• Home
  • Articles
  • Get 350-201 Actual Free Exam Q&As to Prepare for Your Cisco Certification [Q15-Q34]

Get 350-201 Actual Free Exam Q&As to Prepare for Your Cisco Certification [Q15-Q34]

Share

Get 350-201 Actual Free Exam Q&As to Prepare for Your Cisco Certification

Cisco Actual Free Exam Questions And Answers


Salary of 350-201 CISCO Performing CyberOps Using Cisco Security confirmed specialists

The remuneration of 350-201 CISCO Performing CyberOps Using Cisco Security confirmed specialists shifts from $108K to $121K dependent upon the extensive stretches of association.


How to design 350-201 CISCO Performing CyberOps Using Cisco Security

You can generally design a test as long as about a month and a half early and as late as that very day.

  • Candidates who bomb a test should remain by a period of 5 timetable days, beginning the day after the besieged undertaking, before they may retest for a comparable test
  • Candidates who bomb any CCIE or CCDE created test ought to hold on for a period of 15 timetable days, beginning the day after the bombarded attempt, preceding retaking a comparative test
  • For tests other than CCIE lab tests, plan your test at Pearson VUE. Visit the Exam Registration Information page for nuances
  • For CCIE Lab Exams, visit the CCIE site

 

NEW QUESTION 15
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

  • A. PCI DSS
  • B. HIPAA
  • C. COBIT
  • D. FISMA

Answer: A

 

NEW QUESTION 16
A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

  • A. Collect evidence and maintain a chain-of-custody during further analysis.
  • B. Eradicate malicious software from the infected machines.
  • C. Create a follow-up report based on the incident documentation.
  • D. Perform a vulnerability assessment to find existing vulnerabilities.

Answer: A

 

NEW QUESTION 17
A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

  • A. Create a rule triggered by 1 successful VPN connection from any nondestination country
  • B. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
  • C. Create a rule triggered by multiple successful VPN connections from the destination countries
  • D. Analyze the logs from all countries related to this user during the traveling period

Answer: D

 

NEW QUESTION 18
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

  • A. Run and analyze the DLP Incident Summary Report from the Email Security Appliance
  • B. Ask the company to execute the payload for real time analysis
  • C. Obtain a copy of the file for detonation in a sandbox
  • D. Investigate further in open source repositories using YARA to find matches

Answer: C

 

NEW QUESTION 19
Refer to the exhibit.

An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

  • A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
  • B. Deploy a SOAR solution and correlate log alerts from customer zones
  • C. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses
  • D. Deploy IDS within sensitive areas and continuously update signatures

Answer: A

 

NEW QUESTION 20
Refer to the exhibit. Which indicator of compromise is represented by this STIX?

  • A. web server vulnerability exploited by malware
  • B. website hosting malware to download files
  • C. website redirecting traffic to ransomware server
  • D. cross-site scripting vulnerability to backdoor server

Answer: A

 

NEW QUESTION 21
Refer to the exhibit.

Which command was executed in PowerShell to generate this log?

  • A. Get-WinEvent -ListLog* -ComputerName localhost
  • B. Get-EventLog -List
  • C. Get-EventLog -LogName*
  • D. Get-WinEvent -ListLog*

Answer: C

 

NEW QUESTION 22
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices.
Which technical architecture must be used?

  • A. DLP for data at rest
  • B. DLP for removable data
  • C. DLP for data in use
  • D. DLP for data in motion

Answer: C

Explanation:
Explanation/Reference: https://www.endpointprotector.com/blog/what-is-data-loss-prevention-dlp/

 

NEW QUESTION 23
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

  • A. Conduct a data protection impact assessment
  • B. Perform a vulnerability assessment
  • C. Conduct penetration testing
  • D. Perform awareness testing

Answer: A

Explanation:
Explanation/Reference: https://apdcat.gencat.cat/web/.content/03-documentacio/ Reglament_general_de_proteccio_de_dades/documents/DPIA-Guide.pdf

 

NEW QUESTION 24
A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days.
Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

  • A. Create a rule triggered by 1 successful VPN connection from any nondestination country
  • B. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
  • C. Create a rule triggered by multiple successful VPN connections from the destination countries
  • D. Analyze the logs from all countries related to this user during the traveling period

Answer: D

 

NEW QUESTION 25
An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight. Which type of compromise is indicated?

  • A. privilege escalation
  • B. dumpster diving
  • C. phishing
  • D. social engineering

Answer: D

 

NEW QUESTION 26
Drag and drop the function on the left onto the mechanism on the right.

Answer:

Explanation:

 

NEW QUESTION 27
A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

  • A. Disconnect the network from Internet access to stop the phishing threats and regain control.
  • B. Determine if there is internal knowledge of this incident.
  • C. Engage the legal department to explore action against the competitor that posted the spreadsheet.
  • D. Check incoming and outgoing communications to identify spoofed emails.

Answer: C

 

NEW QUESTION 28
An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

  • A. Verify hash integrity.
  • B. Lock the file to prevent unauthorized access.
  • C. Ensure the online sandbox is GDPR compliant.
  • D. Remove all personally identifiable information.

Answer: D

 

NEW QUESTION 29
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

  • A. Review the server backup and identify server content and data criticality to assess the intrusion risk
  • B. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
  • C. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
  • D. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

Answer: A

 

NEW QUESTION 30
The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

  • A. Perform static and dynamic code analysis of the specimen.
  • B. Contain the subnet in which the suspicious file was found.
  • C. Unpack the specimen and perform memory forensics.
  • D. Document findings and clean-up the laboratory.

Answer: C

 

NEW QUESTION 31

Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

  • A. reconnaissance
  • B. delivery
  • C. actions on objectives
  • D. exploitation

Answer: B

Explanation:
Explanation/Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-july2017.pdf

 

NEW QUESTION 32
Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

  • A. Increase the application cache of the total pool of active clients that call the API
  • B. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
  • C. Limit the number of API calls that a single client is allowed to make
  • D. Add restrictions on the edge router on how often a single client can access the API

Answer: C

 

NEW QUESTION 33
Refer to the exhibit.

An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company's user creation policy:
minimum length: 3
usernames can only use letters, numbers, dots, and underscores
usernames cannot begin with a number
The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?

  • A. modify code to force the restrictions, def force_user(username, minlen)
  • B. modify code to return error on restrictions def return false_user(username, minlen)
  • C. validate the restrictions, def validate_user(username, minlen)
  • D. automate the restrictions def automate_user(username, minlen)

Answer: D

 

NEW QUESTION 34
......

350-201 Questions Truly Valid For Your Cisco Exam: https://topexamcollection.pdfvce.com/Cisco/350-201-exam-pdf-dumps.html

Related Articles

more
Cisco 350-201 Certification Practice Exam