350-201 Dumps PDF - 350-201 Real Exam Questions Answers
Get Started: 350-201 Exam [2024] Dumps Cisco PDF Questions
NEW QUESTION # 47
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?
- A. Allow list only authorized hosts to contact the application's IP at a specific port.
- B. Allow list HTTP traffic through the corporate VLANS.
- C. Allow list traffic to application's IP from the internal network at a specific port.
- D. Allow list only authorized hosts to contact the application's VLAN.
Answer: D
NEW QUESTION # 48
What is the purpose of hardening systems?
- A. to securely configure machines to limit the attack surface
- B. to analyze attacks to identify threat actors and points of entry
- C. to create the logic that triggers alerts when anomalies occur
- D. to identify vulnerabilities within an operating system
Answer: A
NEW QUESTION # 49
The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?
- A. Contain the subnet in which the suspicious file was found.
- B. Unpack the specimen and perform memory forensics.
- C. Perform static and dynamic code analysis of the specimen.
- D. Document findings and clean-up the laboratory.
Answer: B
NEW QUESTION # 50
Refer to the exhibit.
An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?
- A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
- B. Deploy a SOAR solution and correlate log alerts from customer zones
- C. Deploy IDS within sensitive areas and continuously update signatures
- D. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses
Answer: A
NEW QUESTION # 51
Refer to the exhibit.
Where is the MIME type that should be followed indicated?
- A. strict-transport-security
- B. x-content-type-options
- C. x-xss-protection
- D. x-test-debug
Answer: D
NEW QUESTION # 52
After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?
- A. Compare workstation configuration and asset configuration policy to identify gaps.
- B. Analyze the applications and services running on the affected workstation.
- C. Review audit logs for privilege escalation events.
- D. Inspect registry entries for recently executed files.
Answer: D
NEW QUESTION # 53
An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?
- A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
- B. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
- C. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts
- D. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
Answer: D
NEW QUESTION # 54
An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?
#!/usr/bin/python import sys import requests
- A. console_ip, api_token
- B. {1}, {2}
- C. console_ip, reference_set_name
- D. {1}, {3}
Answer: A
NEW QUESTION # 55 
Refer to the exhibit. An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?
- A. a DOS MZ executable format
- B. a MS-DOS executable archive
- C. a Windows executable file
- D. an archived malware
Answer: C
Explanation:
Explanation/Reference: https://stackoverflow.com/questions/2577545/why-is-this-program-cannot-be-run-in-dos-mode-text- present-in-dll-files#:~:text=The%20linker%20places%20a%20default,using%20the%20%2FSTUB%20linker%
20option.&text=This%20information%20enables%20Windows%20to,has%20an%20MS-DOS%20stub.
NEW QUESTION # 56 
Refer to the exhibit. What results from this script?
- A. Seeds for existing domains are checked
- B. A search is conducted for additional seeds
- C. A list of domains as seeds is blocked
- D. Domains are compared to seed rules
Answer: B
NEW QUESTION # 57
Which action should be taken when the HTTP response code 301 is received from a web application?
- A. Confirm the resource's location.
- B. Update the cached header metadata.
- C. Modify the session timeout setting.
- D. Increase the allowed user limit.
Answer: B
NEW QUESTION # 58
Drag and drop the function on the left onto the mechanism on the right.
Answer:
Explanation:
NEW QUESTION # 59 
Refer to the exhibit. What is the threat in this Wireshark traffic capture?
- A. A flood of ACK packets coming from a single source IP to multiple destination IPs
- B. A flood of SYN packets coming from a single source IP to a single destination IP
- C. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
- D. A high rate of SYN packets being sent from multiple sources toward a single destination IP
Answer: B
NEW QUESTION # 60
An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?
- A. Remove all personally identifiable information.
- B. Verify hash integrity.
- C. Lock the file to prevent unauthorized access.
- D. Ensure the online sandbox is GDPR compliant.
Answer: A
NEW QUESTION # 61
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.
Answer:
Explanation:
NEW QUESTION # 62
Refer to the exhibit.
Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?
- A. An attacker can modify the access logs.
- B. An attacker can transfer data to an external server.
- C. An attacker can initiate a DoS attack.
- D. An attacker can read or change data.
Answer: C
NEW QUESTION # 63
Refer to the exhibit.
An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?
- A. The file is redirecting users to a website that harvests cookies and stored account information.
- B. The file is redirecting users to a website that requests privilege escalations from the user.
- C. The file is redirecting users to the website that is downloading ransomware to encrypt files.
- D. The file is redirecting users to a website that is determining users' geographic location.
Answer: D
NEW QUESTION # 64
Refer to the exhibit.
An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?
- A. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
- B. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
- C. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
- D. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
Answer: C
NEW QUESTION # 65
......
350-201 Premium Exam Engine pdf Download: https://www.free4torrent.com/350-201-braindumps-torrent.html
Verified 350-201 Bundle Real Exam Dumps PDF: https://drive.google.com/open?id=1ZD74TuuT77wRIlYueMIgiM9hI5eun2Ad