350-201(NEW-127Q) Exam Questions
116 real 350-201(NEW-127Q) exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1Web Application Security
Which action should be taken when the HTTP response code 301 is received from a web application?
HTTP Status CodesResource RedirectionWeb ProtocolsApplication Security - Question #2Incident Response
Amid a critical cybersecurity incident, a multinational corporation has a suspected breach involving an advanced and evasive strain of malware. The cybersecurity team is under imme...
Malware AnalysisIncident ResponseNetwork AnalysisBehavioral Analysis - Question #3Network Security
A multinational corporation, with a complex network infrastructure comprising a central data center, several remote offices, and cloud-based services, faces challenges in managing...
Network SegmentationZero Trust ArchitectureSD-WANAccess Control - Question #4Incident Response and Management
The incident response team of an organization detects a compromised endpoint being used by a malicious actor who is encrypting and exfiltrating data. The incident response team sto...
Incident ResponseImpact AssessmentData ExfiltrationContainment - Question #5Incident Response and Management
A security analyst detected that a group of internal hosts are initiating periodic port scanning activities to different network segments and that connections are then being initia...
Incident ResponseEndpoint DetectionSecurity Tool IntegrationThreat Investigation - Question #6System Administration
An organization's Linux server hosts a sensitive configuration file, and the system administrator wants to adjust the file permissions to meet security requirements. The organizati...
chmodfile permissionsLinuxaccess control - Question #7Threat Defense
A company has budget constraints that prevent it from buying dedicated DDoS prevention solutions, and a security engineer must strengthen the organization's security. The specific...
TCP InterceptSYN Flood PreventionDDoS MitigationCisco Routers - Question #8Incident Response and Management
During a routine security audit, a cybersecurity team at a multinational corporation discovers a complex security breach involving exfiltration of sensitive data. The threat has af...
Incident ResponseData Breach ContainmentThreat EradicationPost-Incident Analysis - Question #9Incident Response
An organization's security team identified a potential security incident that involves an unusual file found on a critical server. The file appears to have been injected by an unkn...
Malware AnalysisIncident ResponseFile AnalysisForensics - Question #10Application Performance and Optimization
A software development team is integrating an external payment processing API that has strict limits on request rates and a defined payload size. The API is crucial for handling re...
API IntegrationRate LimitingLoad BalancingTraffic Management - Question #11Intrusion Detection and Prevention
Refer to the exhibit. The rule is configured to alert any TCP traffic to or from port 80. However, it is causing false positives because it is also triggering legitimate traffic, s...
IDS/IPS Rule ConfigurationFalse Positive ReductionIP-based FilteringAlert Tuning - Question #12Incident Response and Forensics
Refer to the exhibit. An engineer is investigating several messages about undelivered emails and is reviewing cross-correlated data from different sources. It appears that the date...
data exfiltrationincident correlationattack detectionemail forensics - Question #13Threat Intelligence
How are cyber threat intelligence platforms used?
CTI platformsthreat recognitionthreat data analysisintelligence gathering - Question #14Incident Response
A company is considering moving from an IaaS cloud deployment to a PaaS deployment model. Which challenge would this introduce to the incident response process?
Cloud deployment modelsForensic data acquisitionIaaS vs PaaSIncident investigation - Question #15Security Operations and Incident Response
What describes the primary purpose of the SOAR tool in the field of cybersecurity?
SOARAutomationIncident ResponseOrchestration - Question #16Threat Detection and Response
A security engineer discovered an unusual network activity that repeats weekly, only on weekends. Further analysis shows that the activity spreads to countries where the organizati...
Incident InvestigationThreat AnalysisEvent CorrelationSecurity Response - Question #17Infrastructure Security
Which action must be taken during the process of hardening machine images?
Machine Image HardeningSecurity ConfigurationVulnerability ReductionLeast Privilege - Question #18Threat Detection and Response
In a corporate environment, a security analyst must refine an intrusion detection system rule that erroneously flags secure file transfer protocol (SFTP) traffic as suspicious duri...
Intrusion Detection SystemsAlert TuningFalse Positive ReductionNetwork Segmentation - Question #19Infrastructure Security and System Hardening
A data center that manages sensitive government data must enhance its system hardening procedures to counter advanced cyber threats and adhere to federal security regulations. The...
System HardeningSecurity StandardsCompliance FrameworksNIST/CIS/STIG - Question #20Data Protection and Compliance
The organization that provides payment processing services is working on contracts with multiple banks. The organization has four branches with public and internal networks and two...
PCI DSS complianceData encryptionPhysical access controlsCardholder data protection - Question #21Incident Detection and Response
In a large financial institution, a cybersecurity analyst is responsible for monitoring network traffic patterns for any signs of cyberattacks. During routine analysis, the analyst...
Incident ResponseAttack Chain AnalysisLateral MovementForensic Investigation - Question #22Incident Response and Threat Investigation
In a corporate environment, a cybersecurity analyst is responsible for investigating a potential intrusion on laptop endpoints. Abnormally detection systems have raised concerns ab...
Incident InvestigationLog AnalysisIndicators of CompromiseEvidence Collection - Question #23Incident Response and Management
A security analyst is reviewing a playbook scenario that describes the steps to be taken in response to a phishing attack targeting the organization. The scenario includes the iden...
Incident ResponsePhishing DetectionEmail SecurityMalware Analysis - Question #24Incident Response and Management
A security analyst received an alert from a SIEM platform that one of their organization's servers with the serial number 34E93G0947LBJK60, has been compromised by a malicious acto...
Incident ResponseData BreachContainmentRemediation - Question #25Security Operations and Automation
Refer to the exhibit. A SOC engineer attempts to automate a recurring log analysis task. Which modification in the Python code must be made to the provided script to automatically...
