Practice Free Cisco 350-201 Exam Questions Online, 350-201 Free Demo

Question No : 1
Refer to the exhibit.

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity .
What is the threat model for the SQL database?

A.An attacker can initiate a DoS attack.
B.An attacker can read or change data.
C.An attacker can transfer data to an external server.
D.An attacker can modify the access logs.

Answer:

Question No : 2
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

A.Perform a vulnerability assessment
B.Conduct a data protection impact assessment
C.Conduct penetration testing
D.Perform awareness testing

Answer:
Explanation:
Reference: https://apdcat.gencat.cat/web/.content/03-documentacio/Reglament_general_de_proteccio_de_dades/documents/DPIA-Guide.pdf

Question No : 3
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior .
Which type of compromise is occurring?

A.compromised insider
B.compromised root access
C.compromised database tables
D.compromised network

Answer:

Question No : 4
How does Wireshark decrypt TLS network traffic?

A.with a key log file using per-session secrets
B.using an RSA public key
C.by observing DH key exchange
D.by defining a user-specified decode-as

Answer:
Explanation:
Reference: https://wiki.wireshark.org/TLS

Question No : 5
An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login .
Which step should an engineer take after receiving this alert?

A.Initiate a triage meeting to acknowledge the vulnerability and its potential impact
B.Determine company usage of the affected products
C.Search for a patch to install from the vendor
D.Implement restrictions within the VoIP VLANS

Answer:

Question No : 6
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine .
What should be concluded from this report?

A.Threat scores are high, malicious ransomware has been detected, and files have been modified
B.Threat scores are low, malicious ransomware has been detected, and files have been modified
C.Threat scores are high, malicious activity is detected, but files have not been modified
D.Threat scores are low and no malicious file activity is detected

Answer:

Question No : 7
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets.
According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

A.incident response playbooks
B.asset vulnerability assessment
C.report of staff members with asset relations
D.key assets and executives
E.malware analysis report

Answer:
Explanation:
Reference: https://cloudogre.com/risk-assessment/

Question No : 8
Refer to the exhibit.

An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server .
What is the indicator of compromise?

A.The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
B.The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
C.The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
D.The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

Answer:

Question No : 9
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops .
Which steps help the engineer understand a comprehensive overview of the incident?

A.Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
B.Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
C.Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
D.Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

Answer:

Question No : 10
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled “Invoice RE: 0004489”. The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web .
What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

A.Run and analyze the DLP Incident Summary Report from the Email Security Appliance
B.Ask the company to execute the payload for real time analysis
C.Investigate further in open source repositories using YARA to find matches
D.Obtain a copy of the file for detonation in a sandbox

Answer:

Test Online Free Cisco 350-201 Exam Questions and Answers