350-201 by Cisco Actual Free Exam Questions And Answers

Question 1

Refer to the exhibit.

An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?

A. There is a possible data leak because payloads should be encoded as UTF-8 text

B. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible

C. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information

D. There is a malware that is communicating via encrypted channels to the command and control server

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle.
The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.
Which action will improve workflow automation?

A. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

B. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

C. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

D. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

Discussion 0

Correct Answer: D Vote an answer

Question 3

Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

A. Limit the number of API calls that a single client is allowed to make

B. Increase the application cache of the total pool of active clients that call the API

C. Add restrictions on the edge router on how often a single client can access the API

D. Reduce the amount of data that can be fetched from the total pool of active clients that call the API

Discussion 0

Correct Answer: A Vote an answer

Question 4

Refer to the exhibit.

An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company's user creation policy:
* minimum length: 3
* usernames can only use letters, numbers, dots, and underscores
* usernames cannot begin with a number
The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?

A. validate the restrictions, def validate_user(username, minlen)

B. modify code to return error on restrictions def return false_user(username, minlen)

C. modify code to force the restrictions, def force_user(username, minlen)

D. automate the restrictions def automate_user(username, minlen)

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

What is the difference between process orchestration and automation?

A. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.

B. Orchestration arranges the tasks, while automation arranges processes.

C. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.

D. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days.
Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

A. Analyze the logs from all countries related to this user during the traveling period

B. Create a rule triggered by 1 successful VPN connection from any nondestination country

C. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period

D. Create a rule triggered by multiple successful VPN connections from the destination countries

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Discussion 0

Correct Answer:

Question 8

How is a SIEM tool used?

A. To collect and analyze security data from network devices and servers and produce alerts

B. To search and compare security data against acceptance standards and generate reports for analysis

C. To collect security data from authentication failures and cyber attacks and forward it for analysis

D. To compare security alerts against configured scenarios and trigger system responses

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal.
Which compliance regulations must the audit apply to the company?

A. FISMA

B. HIPAA

C. PCI DSS

D. COBIT

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 10

An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

A. Identify the systems that have been affected and tools used to detect the attack

B. Host a discovery meeting and define configuration and policy updates

C. Identify the traffic with data capture using Wireshark and review email filters

D. Update the IDS/IPS signatures and reimage the affected hosts

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Cisco Performing CyberOps Using Cisco Security Technologies - 350-201 Exam Practice Test

Contact Us

Useful Links

Latest Updated