Aug 26, 2021 Step by Step Guide to Prepare for 350-201 Exam BrainDumps
CyberOps Professional 350-201 Real Exam Questions and Answers FREE Updated on 2021
NEW QUESTION 83 
Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?
- A. SNMP and syslog data
- B. NetFlow and event data
- C. event data and syslog data
- D. NetFlow and SNMP
Answer: C
NEW QUESTION 84
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.
Answer:
Explanation:
NEW QUESTION 85
An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?
- A. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.
- B. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.
- C. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.
- D. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.
Answer: C
NEW QUESTION 86
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?
- A. DLP for removable data
- B. DLP for data in motion
- C. DLP for data in use
- D. DLP for data at rest
Answer: C
NEW QUESTION 87
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?
- A. HIPAA
- B. PCI-DSS
- C. GDPR
- D. Sarbanes-Oxley
Answer: C
NEW QUESTION 88
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?
- A. Analyze the components of the infected hosts and associated business services.
- B. Scan the network to identify unknown assets and the asset owners.
- C. Analyze the impact of the malware and contain the artifacts.
- D. Scan the host with updated signatures and remove temporary containment.
Answer: A
NEW QUESTION 89
Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.
Answer:
Explanation:
NEW QUESTION 90
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?
- A. Run the sh command
- B. Run the who command
- C. Run the w command
- D. Run the sudo sysdiagnose command
Answer: D
Explanation:
Explanation/Reference: https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/
NEW QUESTION 91
Refer to the exhibit.
An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?
- A. The file is redirecting users to a website that requests privilege escalations from the user.
- B. The file is redirecting users to a website that harvests cookies and stored account information.
- C. The file is redirecting users to a website that is determining users' geographic location.
- D. The file is redirecting users to the website that is downloading ransomware to encrypt files.
Answer: C
NEW QUESTION 92
A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?
- A. Configure affected devices to disable the Finger service.
- B. Configure affected devices to disable NETRJS protocol.
- C. Disable affected assets and isolate them for further investigation.
- D. Disable BIND forwarding from the DNS server to avoid reconnaissance.
Answer: A
NEW QUESTION 93
An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?
- A. Analyze the source.
- B. Access the affected server to confirm compromised files are encrypted.
- C. Disconnect the affected server from the network.
- D. Determine the attack surface.
Answer: B
NEW QUESTION 94
Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?
- A. Check the audit logs
- B. Identify affected systems
- C. Remove the shortcut files
- D. Investigate the malicious URLs
Answer: B
NEW QUESTION 95
Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.
Answer:
Explanation:
NEW QUESTION 96
Refer to the exhibit.
Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?
- A. SNMP and syslog data
- B. NetFlow and event data
- C. event data and syslog data
- D. NetFlow and SNMP
Answer: C
NEW QUESTION 97
Refer to the exhibit.
An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim's spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address. Which action does the engineer recommend?
- A. Use subinterface command no ip directed-broadcast
- B. Use global configuration command service tcp-keepalives-out
- C. Use logging trap 6
- D. Use command ip verify reverse-path interface
Answer: D
NEW QUESTION 98
What is the difference between process orchestration and automation?
- A. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
- B. Orchestration arranges the tasks, while automation arranges processes.
- C. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.
- D. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
Answer: D
NEW QUESTION 99
......
Ultimate Guide to Prepare 350-201 Certification Exam for CyberOps Professional: https://www.free4torrent.com/350-201-braindumps-torrent.html
350-201 Ultimate Study Guide: https://drive.google.com/open?id=1ZD74TuuT77wRIlYueMIgiM9hI5eun2Ad