• Home
  • Articles
  • Released Cisco 350-201 Updated Questions PDF [Q82-Q104]

Released Cisco 350-201 Updated Questions PDF [Q82-Q104]

Share

Released Cisco 350-201 Updated Questions PDF

350-201 Dumps and Practice Test (141 Exam Questions)


Cisco 350-201 certification exam is a valuable credential for individuals looking to advance their careers in cybersecurity. It tests the candidate's practical skills and knowledge in various security technologies and concepts, making it ideal for professionals who want to manage complex security issues in different organizations. With the right preparation and practical experience, candidates can easily pass the exam and earn the certification.

 

NEW QUESTION # 82
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

  • A. report of staff members with asset relations
  • B. incident response playbooks
  • C. key assets and executives
  • D. malware analysis report
  • E. asset vulnerability assessment

Answer: D,E

Explanation:
According to NIST guidelines for conducting risk assessments, two critical elements required to calculate risk are understanding the vulnerabilities of the assets (asset vulnerability assessment) and having a detailed analysis of the threat (malware analysis report). The asset vulnerability assessment identifies the weaknesses that could be exploited by the malware, while the malware analysis report provides insight into the capabilities, propagation methods, and potential impact of the malware. These elements are essential for determining the likelihood and impact of the risk, which are key components of a risk assessment


NEW QUESTION # 83
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

  • A. compromised root access
  • B. compromised database tables
  • C. compromised network
  • D. compromised insider

Answer: C


NEW QUESTION # 84
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

  • A. Perform awareness testing
  • B. Conduct penetration testing
  • C. Conduct a data protection impact assessment
  • D. Perform a vulnerability assessment

Answer: C

Explanation:
Explanation/Reference: https://apdcat.gencat.cat/web/.content/03-documentacio/ Reglament_general_de_proteccio_de_dades/documents/DPIA-Guide.pdf


NEW QUESTION # 85
Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

Answer:

Explanation:


NEW QUESTION # 86
An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

  • A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
  • B. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts
  • C. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
  • D. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats

Answer: C

Explanation:
Implementing a confirmation step in the SOAR (Security Orchestration, Automation, and Response) workflow can significantly reduce false positives and improve the accuracy of threat detection. By adding a mechanism that informs the affected user of the detected activity and asks for their confirmation, the system can distinguish between legitimate and malicious actions more effectively. This approach respects the user's context and behavior patterns, allowing for a more nuanced response to security alerts. It also reduces the inconvenience caused to legitimate users by avoiding unnecessary account blocks or credential resets.
The other options, while potentially useful in certain contexts, do not address the immediate issue of distinguishing between false positives and actual threats as effectively as a confirmation step does. Meeting with privileged users (option A) and increasing incorrect login tries (option D) may help to some extent but do not provide an immediate verification mechanism. Changing the SOAR configuration flow (option B) could reduce automatic remediation, but it might also reduce the system's ability to respond to actual threats promptly.
Therefore, adding a confirmation step is the most direct and effective way to improve the workflow and resolve the issues described. It enhances the precision of the SOAR system and maintains a balance between security and user convenience.


NEW QUESTION # 87

Refer to the exhibit. An employee is a victim of a social engineering phone call and installs remote access software to allow an "MS Support" technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee's laptop and the remote technician's system?

  • A. The database files integrity was violated
  • B. The database files were disclosed
  • C. No database files were disclosed
  • D. The database files were intentionally corrupted, and encryption is possible

Answer: A


NEW QUESTION # 88
A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

  • A. Configure affected devices to disable the Finger service.
  • B. Disable BIND forwarding from the DNS server to avoid reconnaissance.
  • C. Disable affected assets and isolate them for further investigation.
  • D. Configure affected devices to disable NETRJS protocol.

Answer: A


NEW QUESTION # 89
An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

  • A. Lock the file to prevent unauthorized access.
  • B. Remove all personally identifiable information.
  • C. Ensure the online sandbox is GDPR compliant.
  • D. Verify hash integrity.

Answer: B


NEW QUESTION # 90
A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

  • A. Classify the criticality of the information, research the attacker's motives, and identify missing patches
  • B. Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited
  • C. Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan
  • D. Determine the damage to the business, extract reports, and save evidence according to a chain of custody

Answer: B

Explanation:
When an incident response team receives a report of unexpected changes within software, the immediate steps involve classifying the attack vector, understanding the scope of the event, and identifying the vulnerabilities being exploited. This is a critical part of the incident response workflow as it helps in determining the nature of the attack and the appropriate containment and eradication strategies3.


NEW QUESTION # 91
A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

  • A. Engage the legal department to explore action against the competitor that posted the spreadsheet.
  • B. Check incoming and outgoing communications to identify spoofed emails.
  • C. Determine if there is internal knowledge of this incident.
  • D. Disconnect the network from Internet access to stop the phishing threats and regain control.

Answer: C

Explanation:
Upon discovering confidential information posted on a competitor's website, the next step is to determine if there is internal knowledge of this incident. This involves investigating within the organization to find out if any employees were aware of or involved in the data breach. Understanding the source of the leak is essential for addressing the issue and preventing future occurrences5.


NEW QUESTION # 92
Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

  • A. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality
  • B. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine
  • C. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
  • D. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation

Answer: D


NEW QUESTION # 93
What is the purpose of hardening systems?

  • A. to analyze attacks to identify threat actors and points of entry
  • B. to identify vulnerabilities within an operating system
  • C. to create the logic that triggers alerts when anomalies occur
  • D. to securely configure machines to limit the attack surface

Answer: D


NEW QUESTION # 94
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

  • A. Determine the assets to which the attacker has access
  • B. Identify assets the attacker handled or acquired
  • C. Identify movement of the attacker in the enterprise
  • D. Change access controls to high risk assets in the enterprise

Answer: C

Explanation:
When an unauthorized person gains access to a secured premise, the immediate step is to understand the extent of the breach. This involves tracking the movement of the attacker within the enterprise to determine which areas were compromised. Identifying the attacker's movement helps in assessing the potential impact and aids in the development of an appropriate response plan. It is crucial to understand where the attacker went and what they had access to before further steps can be taken, such as changing access controls or determining the assets that might have been handled or acquired


NEW QUESTION # 95
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?

  • A. DLP for data in use
  • B. DLP for data in motion
  • C. DLP for data at rest
  • D. DLP for removable data

Answer: A

Explanation:
Data Loss Prevention (DLP) for data in use is designed to detect and prevent unauthorized attempts to copy or move sensitive data, particularly within an active processing environment. This type of DLP monitors and controls endpoint activities, ensuring that sensitive data is not transferred out of the network through unapproved applications or removable storage devices.


NEW QUESTION # 96
An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)

  • A. log in during non-working hours
  • B. domain belongs to a competitor
  • C. email forwarding to an external domain
  • D. increased number of sent mails
  • E. log in from a first-seen country

Answer: A,B


NEW QUESTION # 97
Refer to the exhibit.

Which asset has the highest risk value?

  • A. website
  • B. secretary workstation
  • C. servers
  • D. payment process

Answer: D


NEW QUESTION # 98
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

  • A. containment
  • B. post-incident activity
  • C. eradication and recovery
  • D. detection and analysis

Answer: C

Explanation:
Once the SOC analyst has stopped the malware from spreading and identified the attacking host, the next step in the incident response workflow is eradication and recovery. This involves removing the malware from all infected systems and restoring affected systems to normal operation. It's important to ensure that the malware is completely eradicated to prevent it from reactivating or spreading


NEW QUESTION # 99
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Answer:

Explanation:


NEW QUESTION # 100
What is idempotence?

  • A. the ability to set the target environment configuration regardless of the starting state
  • B. the ability to recover from failures while keeping critical services running
  • C. the assurance of system uniformity throughout the whole delivery process
  • D. the necessity of setting maintenance of individual deployment environments

Answer: C


NEW QUESTION # 101
What is the purpose of hardening systems?

  • A. to analyze attacks to identify threat actors and points of entry
  • B. to identify vulnerabilities within an operating system
  • C. to create the logic that triggers alerts when anomalies occur
  • D. to securely configure machines to limit the attack surface

Answer: D

Explanation:
System hardening is the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle, a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services1


NEW QUESTION # 102
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

  • A. Modify the alert rule to "output alert_syslog: output header"
  • B. Modify the output module rule to "output alert_fast: output filename"
  • C. Modify the output module rule to "output alert_quick: output filename"
  • D. Modify the alert rule to "output alert_syslog: output log"

Answer: D

Explanation:
Reference:
%2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382


NEW QUESTION # 103
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases


NEW QUESTION # 104
......

350-201 Exam Dumps Pass with Updated 2024 Certified Exam Questions: https://www.actualtestsit.com/Cisco/350-201-exam-prep-dumps.html

Guide (New 2024) Actual Cisco 350-201 Exam Questions: https://drive.google.com/open?id=1muA5MEpmFYppAGdzYLkXSo8r6pVBB806

Related Articles

more
Cisco 350-201 Certification Practice Exam