Free Demo Questions

Test Online Free Cisco 350-201 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free 350-201 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Aug 07, 2021 28 Questions 2 Pages

Get 350-201 Full Access

Question 16 Written Answer

DRAG DROP
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with “New Malware Server Discovered” and the IOC indicates communication from an end-user desktop to a Zeus C&C Server.
Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Question 17 Selectable Answer

What is the difference between process orchestration and automation?

A. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
B. Orchestration arranges the tasks, while automation arranges processes.
C. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
D. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.

Answer:

Question 18 Written Answer

DRAG DROP
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Question 19 Selectable Answer

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials .
How should the workflow be improved to resolve these issues?

A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
B. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
C. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
D. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Answer:

Question 20 Selectable Answer

1.Which bash command will print all lines from the “colors.txt” file containing the non case-sensitive pattern “Yellow”?

A. grep -i “yellow” colors.txt
B. locate “yellow” colors.txt
C. locate -i “Yellow” colors.txt
D. grep “Yellow” colors.txt

Answer:

Question 21 Selectable Answer

A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.861.2117.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet .
What is the cause of the issue?

A. DDoS attack
B. phishing attack
C. virus outbreak
D. malware outbreak

Answer:

Question 22 Written Answer

DRAG DROP
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Question 23 Selectable Answer

An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction .
Which action should the engineer take to prevent this issue from reoccurring?

A. Disable memory limit.
B. Disable CPU threshold trap toward the SNMP server.
C. Enable memory tracing notifications.
D. Enable memory threshold notifications.

Answer:

Question 24 Written Answer

DRAG DROP
Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right.

Answer:

Question 25 Selectable Answer

Refer to the exhibit.

An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim’s spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address .
Which action does the engineer recommend?

A. Use command ip verify reverse-path interface
B. Use global configuration command service tcp-keepalives-out
C. Use subinterface command no ip directed-broadcast
D. Use logging trap 6

Answer:
Explanation:
Reference: https://www.ccexpert.us/pix-firewall/ip-verify-reversepath-command.html

Question 26 Selectable Answer

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days.
Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

A. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
B. Create a rule triggered by 1 successful VPN connection from any nondestination country
C. Create a rule triggered by multiple successful VPN connections from the destination countries
D. Analyze the logs from all countries related to this user during the traveling period

Answer:

Question 27 Selectable Answer

What is needed to assess risk mitigation effectiveness in an organization?

A. analysis of key performance indicators
B. compliance with security standards
C. cost-effectiveness of control measures
D. updated list of vulnerable systems

Answer:

Question 28 Selectable Answer

What is the purpose of hardening systems?

A. to securely configure machines to limit the attack surface
B. to create the logic that triggers alerts when anomalies occur
C. to identify vulnerabilities within an operating system
D. to analyze attacks to identify threat actors and points of entry

Answer:

Current Exam

350-201

Cisco
Performing CyberOps Using Core Security Technologies (CBRCOR)

View Full 350-201 Package