350-201 Online Practice Questions and Answers

A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

A. incident response playbooks

B. asset vulnerability assessment

C. report of staff members with asset relations

D. key assets and executives

E. malware analysis report

Refer to the exhibit. An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim's spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address.

Which action does the engineer recommend?

A. Use command ip verify reverse-path interface

B. Use global configuration command service tcp-keepalives-out

C. Use subinterface command no ip directed-broadcast

D. Use logging trap 6

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login.

Which step should an engineer take after receiving this alert?

A. Initiate a triage meeting to acknowledge the vulnerability and its potential impact

B. Determine company usage of the affected products

C. Search for a patch to install from the vendor

D. Implement restrictions within the VoIP VLANS

A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?

A. DLP for data in motion

B. DLP for removable data

C. DLP for data in use

D. DLP for data at rest

How does Wireshark decrypt TLS network traffic?

A. with a key log file using per-session secrets

B. using an RSA public key

C. by observing DH key exchange

D. by defining a user-specified decode-as

An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

A. Utilize the SaaS tool team to gather more information on the potential breach

B. Contact the incident response team to inform them of a potential breach

C. Organize a meeting to discuss the services that may be affected

D. Request that the purchasing department creates and sends the payments manually

A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web.

What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

A. Run and analyze the DLP Incident Summary Report from the Email Security Appliance

B. Ask the company to execute the payload for real time analysis

C. Investigate further in open source repositories using YARA to find matches

D. Obtain a copy of the file for detonation in a sandbox

A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

A. Create a follow-up report based on the incident documentation.

B. Perform a vulnerability assessment to find existing vulnerabilities.

C. Eradicate malicious software from the infected machines.

D. Collect evidence and maintain a chain-of-custody during further analysis.

A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company-owned asset al039-ice4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

A. Measure confidentiality level of downloaded documents.

B. Report to the incident response team.

C. Escalate to contractor's manager.

D. Communicate with the contractor to identify the motives.

Refer to the exhibit. Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?

A. SNMP

B. syslog

C. REST API

D. pxGrid