最新的Cisco 350-201免費考試真題

問題1

An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

正確答案:

問題2

What do 2xx HTTP response codes indicate for REST APIs?

A. successful acceptance of the client's request

B. the server takes responsibility for error status codes

C. communication of transfer protocol-level information

D. additional action must be taken by the client to complete the request

正確答案: A

說明：（僅 Fast2test 成員可見）

問題3

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

A. Patch detected vulnerabilities from critical hosts

B. Isolate critical hosts from the network

C. Assess the network for unexpected behavior

D. Perform analysis based on the established risk factors

正確答案: B

說明：（僅 Fast2test 成員可見）

問題4

A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

A. Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited

B. Classify the criticality of the information, research the attacker's motives, and identify missing patches

C. Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

D. Determine the damage to the business, extract reports, and save evidence according to a chain of custody

正確答案: A

說明：（僅 Fast2test 成員可見）

問題5

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

A. Determine the systems involved and deploy available patches

B. Analyze event logs and restrict network access

C. Identify the attack vector and update the IDS signature list

D. Review access lists and require users to increase password complexity

正確答案: A

說明：（僅 Fast2test 成員可見）

問題6

An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

A. Access the affected server to confirm compromised files are encrypted.

B. Determine the attack surface.

C. Analyze the source.

D. Disconnect the affected server from the network.

正確答案: D

說明：（僅 Fast2test 成員可見）

問題7

Refer to the exhibit.

An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

A. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.

B. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.

C. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.

D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

正確答案: D

說明：（僅 Fast2test 成員可見）

最新的Cisco Performing CyberOps Using Cisco Security Technologies - 350-201免費考試真題

聯系我們

站內鏈接

最新更新