• Home
  • Blogs
  • 350-201 Practice Exam Tests Latest Updated on Dec-2023 [Q24-Q42]

350-201 Practice Exam Tests Latest Updated on Dec-2023 [Q24-Q42]

Share

350-201 Practice Exam Tests Latest Updated on Dec-2023

Pass 350-201 Exam in First Attempt Guaranteed Dumps!

NEW QUESTION # 24
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

  • A. incident response playbooks
  • B. asset vulnerability assessment
  • C. report of staff members with asset relations
  • D. malware analysis report
  • E. key assets and executives

Answer: B,D

Explanation:
Explanation/Reference: https://cloudogre.com/risk-assessment/


NEW QUESTION # 25

Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

  • A. The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.
  • B. The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.
  • C. The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.
  • D. The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.

Answer: B


NEW QUESTION # 26
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

  • A. Apply vendor patches or available hot fixes
  • B. Isolate the assets affected in a separate network
  • C. Acknowledge the vulnerabilities and document the risk
  • D. Investigate the vulnerability to prevent further spread

Answer: B


NEW QUESTION # 27
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Explanation:


NEW QUESTION # 28
What is the difference between process orchestration and automation?

  • A. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
  • B. Orchestration arranges the tasks, while automation arranges processes.
  • C. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
  • D. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.

Answer: C


NEW QUESTION # 29
A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

  • A. Update software to patch third-party software
  • B. Fix applications according to the risk scores
  • C. Validate CSRF by executing exploits within Metasploit
  • D. Identify the business applications running on the assets

Answer: B


NEW QUESTION # 30
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

  • A. Allow list only authorized hosts to contact the application's VLAN.
  • B. Allow list traffic to application's IP from the internal network at a specific port.
  • C. Allow list HTTP traffic through the corporate VLANS.
  • D. Allow list only authorized hosts to contact the application's IP at a specific port.

Answer: A


NEW QUESTION # 31
Refer to the exhibit.

An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?

  • A. Top Conversations
  • B. Top Peers
  • C. Top Ports
  • D. Top Hosts

Answer: D


NEW QUESTION # 32
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

  • A. compromised network
  • B. compromised root access
  • C. compromised database tables
  • D. compromised insider

Answer: A


NEW QUESTION # 33
Refer to the exhibit.

Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?

  • A. Option D
  • B. Option C
  • C. Option B
  • D. Option A

Answer: B


NEW QUESTION # 34
An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

  • A. Modify the alert rule to "output alert_syslog: output log"
  • B. Modify the alert rule to "output alert_syslog: output header"
  • C. Modify the output module rule to "output alert_fast: output filename"
  • D. Modify the output module rule to "output alert_quick: output filename"

Answer: A

Explanation:
Reference:
%2F20201231%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201231T141156Z&X-Amz- Expires=172800&X-Amz-SignedHeaders=host&X-Amz- Signature=e122ab6eb1659e13b3bc6bb2451ce693c0298b76c1962c3743924bc5fd83d382


NEW QUESTION # 35
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

  • A. Ask the company to execute the payload for real time analysis
  • B. Run and analyze the DLP Incident Summary Report from the Email Security Appliance
  • C. Obtain a copy of the file for detonation in a sandbox
  • D. Investigate further in open source repositories using YARA to find matches

Answer: C


NEW QUESTION # 36
Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

  • A. Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.
  • B. Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.
  • C. Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.
  • D. Identify who installed the application by reviewing the logs and gather a user access log from the HR department.

Answer: A,B


NEW QUESTION # 37
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Answer:

Explanation:


NEW QUESTION # 38
What is a limitation of cyber security risk insurance?

  • A. It does not cover the costs of damage done by third parties as a result of a cyber attack
  • B. It does not cover the costs to hire a public relations company to help deal with a cyber attack
  • C. It does not cover the costs to restore stolen identities as a result of a cyber attack
  • D. It does not cover the costs to hire forensics experts to analyze the cyber attack

Answer: C

Explanation:
Explanation/Reference: https://tplinsurance.com/products/cyber-risk-insurance/


NEW QUESTION # 39
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Explanation:


NEW QUESTION # 40
Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

Answer:

Explanation:


NEW QUESTION # 41
A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time. What is the first step the analyst should take to address this incident?

  • A. Contact the third-party handling provider to respond to the incident as critical
  • B. Turn off all access to the patient portal to secure patient records
  • C. Evaluate visibility tools to determine if external access resulted in tampering
  • D. Review system and application logs to identify errors in the portal code

Answer: B


NEW QUESTION # 42
......

CyberOps Professional Free Certification Exam Material from Exam-Killer with 141 Questions: https://pass4sure.exam-killer.com/350-201-valid-questions.html

Related Blogs

more
Cisco 350-201 Certification Practice Exam

Our latest test questions will provide the best valid and accurate knowledge for you and give you right reference. You will successfully pass your actual test with the help of our high quality and high hit-rate pass4sure study torrent.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 EXAM-KILLER.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy