot-be-run-in-dos-mode-text- present-in-dll-files#:~:text=The%20linker%20places%20a%20default,using%20the%20%2FSTUB%20linker%
20option.&text=This%20information%20enables%20Windows%20to,has%20an%20MS-DOS%20stub.

 

NEW QUESTION 32
An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

  • A. Disconnect the affected server from the network.
  • B. Determine the attack surface.
  • C. Analyze the source.
  • D. Access the affected server to confirm compromised files are encrypted.

Answer: D

 

NEW QUESTION 33
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Answer:

Explanation:

 

NEW QUESTION 34
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

  • A. containment
  • B. detection and analysis
  • C. post-incident activity
  • D. eradication and recovery

Answer: D

 

NEW QUESTION 35
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Explanation:

 

NEW QUESTION 36
An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

  • A. Discovery, System Network Configuration Discovery, Duqu
  • B. Discovery, Remote Services: SMB/Windows Admin Shares, Duqu
  • C. Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu
  • D. Command and Control, Application Layer Protocol, Duqu

Answer: D

 

NEW QUESTION 37
Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

  • A. customer data
  • B. Internet
  • C. internal database
  • D. internal cloud

Answer: B

 

NEW QUESTION 38
Refer to the exhibit.

Where are the browser page rendering permissions displayed?

  • A. x-xss-protection
  • B. x-content-type-options
  • C. x-frame-options
  • D. x-test-debug

Answer: B

 

NEW QUESTION 39
Refer to the exhibit.

Based on the detected vulnerabilities, what is the next recommended mitigation step?

  • A. Perform root cause analysis for all detected vulnerabilities.
  • B. Remediate all vulnerabilities with descending CVSS score order.
  • C. Temporarily shut down unnecessary services until patch deployment ends.
  • D. Evaluate service disruption and associated risk before prioritizing patches.

Answer: A

 

NEW QUESTION 40
An engineer has created a bash script to automate a complicated process. During script execution, this error occurs: permission denied. Which command must be added to execute this script?

  • A. sh ex.sh
  • B. chmod +x ex.sh
  • C. chroot ex.sh
  • D. source ex.sh

Answer: B

 

NEW QUESTION 41
What do 2xx HTTP response codes indicate for REST APIs?

  • A. successful acceptance of the client's request
  • B. additional action must be taken by the client to complete the request
  • C. the server takes responsibility for error status codes
  • D. communication of transfer protocol-level information

Answer: A

 

NEW QUESTION 42
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

  • A. Determine the assets to which the attacker has access
  • B. Change access controls to high risk assets in the enterprise
  • C. Identify movement of the attacker in the enterprise
  • D. Identify assets the attacker handled or acquired

Answer: C

 

NEW QUESTION 43
A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)

  • A. Automate server-side error reporting for customers.
  • B. Implement API key maintenance.
  • C. Configure shorter timeout periods.
  • D. Determine API rate-limiting requirements.
  • E. Decrease simultaneous API responses.

Answer: A,D

 

NEW QUESTION 44
A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

  • A. by entities that issue the payment cards or that perform support issuing services
  • B. by issuers and issuer processors if there is a legitimate reason
  • C. post-authorization by non-issuing entities if the data is encrypted and securely stored
  • D. post-authorization by non-issuing entities if there is a documented business justification

Answer: C

 

NEW QUESTION 45
Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon - Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

  • A. denial-of-service
  • B. malware break
  • C. elevation of privileges
  • D. data theft

Answer: C

 

NEW QUESTION 46
An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?

  • A. statistical
  • B. predictive
  • C. diagnostic
  • D. qualitative

Answer: B

 

NEW QUESTION 47
An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?

  • A. Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
  • B. Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.
  • C. Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.
  • D. Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.

Answer: C

 

NEW QUESTION 48
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

  • A. incident response playbooks
  • B. malware analysis report
  • C. report of staff members with asset relations
  • D. asset vulnerability assessment
  • E. key assets and executives

Answer: B,D

Explanation:
Explanation/Reference: https://cloudogre.com/risk-assessment/

 

NEW QUESTION 49
......


Prerequisites

Cisco 350-201 is the first test that you need to take. This is a core exam that is focused on the details of the core cybersecurity operations, which include the cybersecurity fundamentals, processes, techniques, as well as automation. There are no particular requirements that you should meet before going for this test, but you need to possess a good understanding of the exam content and have a high level of preparedness. Most of the potential candidates have more than 3 years of experience implementing enterprise networking solutions. You don’t need to possess any other certificates or pass any additional tests.


Techniques – 30%

  • Applying segmentation to a network;
  • Describing the tools as well as their limitations for network analysis;
  • Evaluating security controls of an environment, diagnosing gaps, and recommending the needed improvements;
  • Using the hardening machine images for deployment;
  • Defining various mechanisms for the detection and enforcement of the data loss prevention techniques, including Cloud-, app-, network-, and host-based;
  • Understanding the techniques, procedures, and tactics from an attack;
  • Applying threat intelligence with the use of the proper tools;
  • Analyzing anomalous user & entity behavior;
  • Applying the concepts of data leakage, data loss, data in use, data at rest, and data in motion based on the common standards;
  • Recommending which services to disable;
  • Applying the dashboard data to communicate with the executive, leadership, or technical stakeholders.
  • Using the right data analytic techniques to answer specific questions or meet certain needs;
  • Using network controls for network hardening;

 

Get Top-Rated Cisco 350-201 Exam Dumps Now: https://www.vcetorrent.com/350-201-valid-vce-torrent.html

Pass Your 350-201 Dumps Free Latest Cisco Practice Tests: https://drive.google.com/open?id=1MpVgedF1PGXQ-sMxT6LklVKKVLIrSmM9