350-201(NEW-127Q) Exam Questions
116 real 350-201(NEW-127Q) exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #101Incident Management and Response
A SOC team receives multiple alerts from a rule that detects requests to malicious URLs. The rule also informs the incident response team to block the malicious URLs requested on t...
SOAR AutomationIncident ResponseThreat BlockingSOC Operations - Question #102Incident Response and Management
A security analyst receives an escalation regarding an unidentified connection to the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a...
Incident ResponseForensic AnalysisMalware DetectionAttack Indicators - Question #103Application Security
Refer to the exhibit. Where are the browser page rendering permissions displayed?
HTTP Security HeadersClickjacking ProtectionBrowser SecurityX-Frame-Options - Question #104Threat Detection and Response
An engineer is analyzing a possible compromise that happened a week ago when the company database servers unexpectedly went down. The analysis reveals that attackers tampered with...
DDoS MitigationIntrusion Prevention SystemNetwork Attack DetectionIncident Containment - Question #105Network Security
An organization has four quiet rooms and two meeting rooms. A security engineer must enhance network protection by separating employee access to internal resources and visitor acce...
VLANsNetwork SegmentationAccess ControlNetwork Architecture - Question #106Incident Response and Vulnerability Management
An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the i...
Patch ManagementIncident ResponseVulnerability ManagementPrivilege Escalation - Question #107Incident Response and Management
A company was breached by phishing emails by a third-party partner email domain. Multiple employees were infected by ransomware. The incident response team detected the breach afte...
Incident ResponseContainmentEndpoint QuarantineC&C Blocking - Question #108Cloud Concepts and Architecture
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?
Cloud Service ModelsPaaSInfrastructure ManagementDeployment Models - Question #109Network Security
An organization had a recent breach with a man-in-the-middle attack. Attackers were able to intercept traffic and steal customer's data. The organization has asked a security engin...
HSTSMan-in-the-Middle AttacksHTTPS/TLSTransport Security - Question #110Incident Response and Management
An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to co...
Incident ResponseContainmentNetwork IsolationIntrusion Management - Question #111Incident Handling and Response
An employee who frequently travels abroad connects to a company network from a first-seen country during nonworking hours. The SIEM tool generated an alert that the employee forwar...
Incident ResponseData ExfiltrationInsider ThreatsAccount Suspension - Question #112Intrusion Detection and Prevention
Refer to the exhibit. ``` rule id 100 event type tcp event action alert source address any destination address any source port any destination port 80 protocol tcp ``` The rule is...
IDS/IPS RulesFalse Positive TuningRule ScopingNetwork Security Monitoring - Question #113Intrusion Detection and Response
An engineer is examining alerts by an IDS that uses SNORT technology and notices many false positives. This rule is firing inside a "local rules" file. (10.10.x.x any -> $HOME_NET...
Snort IDSFalse Positive TroubleshootingRule TuningAlert Management - Question #114Threat Detection and Prevention
What is a core limitation of Network Intrusion Detection Systems?
Network Intrusion DetectionEncrypted Traffic AnalysisIDS LimitationsNetwork Visibility - Question #115Threat Detection and Response
An engineer receives multiple events on the Cisco Secure Firewall Threat Defense Manager (Firepower Management Center) showing that an 'Unknown' file was detected and caused an inc...
File ReputationTalos IntelligenceMalware DetectionThreat Analysis - Question #116Threat and Vulnerability Management
An employee in the credit branch department of a large bank reported a slowdown of software used for issuing and assigning credit cards to customers. According to bank policy, any...
DoS attacksHTML floodAvailability attacksAttack identification