Python file I/OLog analysis automationOutput redirectionSOC scripting - Question #26Threat Detection and Response
A security analyst monitors an organization's network using UEBA tools to detect potential threats. During the analysis, the analyst notices unusual activities, such as a user from...
UEBAInsider Threat DetectionIncident ResponseBehavioral Analytics - Question #27Infrastructure Automation and Deployment
Which DevOps practice is used when automating an operations environment to automatically adjust in scale with the demands of users?
Infrastructure as CodeAuto-scalingDevOps AutomationCloud Operations - Question #28Email and Web Security
Which tool prevents data loss and defends against phishing attacks?
Email SecurityData Loss PreventionPhishing ProtectionEmail Gateway - Question #29Threat and Vulnerability Management
Refer to the exhibit. An engineer is investigating a case with several employees who cannot access their files on network shares, followed by almost simultaneous delivery of a susp...
Data ExtortionRansomwareIncident ClassificationThreat Analysis - Question #30Infrastructure Security
An organization must automate the provisioning of infrastructure required for software releases. Developers must apply infrastructure code from within existing development tools. W...
Infrastructure as CodeDevOps AutomationInfrastructure ProvisioningContinuous Integration - Question #31Data Security and Encryption
A cybersecurity team is building a cloud-based storage system in a multinational corporation. Which approaches should be undertaken in line with the concept of "data at rest" to pr...
Data EncryptionComplianceCloud SecurityKey Management - Question #32Linux System Administration
A system administrator must organize files, navigate directories, and set environment variables to optimize the development environment on a Linux server. The administrator must pe...
Bash CommandsFile ManagementEnvironment VariablesShell Configuration - Question #33Security Governance and Compliance
The compliance team is working to implement standards according to European organizational needs. An organization has a segmented network, a customer data zone, a critical zone whe...
GDPRPCI DSSCompliance StandardsData Protection - Question #34Vulnerability Management and Mitigation
A security team received an alert from a vulnerability scanner about a zero-day vulnerability affecting a company-owned, SSL-based remote access VPN concentrator. Using this vulner...
Zero-day vulnerability mitigationVPN securityNetwork access controlDefense-in-depth - Question #35Incident Response and Threat Investigation
The incident response team of an organization identifies an ongoing cyber attack that involves a highly sophisticated threat actor, multiple compromised endpoints, and a custom-bui...
incident responsethreat assessmentcontainment and eradicationimpact analysis - Question #36Threat Detection and Response
Refer to the exhibit. Which two Indicators of Attack are present on this alert? (Choose two.)
Indicators of AttackLateral MovementThreat DetectionAlert Analysis - Question #37Incident Response and Investigation
An analyst is investigating a potentially malicious program. Static analysis showed suspicious header details, hashes, and strings embedded within the executable file. The analyst...
Malware AnalysisDynamic AnalysisIncident ResponseForensics - Question #38Incident Response and Threat Management
An engineer is conducting a forensic investigation on a host system in the company network. The system was compromised by an advanced persistent threat group. The engineer identifi...
Incident Response PhasesForensic InvestigationDetection and AnalysisThreat Detection - Question #39Security Operations and Incident Handling
A security analyst receives an alert concerning an iOS device belonging to the CFO. The device pings a high-risk country daily because this executive visited that country. Which st...
Incident ResponseDevice ForensicsEvidence PreservationMobile Security - Question #40Network Security
Refer to the exhibit. Which lines must be added to the script to list the ports that are open?
Port ScanningSocket ProgrammingPython NetworkingNetwork Reconnaissance - Question #41Wireless Security
Refer to the exhibit. An engineer must analyze the packet capture from Wireshark. What is occurring?
Wi-Fi JammingPacket Capture AnalysisWireless AttacksWireshark - Question #42Security Governance and Compliance
A network security administrator must strengthen the security posture of a university's research network, which handles sensitive academic data across various operating systems and...
Security StandardsSystem HardeningGovernance FrameworksNetwork Security - Question #43Forensic Investigation and Incident Response
Security Engineer noticed that a new strain of malware packs the file to increase its size to avoid being sandboxed. A forensic script is required to be uploaded to an endpoint rem...
Bash find commandFile forensicsMalware detectionIncident response - Question #44Incident Response and Management
A company's legal office was notified by a law enforcement agency that anomalous traffic was detected during a separate investigation that was not directly related to the company....
Macro-Based MalwareGroup Policy ControlsEndpoint MitigationIncident Response - Question #45Incident Response and Management
An organization plans to implement an incident response strategy that includes orchestration and automation. The security team must understand the key differences between these con...
Incident ResponseOrchestrationAutomationSOAR - Question #46Incident Response
An incident responder must mitigate a DDoS attack on a company web server. Which step from the playbook must the responder apply first to counteract this threat effectively?
DDoS MitigationIncident ResponseRate LimitingTraffic Filtering - Question #47Incident Investigation and Analysis
An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is f...
Incident InvestigationSIEM/Log AnalysisNetwork Traffic AnalysisThreat Detection - Question #48Web Application Security
Refer to the exhibit. Where is the MIME type that should be followed indicated?
HTTP Security HeadersMIME Type EnforcementBrowser SecurityContent-Type - Question #49Risk Management
What is a benefit of key risk indicators?
Key Risk IndicatorsRisk MonitoringRisk MeasurementRisk Posture - Question #50Threat Detection and Response
A SIEM tool triggers an alert event due to multiple failed login attempts. The same user tried to access multiple servers within 10 minutes. Further analysis showed a specific work...
Privilege Escalation DetectionSystem Compromise IndicatorsLateral MovementIncident Response