350-201 Practice Questions
128 real 350-201 exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #115Processes
A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet...
data breachinsider threatlegal responseincident investigation - Question #116Security Monitoring
An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is f...
anomalous network activitySIEM investigationStealthWatchthreat hunting - Question #117Host-Based Analysis
An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory p...
memory thresholdSNMP trapsnetwork device availabilityperformance monitoring - Question #118Processes
A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned...
NIST incident responseransomwareevidence collectionchain of custody - Question #119Processes
A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document managemen...
insider threatdata exfiltrationanomaly detectionincident escalation - Question #120Processes
An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to co...
intrusion containmentnetwork isolationdata breach responseaffected system - Question #121Processes
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst wa...
incident responseIR workfloweradicationmalware containment - Question #122Processes
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of...
SOARSIEMincident triageDDoS - Question #123Fundamentals
Which action should be taken when the HTTP response code 301 is received from a web application?
HTTP response codes301 redirectweb application - Question #124Processes
Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provide...
phishingemail investigationproxy logssocial engineering - Question #125Network Intrusion Analysis
A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple a...
port 79Finger servicereconnaissancesocial engineering - Question #126Automation
What is idempotence?
idempotenceconfiguration managementdeployment - Question #127Security Policies and Procedures
A security architect in an automotive factory is working on the Cyber Security Management System and is implementing procedures and creating policies to prevent attacks. Which stan...
IEC62443industrial cybersecurityautomotive securityCSMS - Question #128Processes
An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the i...
patch managementNetlogon vulnerabilityprivilege escalationvulnerability remediation - Question #129Techniques
Refer to the exhibit. Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for...
threat modelingSQL databaseDoS attackaccess control - Question #130Automation
Which bash command will print all lines from the "colors.txt" file containing the non case-sensitive pattern "Yellow"?
bash scriptinggreppattern matchingcommand line - Question #131Network Intrusion Analysis
An engineer received multiple reports from users trying to access a company website and instead of landing on the website, they are redirected to a malicious website that asks them...
DNS poisoningDNS spoofingredirect attackweb security - Question #132Techniques
Refer to the exhibit. An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?
STIXstatic analysisthreat intelligencemalware analysis - Question #133Automation
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall....
SOAR automationfirewall automationURL blockingincident automation - Question #134Fundamentals
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?
PaaScloud service modelscloud computing - Question #135Processes
Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engi...
application discoveryunauthorized applicationincident investigationdata protection - Question #136Techniques
A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API c...
API securityrate limitingsession managementDoS prevention - Question #137Security Policies and Procedures
What is the impact of hardening machine images for deployment?
image hardeningattack surface reductiondeployment security - Question #138Automation
What is the difference between process orchestration and automation?
orchestrationautomationprocess managementworkflow - Question #139Automation
An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing th...
Python scriptingSIEM APIautomation scriptAPI authentication - Question #140Host-Based Analysis
After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is t...
forensic investigationmalware analysisworkstation triagehost analysis - Question #141Security Policies and Procedures
Refer to the exhibit. Where are the browser page rendering permissions displayed?
X-Frame-OptionsHTTP headersclickjacking protectionbrowser security - Question #142Network Intrusion Analysis
Refer to the exhibit. Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and...
pxGridCisco ISEStealthwatchthreat containment