cisco 350-201 practice test

Refer to the exhibit. A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

• A. packet sniffer
• B. malware analysis
• C. SIEM
• D. firewall manager

An organization installed a new application server for IP phones. An automated process fetched user credentials from the Active Directory server, and the application will have access to on-premises and cloud services. Which security threat should be mitigated first?

• A. aligning access control policies
• B. exfiltration during data transfer
• C. attack using default accounts
• D. data exposure from backups

A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website.
The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

• A. Determine if there is internal knowledge of this incident.
• B. Check incoming and outgoing communications to identify spoofed emails.
• C. Disconnect the network from Internet access to stop the phishing threats and regain control.
• D. Engage the legal department to explore action against the competitor that posted the spreadsheet.

An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

• A. Move the IPS to after the firewall facing the internal network
• B. Move the IPS to before the firewall facing the outside network
• C. Configure the proxy service on the IPS
• D. Configure reverse port forwarding on the IPS

Refer to the exhibit. Which data format is being used?

• A. JSON
• B. HTML
• C. XML
• D. CSV

Refer to the exhibit. How must these advisories be prioritized for handling?

• A. The highest priority for handling depends on the type of institution deploying the devices
• B. Vulnerability #2 is the highest priority for every type of institution
• C. Vulnerability #1 and vulnerability #2 have the same priority
• D. Vulnerability #1 is the highest priority for every type of institution

Refer to the exhibit. An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim's spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address. Which action does the engineer recommend?

• A. Use command ip verify reverse-path interface
• B. Use global configuration command service tcp-keepalives-out
• C. Use subinterface command no ip directed-broadcast
• D. Use logging trap 6

Refer to the exhibit. Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?
A.

B.

C.

D.

A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company-owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

• A. Measure confidentiality level of downloaded documents.
• B. Report to the incident response team.
• C. Escalate to contractor's manager.
• D. Communicate with the contractor to identify the motives.

DRAG DROP Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.
Select and Place: