• Home
  • Articles
  • New 350-201 Test Materials & Valid 350-201 Test Engine [Q37-Q59]

New 350-201 Test Materials & Valid 350-201 Test Engine [Q37-Q59]

Share

New 350-201 Test Materials & Valid 350-201 Test Engine

350-201 Updated Exam Dumps [2023] Practice Valid Exam Dumps Question


Preparation Process

If you want to learn all the details of the exam content and be ready for Cisco 350-201, you can take the Performing CyberOps Using Cisco Security Technologies v1.0 course. This is the official training option, which is available on the vendor’s website. It covers the information about the cybersecurity operations fundamentals and methods as well as automation. With the help of this course, an interested individual is able to learn the foundational concepts and know how to leverage playbooks to formulate Incident Response. It is led by a certified instructor and available in almost any country in the world. It lasts for 5 days of hands-on practice and 3 days of covering content with challenges and practice. Before enrolling for the training, it is recommended that you possess a good knowledge of the content covered in the associate-level CyberOps course as well as have familiarity with UNIX/Linux shells & shell commands. Additionally, you should have a basic understanding of scripting when JavaScript, Python, or PHP are used.

 

NEW QUESTION 37
Refer to the exhibit.

Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

  • A. NetFlow and event data
  • B. NetFlow and SNMP
  • C. SNMP and syslog data
  • D. event data and syslog data

Answer: D

 

NEW QUESTION 38

Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

  • A. Set the rule to track the source IP
  • B. Tune the count and seconds threshold of the rule
  • C. Block list of internal IPs from the rule
  • D. Change the rule content match to case sensitive

Answer: D

 

NEW QUESTION 39
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?

  • A. Threat scores are high, malicious activity is detected, but files have not been modified
  • B. Threat scores are low and no malicious file activity is detected
  • C. Threat scores are low, malicious ransomware has been detected, and files have been modified
  • D. Threat scores are high, malicious ransomware has been detected, and files have been modified

Answer: C

 

NEW QUESTION 40
Refer to the exhibit.

IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

  • A. Set the rule to track the source IP
  • B. Tune the count and seconds threshold of the rule
  • C. Block list of internal IPs from the rule
  • D. Change the rule content match to case sensitive

Answer: D

 

NEW QUESTION 41
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: B

 

NEW QUESTION 42
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

  • A. Modify the alert rule to "output alert_syslog: output log"
  • B. Modify the output module rule to "output alert_quick: output filename"
  • C. Modify the output module rule to "output alert_fast: output filename"
  • D. Modify the alert rule to "output alert_syslog: output header"

Answer: A

Explanation:
Reference:
%2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382

 

NEW QUESTION 43
Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon - Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

  • A. elevation of privileges
  • B. data theft
  • C. denial-of-service
  • D. malware break

Answer: A

 

NEW QUESTION 44
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

  • A. Patch detected vulnerabilities from critical hosts
  • B. Perform analysis based on the established risk factors
  • C. Assess the network for unexpected behavior
  • D. Isolate critical hosts from the network

Answer: D

 

NEW QUESTION 45
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 46
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 47
Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 48
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  • A. Run the who command
  • B. Run the sudo sysdiagnose command
  • C. Run the sh command
  • D. Run the w command

Answer: B

Explanation:
Explanation/Reference: https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/

 

NEW QUESTION 49
An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

  • A. Configure reverse port forwarding on the IPS
  • B. Move the IPS to before the firewall facing the outside network
  • C. Configure the proxy service on the IPS
  • D. Move the IPS to after the firewall facing the internal network

Answer: C

 

NEW QUESTION 50
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

  • A. Perform vulnerability assessment
  • B. Determine the escalation path
  • C. Contain the malware
  • D. Install IPS software

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 51
Drag and drop the function on the left onto the mechanism on the right.

Answer:

Explanation:

 

NEW QUESTION 52
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

  • A. Allow list only authorized hosts to contact the application's IP at a specific port.
  • B. Allow list HTTP traffic through the corporate VLANS.
  • C. Allow list traffic to application's IP from the internal network at a specific port.
  • D. Allow list only authorized hosts to contact the application's VLAN.

Answer: D

 

NEW QUESTION 53
An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

  • A. Unpack the file in a sandbox to see how it reacts
  • B. Disassemble the malware to understand how it was constructed
  • C. Run the program through a debugger to see the sequential actions
  • D. Research the malware online to see if there are noted findings

Answer: D

 

NEW QUESTION 54
What is needed to assess risk mitigation effectiveness in an organization?

  • A. compliance with security standards
  • B. updated list of vulnerable systems
  • C. analysis of key performance indicators
  • D. cost-effectiveness of control measures

Answer: D

 

NEW QUESTION 55
Refer to the exhibit.

An employee is a victim of a social engineering phone call and installs remote access software to allow an "MS Support" technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee's laptop and the remote technician's system?

  • A. The database files were intentionally corrupted, and encryption is possible
  • B. The database files integrity was violated
  • C. The database files were disclosed
  • D. No database files were disclosed

Answer: B

 

NEW QUESTION 56
A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

  • A. Review access lists and require users to increase password complexity
  • B. Identify the attack vector and update the IDS signature list
  • C. Analyze event logs and restrict network access
  • D. Determine the systems involved and deploy available patches

Answer: C

 

NEW QUESTION 57
An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?
#!/usr/bin/python import sys import requests

  • A. {1}, {2}
  • B. console_ip, api_token
  • C. {1}, {3}
  • D. console_ip, reference_set_name

Answer: B

 

NEW QUESTION 58
Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

  • A. Add restrictions on the edge router on how often a single client can access the API
  • B. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
  • C. Increase the application cache of the total pool of active clients that call the API
  • D. Limit the number of API calls that a single client is allowed to make

Answer: D

 

NEW QUESTION 59
......

350-201 Sample with Accurate & Updated Questions: https://www.examslabs.com/Cisco/CyberOps-Professional/best-350-201-exam-dumps.html

350-201 Exam Info and Free Practice Test | ExamsLabs: https://drive.google.com/open?id=1S1DPuJ-whcR7LEbzwRKKYuTrK83cHpsa

Related Articles

more
Go To 350-201 Questions