• Home
  • Articles
  • Pass Your Cisco 350-201 Exam with Correct 141 Questions and Answers [Q12-Q36]

Pass Your Cisco 350-201 Exam with Correct 141 Questions and Answers [Q12-Q36]

Share

Pass Your  Cisco 350-201 Exam with Correct 141 Questions and Answers

Latest [Feb 13, 2022]  2022 Realistic Verified 350-201 Dumps

NEW QUESTION 12
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?

  • A. Threat scores are low, malicious ransomware has been detected, and files have been modified
  • B. Threat scores are low and no malicious file activity is detected
  • C. Threat scores are high, malicious ransomware has been detected, and files have been modified
  • D. Threat scores are high, malicious activity is detected, but files have not been modified

Answer: A

 

NEW QUESTION 13
A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

  • A. Analyze the logs from all countries related to this user during the traveling period
  • B. Create a rule triggered by 1 successful VPN connection from any nondestination country
  • C. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
  • D. Create a rule triggered by multiple successful VPN connections from the destination countries

Answer: A

 

NEW QUESTION 14
Refer to the exhibit.

An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?

  • A. a Windows executable file
  • B. a MS-DOS executable archive
  • C. an archived malware
  • D. a DOS MZ executable format

Answer: A

 

NEW QUESTION 15
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  • A. Run the sh command
  • B. Run the w command
  • C. Run the who command
  • D. Run the sudo sysdiagnose command

Answer: D

Explanation:
Explanation/Reference: https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/

 

NEW QUESTION 16
What is idempotence?

  • A. the ability to set the target environment configuration regardless of the starting state
  • B. the ability to recover from failures while keeping critical services running
  • C. the necessity of setting maintenance of individual deployment environments
  • D. the assurance of system uniformity throughout the whole delivery process

Answer: D

 

NEW QUESTION 17
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 18
Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

Answer:

Explanation:

Reference:
https://www.densify.com/resources/continuous-integration-delivery-phases

 

NEW QUESTION 19
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

Answer:

Explanation:

 

NEW QUESTION 20
Refer to the exhibit.

An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

  • A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
  • B. Deploy IDS within sensitive areas and continuously update signatures
  • C. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses
  • D. Deploy a SOAR solution and correlate log alerts from customer zones

Answer: A

 

NEW QUESTION 21
Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Answer:

Explanation:

Reference:
https://www.securitymetrics.com/blog/6-phases-incident-response-plan

 

NEW QUESTION 22
The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

  • A. post-incident activity
  • B. eradication and recovery
  • C. containment
  • D. detection and analysis

Answer: B

 

NEW QUESTION 23
Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Answer:

Explanation:

 

NEW QUESTION 24
A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device. Which should be disabled to resolve the issue?

  • A. port UDP 161 and 162
  • B. SNMPv2
  • C. UDP small services
  • D. TCP small services

Answer: B

 

NEW QUESTION 25
Refer to the exhibit.

Which data format is being used?

  • A. JSON
  • B. HTML
  • C. XML
  • D. CSV

Answer: B

 

NEW QUESTION 26
Refer to the exhibit.

Where does it signify that a page will be stopped from loading when a scripting attack is detected?

  • A. x-content-type-options
  • B. x-test-debug
  • C. x-frame-options
  • D. x-xss-protection

Answer: D

 

NEW QUESTION 27
Drag and drop the function on the left onto the mechanism on the right.

Answer:

Explanation:

 

NEW QUESTION 28
What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: C

 

NEW QUESTION 29
An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

  • A. Ensure the online sandbox is GDPR compliant.
  • B. Verify hash integrity.
  • C. Lock the file to prevent unauthorized access.
  • D. Remove all personally identifiable information.

Answer: D

 

NEW QUESTION 30
Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.

Answer:

Explanation:

 

NEW QUESTION 31
An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

  • A. Apply vendor patches or available hot fixes
  • B. Investigate the vulnerability to prevent further spread
  • C. Isolate the assets affected in a separate network
  • D. Acknowledge the vulnerabilities and document the risk

Answer: C

 

NEW QUESTION 32
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

  • A. Inform the user by enabling an automated email response when the rule is triggered.
  • B. Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
  • C. Inform the incident response team by enabling an automated email response when the rule is triggered.
  • D. Create an automation script for blocking URLs on the firewall when the rule is triggered.

Answer: B

 

NEW QUESTION 33
Refer to the exhibit. What is occurring in this packet capture?

  • A. DNS flood
  • B. TCP port scan
  • C. TCP flood
  • D. DNS tunneling

Answer: C

 

NEW QUESTION 34
What is the difference between process orchestration and automation?

  • A. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
  • B. Orchestration arranges the tasks, while automation arranges processes.
  • C. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
  • D. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.

Answer: A

 

NEW QUESTION 35
An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?

  • A. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.
  • B. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.
  • C. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.
  • D. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

Answer: B

 

NEW QUESTION 36
......

Get 2022 Updated Free Cisco 350-201 Exam Questions & Answer: https://www.dumpsactual.com/350-201-actualtests-dumps.html

Pass 350-201 Exam Updated 141 Questions: https://drive.google.com/open?id=1EH9SCDlmWBXVhtgFDZa4yGC9aPjzwjVx

Related Articles

more
Cisco 350-201 Certification Practice Exam

Our exam study dumps are compiled through several times of checking and verification, which are with the high pass rate up to 98%. All the actual questions & answers are selected and confirmed according to strict standards with assurance for 100% pass.

Latest Exam Questions

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsActual NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy