Practice 350-201 Exam Online

Question 1

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to

prevent this type of attack from reoccurring? (Choose two.)

A : Implement a patch management process.

B : Scan the company server files for known viruses.

C : Apply existing patches to the company servers.

D : Automate antivirus scans of the company servers.

E : Define roles and responsibilities in the incident response playbook.

Answer: A,D

Question 2

Refer to the exhibit.

What is occurring in this packet capture?

A : TCP port scan

B : TCP flood

C : DNS flood

D : DNS tunneling

Answer: B

Question 3

The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

A : Conduct a risk assessment of systems and applications

B : Isolate the infected host from the rest of the subnet

C : Install malware prevention software on the host

D : Analyze network traffic on the host's subnet

Answer: B

Question 4

Refer to the exhibit.

Where are the browser page rendering permissions displayed?

A : x-frame-options

B : x-xss-protection

C : x-content-type-options

D : x-test-debug

Answer: C

Question 5

Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

A : exploitation

B : actions on objectives

C : delivery

D : reconnaissance

Answer: C

Name:	Performing CyberOps Using Cisco Security Technologies
Exam Code:	350-201
Certification:	CyberOps Professional
Vendor:	Cisco
Total Questions:	140
Last Updated:	Apr 23, 2024

Cisco 350-201