Quality 350-201 PDF Dumps - 350-201 Exam Questions [Q72-Q91]

Quality 350-201 PDF Dumps - 350-201 Exam Questions

Most UptoDate Cisco 350-201 Exam Dumps PDF 2021

NEW QUESTION 72
Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

• A. Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.
• B. Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.
• C. Identify who installed the application by reviewing the logs and gather a user access log from the HR department.
• D. Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.

Answer: B,D

 

NEW QUESTION 73
An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

• A. Enable memory tracing notifications.
• B. Disable CPU threshold trap toward the SNMP server.
• C. Disable memory limit.
• D. Enable memory threshold notifications.

Answer: D

 

NEW QUESTION 74
An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

• A. Research the malware online to see if there are noted findings
• B. Disassemble the malware to understand how it was constructed
• C. Unpack the file in a sandbox to see how it reacts
• D. Run the program through a debugger to see the sequential actions

Answer: A

 

NEW QUESTION 75
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases

 

NEW QUESTION 76
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Answer:

Explanation:

 

NEW QUESTION 77
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

• A. malware analysis report
• B. key assets and executives
• C. report of staff members with asset relations
• D. incident response playbooks
• E. asset vulnerability assessment

Answer: A,E

Explanation:
Explanation/Reference: https://cloudogre.com/risk-assessment/

 

NEW QUESTION 78
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

• A. Modify the alert rule to "output alert_syslog: output header"
• B. Modify the alert rule to "output alert_syslog: output log"
• C. Modify the output module rule to "output alert_quick: output filename"
• D. Modify the output module rule to "output alert_fast: output filename"

Answer: B

Explanation:
Explanation
Explanation/Reference: https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/249/original/ snort_manual.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%
2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382

 

NEW QUESTION 79
Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.

Answer:

Explanation:

 

NEW QUESTION 80
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

• A. eradication and recovery
• B. containment
• C. detection and analysis
• D. post-incident activity

Answer: A

 

NEW QUESTION 81
Refer to the exhibit.

How must these advisories be prioritized for handling?

• A. Vulnerability #1 and vulnerability #2 have the same priority
• B. Vulnerability #1 is the highest priority for every type of institution
• C. Vulnerability #2 is the highest priority for every type of institution
• D. The highest priority for handling depends on the type of institution deploying the devices

Answer: B

 

NEW QUESTION 82
A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

• A. Perform analysis based on the established risk factors
• B. Isolate critical hosts from the network
• C. Assess the network for unexpected behavior
• D. Patch detected vulnerabilities from critical hosts

Answer: B

 

NEW QUESTION 83
An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

• A. Request that the purchasing department creates and sends the payments manually
• B. Utilize the SaaS tool team to gather more information on the potential breach
• C. Organize a meeting to discuss the services that may be affected
• D. Contact the incident response team to inform them of a potential breach

Answer: B

 

NEW QUESTION 84
A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

• A. by issuers and issuer processors if there is a legitimate reason
• B. by entities that issue the payment cards or that perform support issuing services
• C. post-authorization by non-issuing entities if there is a documented business justification
• D. post-authorization by non-issuing entities if the data is encrypted and securely stored

Answer: D

 

NEW QUESTION 85
Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

• A. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
• B. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation
• C. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine
• D. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality

Answer: B

 

NEW QUESTION 86

Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

• A. Block list of internal IPs from the rule
• B. Tune the count and seconds threshold of the rule
• C. Set the rule to track the source IP
• D. Change the rule content match to case sensitive

Answer: D

 

NEW QUESTION 87
What is needed to assess risk mitigation effectiveness in an organization?

• A. updated list of vulnerable systems
• B. cost-effectiveness of control measures
• C. compliance with security standards
• D. analysis of key performance indicators

Answer: B

 

NEW QUESTION 88
Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.

Answer:

Explanation:

 

NEW QUESTION 89
What is the impact of hardening machine images for deployment?

• A. reduces the attack surface
• B. reduces the steps needed to mitigate threats
• C. increases the speed of patch deployment
• D. increases the availability of threat alerts

Answer: A

 

NEW QUESTION 90
An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?

• A. Crossrider.ioc
• B. ExecutedMalware.ioc
• C. W32 AccesschkUtility.ioc
• D. ConnectToSuspiciousDomain.ioc

Answer: C

 

NEW QUESTION 91
......

Who should take the 350-201 CISCO Performing CyberOps Using Cisco Security Exam

The certification is fashioned for:

• Storage administrators
• Field engineers
• Technical solutions architects
• Network managers
• Consulting systems engineers
• Systems engineers
• Data center engineers
• Cisco integrators and partners
• Network administrators
• Network engineers
• Network designers
• Server administrators

 

100% Free CyberOps Professional 350-201 Dumps PDF Demo Cert Guide Cover: https://www.dumpstillvalid.com/350-201-prep4sure-review.html

PDF Exam Material 2021 Realistic 350-201 Dumps Questions: https://drive.google.com/open?id=1PPn4-AwrniudZncsz7jO6d3sln7fEqZR