350-201 実際試験問題と解答 - 模擬練習 - 受験自信を増やす

Question No : 1
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior .
Which type of compromise is occurring?

A.compromised insider
B.compromised root access
C.compromised database tables
D.compromised network

正解:

Question No : 2
A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices .
Which technical architecture must be used?

A.DLP for data in motion
B.DLP for removable data
C.DLP for data in use
D.DLP for data at rest

正解:
Explanation:
Reference: https://www.endpointprotector.com/blog/what-is-data-loss-prevention-dlp/

Question No : 3
What is needed to assess risk mitigation effectiveness in an organization?

A.analysis of key performance indicators
B.compliance with security standards
C.cost-effectiveness of control measures
D.updated list of vulnerable systems

正解:

Question No : 4
Refer to the exhibit.

Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)

A.Create an ACL on the firewall to allow only TLS 1.3
B.Implement a proxy server in the DMZ network
C.Create an ACL on the firewall to allow only external connections
D.Move the webserver to the internal network

正解:

Question No : 5
Refer to the exhibit.

What is the threat in this Wireshark traffic capture?

A.A high rate of SYN packets being sent from multiple sources toward a single destination IP
B.A flood of ACK packets coming from a single source IP to multiple destination IPs
C.A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
D.A flood of SYN packets coming from a single source IP to a single destination IP

正解:

Question No : 6
A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads .
Which standard must the company follow to safeguard the resting data?

A.HIPAA
B.PCI-DSS
C.Sarbanes-Oxley
D.GDPR

正解:
Explanation:
Reference: https://www.thesslstore.com/blog/10-data-privacy-and-encryption-laws-every-business-needs-to- know/

Question No : 7
Refer to the exhibit.

Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy .
Which method was used to signal ISE to quarantine the endpoints?

A.SNMP
B.syslog
C.REST API
D.pxGrid

正解:

Question No : 8
Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit .
What are the next two steps the engineers should take in this investigation? (Choose two.)

A.Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.
B.Identify who installed the application by reviewing the logs and gather a user access log from the HR department.
C.Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.
D.Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.

正解:

Question No : 9
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis .
What should be concluded from this report?

A.The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores do not indicate the likelihood of malicious ransomware.
B.The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores are high and do not indicate the likelihood of malicious ransomware.
C.The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are high and indicate the likelihood that malicious ransomware has been detected.
D.The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are low and indicate the likelihood that malicious ransomware has been detected.

正解:

Question No : 10
An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal .
Which compliance regulations must the audit apply to the company?

A.HIPAA
B.FISMA
C.COBIT
D.PCI DSS

正解:
Explanation:
Reference: https://upserve.com/restaurant-insider/restaurant-pos-pci-compliance-checklist/

Question No : 11
A security architect in an automotive factory is working on the Cyber Security Management System and is implementing procedures and creating policies to prevent attacks .
Which standard must the architect apply?

A.IEC62446
B.IEC62443
C.IEC62439-3
D.IEC62439-2

正解:

Question No : 12
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host .
What is the next step in the incident response workflow?

A.eradication and recovery
B.post-incident activity
C.containment
D.detection and analysis

正解:

Question No : 13
Refer to the exhibit.

What is occurring in this packet capture?

A.TCP port scan
B.TCP flood
C.DNS flood
D.DNS tunneling

正解:

Question No : 14
A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

A.Create a follow-up report based on the incident documentation.
B.Perform a vulnerability assessment to find existing vulnerabilities.
C.Eradicate malicious software from the infected machines.
D.Collect evidence and maintain a chain-of-custody during further analysis.

正解:

Question No : 15
An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually .
Which action will improve workflow automation?

A.Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.
B.Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.
C.Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.
D.Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

正解:

Cisco 350-201 問題練習