(Nov-2024) Get professional help from our 350-201 Dumps PDF [Q46-Q69] : Free Exams Dumps Materials : http://exams.dumpsmaterials.com

This page was exported from Free Exams Dumps Materials [ http://exams.dumpsmaterials.com ]
Export date: Sun Nov 24 18:44:11 2024 / +0000 GMT

(Nov-2024) Get professional help from our 350-201 Dumps PDF [Q46-Q69]

(Nov-2024) Get professional help from our 350-201 Dumps PDF

Give You Free Regular Updates on 350-201 Exam Questions

Cisco 350-201 certification exam is an excellent opportunity for cybersecurity professionals to enhance their skills and knowledge and gain recognition as a Cisco certified professional. With the ever-increasing importance of cybersecurity in today's digital age, obtaining this certification can open up new career opportunities and help individuals stay competitive in the job market.

NEW QUESTION 46
Which action should be taken when the HTTP response code 301 is received from a web application?

Update the cached header metadata.

Confirm the resource’s location.

Increase the allowed user limit.

Modify the session timeout setting.

NEW QUESTION 47
What is a benefit of key risk indicators?

clear perspective into the risk position of an organization

improved visibility on quantifiable information

improved mitigation techniques for unknown threats

clear procedures and processes for organizational risk

NEW QUESTION 48
Drag and drop the function on the left onto the mechanism on the right.

NEW QUESTION 49
Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.

NEW QUESTION 50
An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

Host a discovery meeting and define configuration and policy updates

Update the IDS/IPS signatures and reimage the affected hosts

Identify the systems that have been affected and tools used to detect the attack

Identify the traffic with data capture using Wireshark and review email filters

NEW QUESTION 51
A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

Classify the criticality of the information, research the attacker’s motives, and identify missing patches

Determine the damage to the business, extract reports, and save evidence according to a chain of custody

Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited

Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

NEW QUESTION 52
Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

Exclude the step “BAN malicious IP” to allow analysts to conduct and track the remediation

Include a step “Take a Snapshot” to capture the endpoint state to contain the threat for analysis

Exclude the step “Check for GeoIP location” to allow analysts to analyze the location and the associated risk based on asset criticality

Include a step “Reporting” to alert the security department of threats identified by the SOAR reporting engine

NEW QUESTION 53
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

NEW QUESTION 54
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.

Inform the user by enabling an automated email response when the rule is triggered.

Inform the incident response team by enabling an automated email response when the rule is triggered.

Create an automation script for blocking URLs on the firewall when the rule is triggered.

NEW QUESTION 55
Refer to the exhibit.

A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

packet sniffer

malware analysis

SIEM

firewall manager

NEW QUESTION 56
Refer to the exhibit. Which indicator of compromise is represented by this STIX?

website redirecting traffic to ransomware server

website hosting malware to download files

web server vulnerability exploited by malware

cross-site scripting vulnerability to backdoor server

NEW QUESTION 57
Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

customer data

internal database

internal cloud

Internet

NEW QUESTION 58
Refer to the exhibit.

Where does it signify that a page will be stopped from loading when a scripting attack is detected?

x-frame-options

x-content-type-options

x-xss-protection

x-test-debug

NEW QUESTION 59
A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

post-authorization by non-issuing entities if there is a documented business justification

by entities that issue the payment cards or that perform support issuing services

post-authorization by non-issuing entities if the data is encrypted and securely stored

by issuers and issuer processors if there is a legitimate reason

NEW QUESTION 60
A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

Eradicate malicious software from the infected machines.

Collect evidence and maintain a chain-of-custody during further analysis.

Perform a vulnerability assessment to find existing vulnerabilities.

Create a follow-up report based on the incident documentation.

NEW QUESTION 61
Refer to the exhibit.

Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?

SNMP

syslog

REST API

pxGrid

NEW QUESTION 62
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.

Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.

Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

NEW QUESTION 63
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices.
Which technical architecture must be used?

DLP for data in motion

DLP for removable data

DLP for data in use

DLP for data at rest

NEW QUESTION 64
An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

Utilize the SaaS tool team to gather more information on the potential breach

Contact the incident response team to inform them of a potential breach

Organize a meeting to discuss the services that may be affected

Request that the purchasing department creates and sends the payments manually

NEW QUESTION 65
Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

Limit the number of API calls that a single client is allowed to make

Add restrictions on the edge router on how often a single client can access the API

Reduce the amount of data that can be fetched from the total pool of active clients that call the API

Increase the application cache of the total pool of active clients that call the API

NEW QUESTION 66
Refer to the exhibit.

Which asset has the highest risk value?

servers

website

payment process

secretary workstation

NEW QUESTION 67
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

Run the sudo sysdiagnose command

Run the sh command

Run the w command

Run the who command

NEW QUESTION 68
A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor’s website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

Determine if there is internal knowledge of this incident.

Check incoming and outgoing communications to identify spoofed emails.

Disconnect the network from Internet access to stop the phishing threats and regain control.

Engage the legal department to explore action against the competitor that posted the spreadsheet.

NEW QUESTION 69
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

Identify the business applications running on the assets

Update software to patch third-party software

Validate CSRF by executing exploits within Metasploit

Fix applications according to the risk scores

The Cisco 350-201 exam consists of 90-110 questions and has a duration of 120 minutes. 350-201 exam tests the candidate's knowledge of Cisco security technologies, including network security, cloud security, endpoint protection, threat intelligence, and incident response. 350-201 exam is available in English and Japanese and can be taken at authorized testing centers or online.

Achieve the 350-201 Exam Best Results with Help from Cisco Certified Experts: https://www.dumpsmaterials.com/350-201-real-torrent.html

Post date: 2024-11-24 12:41:06
Post date GMT: 2024-11-24 12:41:06
Post modified date: 2024-11-24 12:41:06
Post modified date GMT: 2024-11-24 12:41:06