Unique Top-selling 350-201 Exams - New 2024 Cisco Pratice Exam

CyberOps Professional Dumps 350-201 Exam for Full Questions - Exam Study Guide

Cisco 350-201 certification exam is an excellent way for cybersecurity professionals to validate their skills and expertise in performing cyber operations using Cisco security technologies. Whether you are looking to advance your career or simply enhance your skills and knowledge in this field, earning this certification can help you achieve your goals and succeed in today's rapidly-evolving cybersecurity landscape.

 

NEW QUESTION # 79
A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

• A. Configure affected devices to disable the Finger service.
• B. Configure affected devices to disable NETRJS protocol.
• C. Disable affected assets and isolate them for further investigation.
• D. Disable BIND forwarding from the DNS server to avoid reconnaissance.

Answer: A

NEW QUESTION # 80
How does Wireshark decrypt TLS network traffic?

• A. using an RSA public key
• B. with a key log file using per-session secrets
• C. by observing DH key exchange
• D. by defining a user-specified decode-as

Answer: B

NEW QUESTION # 81
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

• A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
• B. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
• C. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.
• D. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

Answer: C

NEW QUESTION # 82
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Explanation:

NEW QUESTION # 83
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Answer:

Explanation:

NEW QUESTION # 84
What is a benefit of key risk indicators?

• A. improved visibility on quantifiable information
• B. improved mitigation techniques for unknown threats
• C. clear perspective into the risk position of an organization
• D. clear procedures and processes for organizational risk

Answer: B

NEW QUESTION # 85
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

• A. 0
• B. 1
• C. 2
• D. 3
• E. 4

Answer: B

NEW QUESTION # 86
An engineer received multiple reports from users trying to access a company website and instead of landing on the website, they are redirected to a malicious website that asks them to fill in sensitive personal dat a. Which type of attack is occurring?

• A. Domain Name System poisoning
• B. Address Resolution Protocol poisoning
• C. teardrop attack
• D. session hijacking attack

Answer: A

NEW QUESTION # 87
Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

• A. Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.
• B. Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.
• C. Identify who installed the application by reviewing the logs and gather a user access log from the HR department.
• D. Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.

Answer: A,D

NEW QUESTION # 88

Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

• A. exploitation
• B. reconnaissance
• C. delivery
• D. actions on objectives

Answer: C

Explanation:
Explanation/Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-july2017.pdf

NEW QUESTION # 89
A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

• A. by issuers and issuer processors if there is a legitimate reason
• B. by entities that issue the payment cards or that perform support issuing services
• C. post-authorization by non-issuing entities if there is a documented business justification
• D. post-authorization by non-issuing entities if the data is encrypted and securely stored

Answer: D

NEW QUESTION # 90
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

• A. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
• B. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
• C. Review the server backup and identify server content and data criticality to assess the intrusion risk
• D. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities

Answer: C

NEW QUESTION # 91
What is the difference between process orchestration and automation?

• A. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
• B. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
• C. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.
• D. Orchestration arranges the tasks, while automation arranges processes.

Answer: B

NEW QUESTION # 92
Refer to the exhibit.

An employee is a victim of a social engineering phone call and installs remote access software to allow an "MS Support" technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee's laptop and the remote technician's system?

• A. No database files were disclosed
• B. The database files integrity was violated
• C. The database files were disclosed
• D. The database files were intentionally corrupted, and encryption is possible

Answer: B

NEW QUESTION # 93
What is idempotence?

• A. the ability to recover from failures while keeping critical services running
• B. the ability to set the target environment configuration regardless of the starting state
• C. the necessity of setting maintenance of individual deployment environments
• D. the assurance of system uniformity throughout the whole delivery process

Answer: D

NEW QUESTION # 94
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

• A. Investigate the vulnerability to prevent further spread
• B. Acknowledge the vulnerabilities and document the risk
• C. Isolate the assets affected in a separate network
• D. Apply vendor patches or available hot fixes

Answer: C

NEW QUESTION # 95
How is a SIEM tool used?

• A. To search and compare security data against acceptance standards and generate reports for analysis
• B. To collect security data from authentication failures and cyber attacks and forward it for analysis
• C. To collect and analyze security data from network devices and servers and produce alerts
• D. To compare security alerts against configured scenarios and trigger system responses

Answer: C

Explanation:
Explanation/Reference: https://www.varonis.com/blog/what-is-siem/

NEW QUESTION # 96
A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.861.2117.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?

• A. virus outbreak
• B. malware outbreak
• C. DDoS attack
• D. phishing attack

Answer: B

NEW QUESTION # 97
Refer to the exhibit.

A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

• A. malware analysis
• B. firewall manager
• C. SIEM
• D. packet sniffer

Answer: D

NEW QUESTION # 98
A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

• A. incident response playbook
• B. risk model framework
• C. event severity and likelihood
• D. assessment scope

Answer: B

NEW QUESTION # 99
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

• A. Perform vulnerability assessment
• B. Contain the malware
• C. Install IPS software
• D. Determine the escalation path

Answer: A

Explanation:
Explanation/Reference:

NEW QUESTION # 100
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

• A. Analyze the components of the infected hosts and associated business services.
• B. Scan the network to identify unknown assets and the asset owners.
• C. Analyze the impact of the malware and contain the artifacts.
• D. Scan the host with updated signatures and remove temporary containment.

Answer: A

NEW QUESTION # 101
An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

• A. Enable memory threshold notifications.
• B. Enable memory tracing notifications.
• C. Disable memory limit.
• D. Disable CPU threshold trap toward the SNMP server.

Answer: A

NEW QUESTION # 102
An engineer has created a bash script to automate a complicated process. During script execution, this error occurs: permission denied. Which command must be added to execute this script?

• A. source ex.sh
• B. chroot ex.sh
• C. sh ex.sh
• D. chmod +x ex.sh

Answer: D

NEW QUESTION # 103
Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

• A. internal cloud
• B. Internet
• C. internal database
• D. customer data

Answer: B

NEW QUESTION # 104
......

Cisco 350-201 certification exam covers a wide range of topics, including network security, endpoint protection, threat intelligence, and incident response. 350-201 exam is designed to test the candidate's ability to identify and mitigate security threats, as well as their proficiency in using Cisco security technologies to secure networks and data.

 

Best way to practice test for Cisco 350-201: https://www.testsimulate.com/350-201-study-materials.html