Try 100% Updated 350-201 Exam Questions [2021]
Pass 350-201 Exam - Real Questions & Answers
For more info visit
350-201 CISCO Performing CyberOps Using Cisco SecurityReference
NEW QUESTION 18
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?
- A. Assess the network for unexpected behavior
- B. Perform analysis based on the established risk factors
- C. Patch detected vulnerabilities from critical hosts
- D. Isolate critical hosts from the network
Answer: D
NEW QUESTION 19
Refer to the exhibit.
An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?
- A. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
- B. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
- C. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
- D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
Answer: B
NEW QUESTION 20
An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)
- A. Implement a patch management process.
- B. Scan the company server files for known viruses.
- C. Define roles and responsibilities in the incident response playbook.
- D. Apply existing patches to the company servers.
- E. Automate antivirus scans of the company servers.
Answer: C,E
NEW QUESTION 21
Refer to the exhibit.
An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?
- A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
- B. Deploy IDS within sensitive areas and continuously update signatures
- C. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses
- D. Deploy a SOAR solution and correlate log alerts from customer zones
Answer: A
NEW QUESTION 22 
Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company's user creation policy:
* minimum length: 3
* usernames can only use letters, numbers, dots, and underscores
* usernames cannot begin with a number
The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?
- A. modify code to return error on restrictions def return false_user(username, minlen)
- B. modify code to force the restrictions, def force_user(username, minlen)
- C. automate the restrictions def automate_user(username, minlen)
- D. validate the restrictions, def validate_user(username, minlen)
Answer: C
NEW QUESTION 23
Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.
Answer:
Explanation:
NEW QUESTION 24
Refer to the exhibit.
An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon - Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?
- A. data theft
- B. malware break
- C. denial-of-service
- D. elevation of privileges
Answer: D
NEW QUESTION 25
A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities.
Which additional element is needed to calculate the risk?
- A. incident response playbook
- B. assessment scope
- C. risk model framework
- D. event severity and likelihood
Answer: C
NEW QUESTION 26
An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?
- A. Research the malware online to see if there are noted findings
- B. Disassemble the malware to understand how it was constructed
- C. Unpack the file in a sandbox to see how it reacts
- D. Run the program through a debugger to see the sequential actions
Answer: A
NEW QUESTION 27
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
- A. Conduct a data protection impact assessment
- B. Perform a vulnerability assessment
- C. Perform awareness testing
- D. Conduct penetration testing
Answer: A
Explanation:
Explanation/Reference: https://apdcat.gencat.cat/web/.content/03-documentacio/ Reglament_general_de_proteccio_de_dades/documents/DPIA-Guide.pdf
NEW QUESTION 28
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.
Answer:
Explanation:
NEW QUESTION 29 
Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
- A. There is a malware that is communicating via encrypted channels to the command and control server
- B. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
- C. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
- D. There is a possible data leak because payloads should be encoded as UTF-8 text
Answer: D
NEW QUESTION 30
An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?
- A. Utilize the SaaS tool team to gather more information on the potential breach
- B. Contact the incident response team to inform them of a potential breach
- C. Request that the purchasing department creates and sends the payments manually
- D. Organize a meeting to discuss the services that may be affected
Answer: A
NEW QUESTION 31
Refer to the exhibit.
How are tokens authenticated when the REST API on a device is accessed from a REST API client?
- A. The token is obtained by providing a password. The REST API requests access to a resource using the access token, validates the access token, and gives access to the resource.
- B. The token is obtained before providing a password. The REST API provides resource access, refreshes tokens, and returns them to the REST client. The REST client requests access to a resource using the access token.
- C. The token is obtained by providing a password. The REST client requests access to a resource using the access token. The REST API validates the access token and gives access to the resource.
- D. The token is obtained before providing a password. The REST client provides access to a resource using the access token. The REST API encrypts the access token and gives access to the resource.
Answer: D
NEW QUESTION 32
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?
- A. Apply vendor patches or available hot fixes
- B. Investigate the vulnerability to prevent further spread
- C. Isolate the assets affected in a separate network
- D. Acknowledge the vulnerabilities and document the risk
Answer: C
NEW QUESTION 33
......
Who should take the 350-201 CISCO Performing CyberOps Using Cisco Security Exam
The certification is fashioned for:
- Server administrators
- Systems engineers
- Network designers
- Consulting systems engineers
- Network administrators
- Network engineers
- Field engineers
- Cisco integrators and partners
- Storage administrators
350-201 Exam Questions Get Updated [2021] with Correct Answers: https://www.dumpsquestion.com/350-201-exam-dumps-collection.html