Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Q72-Q88] Cisco 350-201 Practice Verified Answers - Pass Your Exams For Sure! [2021]

[Q72-Q88] Cisco 350-201 Practice Verified Answers - Pass Your Exams For Sure! [2021]

Share

Cisco 350-201 Practice Verified Answers - Pass Your Exams For Sure! [2021]

Valid Way To Pass CyberOps Professional's  350-201 Exam

NEW QUESTION 72
Refer to the exhibit.

Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?

  • A. REST API
  • B. pxGrid
  • C. syslog
  • D. SNMP

Answer: A

 

NEW QUESTION 73
What is needed to assess risk mitigation effectiveness in an organization?

  • A. cost-effectiveness of control measures
  • B. compliance with security standards
  • C. analysis of key performance indicators
  • D. updated list of vulnerable systems

Answer: A

 

NEW QUESTION 74
An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

  • A. Disconnect the affected server from the network.
  • B. Access the affected server to confirm compromised files are encrypted.
  • C. Analyze the source.
  • D. Determine the attack surface.

Answer: B

 

NEW QUESTION 75
Refer to the exhibit.

Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

  • A. event data and syslog data
  • B. NetFlow and SNMP
  • C. SNMP and syslog data
  • D. NetFlow and event data

Answer: A

 

NEW QUESTION 76
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

  • A. Assess the network for unexpected behavior
  • B. Perform analysis based on the established risk factors
  • C. Patch detected vulnerabilities from critical hosts
  • D. Isolate critical hosts from the network

Answer: D

 

NEW QUESTION 77
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 78
Refer to the exhibit.

An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

  • A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
  • B. Deploy IDS within sensitive areas and continuously update signatures
  • C. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses
  • D. Deploy a SOAR solution and correlate log alerts from customer zones

Answer: A

 

NEW QUESTION 79
Refer to the exhibit.

For IP 192.168.1.209, what are the risk level, activity, and next step?

  • A. critical risk level, data exfiltration, isolate the device
  • B. high risk level, anomalous periodic communication, quarantine with antivirus
  • C. high risk level, malicious host, investigate further
  • D. critical risk level, malicious server IP, run in a sandboxed environment

Answer: B

 

NEW QUESTION 80

Refer to the exhibit. An employee is a victim of a social engineering phone call and installs remote access software to allow an "MS Support" technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee's laptop and the remote technician's system?

  • A. The database files were disclosed
  • B. The database files integrity was violated
  • C. The database files were intentionally corrupted, and encryption is possible
  • D. No database files were disclosed

Answer: B

 

NEW QUESTION 81
Drag and drop the function on the left onto the mechanism on the right.

Answer:

Explanation:

 

NEW QUESTION 82
Refer to the exhibit.

An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?

  • A. There is a malware that is communicating via encrypted channels to the command and control server
  • B. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
  • C. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
  • D. There is a possible data leak because payloads should be encoded as UTF-8 text

Answer: D

 

NEW QUESTION 83
The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

  • A. Determine the assets to which the attacker has access
  • B. Identify movement of the attacker in the enterprise
  • C. Change access controls to high risk assets in the enterprise
  • D. Identify assets the attacker handled or acquired

Answer: B

 

NEW QUESTION 84
Refer to the exhibit. What is occurring in this packet capture?

  • A. DNS flood
  • B. TCP port scan
  • C. TCP flood
  • D. DNS tunneling

Answer: C

 

NEW QUESTION 85
A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.
What is the next step in handling the incident?

  • A. Identify lateral movement
  • B. Perform an antivirus scan on the laptop
  • C. Block the source IP from the firewall
  • D. Identify systems or services at risk

Answer: D

 

NEW QUESTION 86
An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

  • A. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
  • B. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
  • C. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
  • D. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Answer: A

 

NEW QUESTION 87
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

  • A. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
  • B. Review the server backup and identify server content and data criticality to assess the intrusion risk
  • C. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
  • D. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

Answer: B

 

NEW QUESTION 88
......

Cisco 350-201 Pre-Exam Practice Tests | TestSimulate: https://www.testsimulate.com/350-201-study-materials.html

Related Blogs

more
Go To 350-201 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.