Latest Cisco 350-201 Dumps PDF Questions Answers 2025

Performing CyberOps Using Core Security Technologies (CBRCOR) Questions and Answers

Question 1

An engineer has created a bash script to automate a complicated process. During script execution, this error occurs: permission denied. Which command must be added to execute this script?

Options:

chmod +x ex.sh

source ex.sh

chroot ex.sh

sh ex.sh

Buy Now

Question 2

An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization’s service area. What are the next steps the engineer must take?

Options:

Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.

Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.

Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in QUESTION NO:, and cross-correlate other source events.

Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

Question 3

Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.

Options:

Question 4

An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight. Which type of compromise is indicated?

Options:

phishing

dumpster diving

social engineering

privilege escalation

Question 5

Refer to the exhibit.

Where does it signify that a page will be stopped from loading when a scripting attack is detected?

Options:

x-frame-options

x-content-type-options

x-xss-protection

x-test-debug

Answer:

Explanation:

The HTTP response header that signifies a page will be stopped from loading when a scripting attack is detected is the x-xss-protection header. When configured with the value “1; mode=block”, it instructs the browser to block the entire page from loading if a cross-site scripting (XSS) attack is detected, rather than attempting to sanitize the potentially malicious script. This header is a browser-side measure to prevent the execution of scripts if an XSS attack is suspected.

The other headers listed serve different purposes:

x-frame-options: Controls whether a browser should be allowed to render a page in a , , <embed>, or <object>.</p><p><b>x-content-type-options</b>: Prevents the browser from interpreting files as a different MIME type to what is specified in the Content-Type HTTP header.</p><p><b>x-test-debug</b>: This is not a standard response header and does not relate to XSS protection.</p></ul><p>It’s important to configure web servers and applications with the appropriate security headers to mitigate various types of web-based attacks.</p></div><div class="reference">[Reference: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security- headers-ad-fs, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 6 </div> <div class="qquestion" > <div class="questionContent"><p>How does Wireshark decrypt TLS network traffic?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>with a key log file using per-session secrets</p></div> <div class="qoption">B. <p>using an RSA public key</p></div> <div class="qoption">C. <p>by observing DH key exchange</p></div> <div class="qoption">D. <p>by defining a user-specified decode-as</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('6');">Show Answer</button> <div class="myanswer" id="6" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>Wireshark decrypts TLS network traffic by using a key log file that contains per-session secrets1. This method is effective even when Diffie-Hellman (DH) key exchange is used, which is common in modern encrypted communications. The key log file is typically generated by applications like web browserswhen the SSLKEYLOGFILE environment variable is set. This file records the necessary per-session secrets that Wireshark can then use to decrypt the traffic1.</p><p>It’s important to note that while this method is universal and works across different TLS versions, including TLS 1.3, other methods such as using an RSA private key are limited to certain conditions and do not work with TLS 1.3 or when (EC)DHE cipher suites are selected1. Therefore, the key log file method is the most reliable and widely applicable approach for decrypting TLS in Wireshark.</p></div><div class="reference">[Reference: https://wiki.wireshark.org/TLS, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 7 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/78186971-c546-447a-acd1-12dcf3b23840.jpeg" ></img></p><p>What is the connection status of the ICMP event?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>blocked by a configured access policy rule</p></div> <div class="qoption">B. <p>allowed by a configured access policy rule</p></div> <div class="qoption">C. <p>blocked by an intrusion policy rule</p></div> <div class="qoption">D. <p>allowed in the default action</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('7');">Show Answer</button> <div class="myanswer" id="7" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The connection status of the ICMP event is indicated as “allowed” by a configured access policy rule. This is determined by the Access Control Rule Action column in the security event monitoring interface, which shows that the event was not blocked but permitted through the network based on an existing access policy rule. This suggests that the ICMP (Internet Control Message Protocol) traffic was evaluated against the access policy and was found to comply with the rules set within the policy, thus being allowed to proceed.</p><p><i>References</i>:</p><ul><p>The Performing CyberOps Using Cisco Security Technologies (CBRCOR) course guides learners through cybersecurity operations fundamentals, including how to interpret security event logs and understand access control policies1.</p><p>The Cisco Certified CyberOps Associate certification provides knowledge on monitoring, detecting, and responding to cybersecurity threats, which includes understanding the significance of access control rules in network traffic management2.</p></ul></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 8 </div> <div class="qquestion" > <div class="questionContent"><p>A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Assess the network for unexpected behavior</p></div> <div class="qoption">B. <p>Isolate critical hosts from the network</p></div> <div class="qoption">C. <p>Patch detected vulnerabilities from critical hosts</p></div> <div class="qoption">D. <p>Perform analysis based on the established risk factors</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('8');">Show Answer</button> <div class="myanswer" id="8" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The first action for an incident response team following the detection of a malware outbreak is to isolate critical hosts from the network. This containment strategy is crucial to prevent the spread of the malware to other parts of the network and to minimize the impact while the team works on eradicating the threat and recovering from the incident4.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 9 </div> <div class="qquestion" > <div class="questionContent"><p>Which action should be taken when the HTTP response code 301 is received from a web application?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Update the cached header metadata.</p></div> <div class="qoption">B. <p>Confirm the resource’s location.</p></div> <div class="qoption">C. <p>Increase the allowed user limit.</p></div> <div class="qoption">D. <p>Modify the session timeout setting.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('9');">Show Answer</button> <div class="myanswer" id="9" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>When an HTTP response code 301 is received from a web application, it indicates that the requested resource has been permanently moved to a new location. The action to be taken is to confirm the resource’s new location, as the 301 status code is used for permanent URL redirection</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 10 </div> <div class="qquestion" > <div class="questionContent"><p>An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>HIPAA</p></div> <div class="qoption">B. <p>FISMA</p></div> <div class="qoption">C. <p>COBIT</p></div> <div class="qoption">D. <p>PCI DSS</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('10');">Show Answer</button> <div class="myanswer" id="10" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The Payment Card Industry Data Security Standard (PCI DSS) is the compliance regulation that must be applied to a company that accepts credit card payments. PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Since the small business in question has acquired a POS terminal to handle credit card transactions, it falls under the purview of PCI DSS compliance.</p></div><div class="reference">[Reference: https://upserve.com/restaurant-insider/restaurant-pos-pci-compliance-checklist/, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 11 </div> <div class="qquestion" > <div class="questionContent"><p>A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.</p></div> <div class="qoption">B. <p>Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.</p></div> <div class="qoption">C. <p>Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.</p></div> <div class="qoption">D. <p>Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('11');">Show Answer</button> <div class="myanswer" id="11" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>To gain a comprehensive overview of the incident involving DDOS attacks and ransomware, the SOC engineer should run and evaluate a full packet capture on the workloads, review Security Information and Event Management (SIEM) logs, and define a root cause. This will help in understanding the nature of the attacks, the extent of the damage, and the vulnerabilities that were exploited</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 12 </div> <div class="qquestion" > <div class="questionContent"><p>What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>401</p></div> <div class="qoption">B. <p>402</p></div> <div class="qoption">C. <p>403</p></div> <div class="qoption">D. <p>404</p></div> <div class="qoption">E. <p>405</p></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('12');">Show Answer</button> <div class="myanswer" id="12" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The HTTP response code <b>404 Not Found</b> is used when the REST API information requested by the authenticated user cannot be found1234. This means that the server can not find the requested resource. In the context of an API, this can also mean that the endpoint is valid but the resource itself does not exist4.</p></div><div class="reference">[Reference: https://airbrake.io/blog/http-errors/401-unauthorized-error#:~:text=The%20401%20Unauthorized% 20Error%20is,client%20could%20not%20be%20authenticated., ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 13 </div> <div class="qquestion" > <div class="questionContent"><p>A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>incident response playbooks</p></div> <div class="qoption">B. <p>asset vulnerability assessment</p></div> <div class="qoption">C. <p>report of staff members with asset relations</p></div> <div class="qoption">D. <p>key assets and executives</p></div> <div class="qoption">E. <p>malware analysis report</p></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('13');">Show Answer</button> <div class="myanswer" id="13" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B, E </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>According to NIST guidelines for conducting risk assessments, two critical elements required to calculate risk are understanding the vulnerabilities of the assets (asset vulnerability assessment) and having a detailed analysis of the threat (malware analysis report). The asset vulnerability assessment identifies the weaknesses that could be exploited by the malware, while the malware analysis report provides insight into the capabilities, propagation methods, and potential impact of the malware. These elements are essential for determining the likelihood and impact of the risk, which are key components of a risk assessment</p></div><div class="reference">[Reference: https://cloudogre.com/risk-assessment/, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 14 </div> <div class="qquestion" > <div class="questionContent"><p>A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.</p></div> <div class="qoption">B. <p>Inform the user by enabling an automated email response when the rule is triggered.</p></div> <div class="qoption">C. <p>Inform the incident response team by enabling an automated email response when the rule is triggered.</p></div> <div class="qoption">D. <p>Create an automation script for blocking URLs on the firewall when the rule is triggered.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('14');">Show Answer</button> <div class="myanswer" id="14" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>Creating an automation script for blocking URLs on the firewall when the rule is triggered will improve the effectiveness of the process by reducing the time between the detection of a request to a malicious URL and the blocking action. This proactive approach ensures that the URLs are blocked immediately, minimizing the window of opportunity for the threat to cause harm</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 15 </div> <div class="qquestion" > <div class="questionContent"><p>A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company’s confidential document management folder using a company- owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Measure confidentiality level of downloaded documents.</p></div> <div class="qoption">B. <p>Report to the incident response team.</p></div> <div class="qoption">C. <p>Escalate to contractor’s manager.</p></div> <div class="qoption">D. <p>Communicate with the contractor to identify the motives.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('15');">Show Answer</button> <div class="myanswer" id="15" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p> Upon receiving an alert that a contractor has downloaded multiple documents from the company’s confidential document management folder, the security manager should report the incident to the incident response team. This team is responsible for investigating the incident, assessing the impact, and determining the appropriate response to the unauthorized access</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 16 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/86cfb5c3-a822-49b6-8585-47c730a1b0cb.jpeg" ></img></p><p>An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Top Peers</p></div> <div class="qoption">B. <p>Top Hosts</p></div> <div class="qoption">C. <p>Top Conversations</p></div> <div class="qoption">D. <p>Top Ports</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('16');">Show Answer</button> <div class="myanswer" id="16" style="display: none;"> <h4>Answer:</h4> <span class="ans"> C </span> <h4>Explanation:</h4> <span> <div class="explanation"><p> In Cisco Secure Network Analytics (Stealthwatch), when an engineer needs to analyze the top data transmissions to identify significant anomalies in traffic within a host group, the Top Conversations tool is used. This tool provides a detailed view of the communication between hosts, showing which pairs of hosts are exchanging the most data. By examining the top conversations, the engineer can pinpoint which specific data flows are contributing to the anomaly and take appropriate action.</p><p>The Top Conversations tool is particularly useful for this task because it focuses on the interactions between hosts, rather than just the volume of traffic (Top Ports), the individual hosts themselves (Top Hosts), or the peers (Top Peers) involved in the network communications. It allows for a more granular analysis of the network traffic, which is essential for identifying and addressing anomalies.</p></div><div class="reference">[Reference: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKSEC-3014.pdf, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 17 </div> <div class="qquestion" > <div class="questionContent"><p>An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Investigate the vulnerability to prevent further spread</p></div> <div class="qoption">B. <p>Acknowledge the vulnerabilities and document the risk</p></div> <div class="qoption">C. <p>Apply vendor patches or available hot fixes</p></div> <div class="qoption">D. <p>Isolate the assets affected in a separate network</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('17');">Show Answer</button> <div class="myanswer" id="17" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>If management decides not to prioritize fixing the vulnerabilities and accepts them, the next step for the engineer is to acknowledge the vulnerabilities and document the risk. This involves recording the decision and the rationale behind it, assessing the potential impact, and ensuring that there is a clear understanding of the risks being accepted. This documentation is crucial for future reference and accountability, and it may also include recommendations for mitigating the risk where possible</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 18 </div> <div class="qquestion" > <div class="questionContent"><p>Drag and drop the function on the left onto the mechanism on the right.</p><p><img src="/img/media/Cisco/350-201/4.1/8f572f6f-b68e-42e0-b93a-5edbb7205fba.jpeg" ></img></p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('18');">Show Answer</button> <div class="myanswer" id="18" style="display: none;"> <h4>Answer:</h4> <span class="ans"> <div class="answer"><span class="correctAnswerLabel">Answer: </span><img src="/img/media/Cisco/350-201/4.1/answer-images/18.png"></img></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 19 </div> <div class="qquestion" > <div class="questionContent"><p>A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user’s laptop while traveling. The attacker has the user’s credentials and is attempting to connect to the network.</p><p>What is the next step in handling the incident?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Block the source IP from the firewall</p></div> <div class="qoption">B. <p>Perform an antivirus scan on the laptop</p></div> <div class="qoption">C. <p>Identify systems or services at risk</p></div> <div class="qoption">D. <p>Identify lateral movement</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('19');">Show Answer</button> <div class="myanswer" id="19" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p> When a SIEM tool alerts about a VPN connection attempt from an unusual location, and it is validated that an attacker has installed a remote access tool on a user’s laptop, the immediate next step is to block the source IP from the firewall. This action prevents the attacker from using that IP address to establish a connection to the network, thereby containing the threat and preventing further unauthorized access2.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 20 </div> <div class="qquestion" > <div class="questionContent"><p>A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.861.2117.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>DDoS attack</p></div> <div class="qoption">B. <p>phishing attack</p></div> <div class="qoption">C. <p>virus outbreak</p></div> <div class="qoption">D. <p>malware outbreak</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('20');">Show Answer</button> <div class="myanswer" id="20" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The presence of unusual internal traffic and unexplained encrypted data files suggests a malware outbreak. Malware can cause abnormal network traffic patterns and encrypt files on infected systems, often leading to ransomware attacks or data exfiltration efforts</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 21 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/50b2a8fc-3a4f-439b-8fe0-8f404ff0c92d.jpeg" ></img></p><p>An employee is a victim of a social engineering phone call and installs remote access software to allow an “MS Support” technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee’s laptop and the remote technician’s system?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>No database files were disclosed</p></div> <div class="qoption">B. <p>The database files were disclosed</p></div> <div class="qoption">C. <p>The database files integrity was violated</p></div> <div class="qoption">D. <p>The database files were intentionally corrupted, and encryption is possible</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('21');">Show Answer</button> <div class="myanswer" id="21" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p> In this scenario, the employee’s installation of remote access software at the behest of a fraudulent “MS Support” technician and the subsequent suspicious request for payment in gift cards are strong indicators of a social engineering attack. The presence of unencrypted database files on the system, coupled with the technician’s remote access, raises legitimate concerns about data disclosure. While HTTPS encrypts the data in transit, it does not prevent the remote user from copying files. Without concrete evidence, such as network logs showing data transfer, it is challenging to confirm the disclosure. However, given the circumstances, it is prudent to operate under the assumption that the database files could have been accessed and potentially copied during the remote session. The organization should follow its incident response protocol, which includes conducting a thorough investigation, changing passwords, and monitoring for potential data misuse.</p><p><i>References</i>:</p><ul><p>Cisco’s CyberOps curriculum emphasizes the importance of understanding security procedures and incident handling, which would include responding to potential data disclosure incidents1.</p><p>The Cisco Certified CyberOps Associate Overview outlines knowledge areas such as security concepts and intrusion analysis, relevant to investigating and responding to security incidents</p></ul></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 22 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/bb977e56-34e6-416a-82e6-3fe75e0431c3.jpeg" ></img></p><p>The Cisco Secure Network Analytics (Stealthwatch) console alerted with “New Malware Server Discovered” and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.</p><p><img src="/img/media/Cisco/350-201/4.1/039dd095-9de8-4014-9206-22e1c0f91c39.jpeg" ></img></p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('22');">Show Answer</button> <div class="myanswer" id="22" style="display: none;"> <h4>Answer:</h4> <span class="ans"> <div class="answer"><span class="correctAnswerLabel">Answer: </span><img src="/img/media/Cisco/350-201/4.1/answer-images/22.png"></img></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 23 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/939d3cff-f9fe-450f-b498-ddbe3f6298c7.jpeg" ></img></p><p>An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim’s spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address. Which action does the engineer recommend?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Use command ip verify reverse-path interface</p></div> <div class="qoption">B. <p>Use global configuration command service tcp-keepalives-out</p></div> <div class="qoption">C. <p>Use subinterface command no ip directed-broadcast</p></div> <div class="qoption">D. <p>Use logging trap 6</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('23');">Show Answer</button> <div class="myanswer" id="23" style="display: none;"> <h4>Answer:</h4> <span class="ans"> C </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The recommended action to mitigate an attack that is broadcasting a large number of ICMP packets using a spoofed source IP address is to use the subinterface command no ip directed-broadcast. This command prevents the Cisco IOS device from forwarding packets that are addressed to IP broadcast addresses. By disabling the directed broadcast feature, the network devices will not respond to broadcast messages sent to the network’s broadcast address, thus mitigating the attack and preventing the amplification of the ICMP packets back to the victim’s IP address.</p></div><div class="reference">[Reference: https://www.ccexpert.us/pix-firewall/ip-verify-reversepath-command.html, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 24 </div> <div class="qquestion" > <div class="questionContent"><p>What is the difference between process orchestration and automation?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.</p></div> <div class="qoption">B. <p>Orchestration arranges the tasks, while automation arranges processes.</p></div> <div class="qoption">C. <p>Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.</p></div> <div class="qoption">D. <p>Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('24');">Show Answer</button> <div class="myanswer" id="24" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>Automation refers to the configuration of a single process or a small number of related tasks to run without human intervention. Orchestration, on the other hand, involves managing multiple automated tasks to create a dynamic workflow. While automation focuses on making individual tasks more efficient, orchestration looks at the bigger picture to optimize a series of tasks that make up a process</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 25 </div> <div class="qquestion" > <div class="questionContent"><p>Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.</p><p><img src="/img/media/Cisco/350-201/4.1/d98c2b68-e8f3-4acc-961b-70e0c775407a.png" ></img></p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('25');">Show Answer</button> <div class="myanswer" id="25" style="display: none;"> <h4>Answer:</h4> <span class="ans"> <div class="answer"><span class="correctAnswerLabel">Answer: </span><img src="/img/media/Cisco/350-201/4.1/answer-images/25.png"></img></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 26 </div> <div class="qquestion" > <div class="questionContent"><p>A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period</p></div> <div class="qoption">B. <p>Create a rule triggered by 1 successful VPN connection from any nondestination country</p></div> <div class="qoption">C. <p>Create a rule triggered by multiple successful VPN connections from the destination countries</p></div> <div class="qoption">D. <p>Analyze the logs from all countries related to this user during the traveling period</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('26');">Show Answer</button> <div class="myanswer" id="26" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p> To detect abnormal behavior for a UK-based user traveling between three countries, creating a rule that triggers an alert for a successful VPN connection from any nondestination country is an effective strategy. This rule helps in identifying potential unauthorized access or compromised credentials if the user’s account is accessed from a location where they are not supposed to be2.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 27 </div> <div class="qquestion" > <div class="questionContent"><p>An engineer is analyzing a possible compromise that happened a week ago when the company? (Choose two.)</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>firewall</p></div> <div class="qoption">B. <p>Wireshark</p></div> <div class="qoption">C. <p>autopsy</p></div> <div class="qoption">D. <p>SHA512</p></div> <div class="qoption">E. <p>IPS</p></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('27');">Show Answer</button> <div class="myanswer" id="27" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B, C </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>When analyzing a possible compromise that occurred in the past, tools like Wireshark and Autopsy can be instrumental. Wireshark is a network protocol analyzer that can capture and display the data traveling back and forth on a network in real-time. It’s useful for understanding what happened during the compromise by analyzing the packets for signs of malicious activity. Autopsy is a digital forensics platform that cananalyze hard drives and smartphones to recover evidence of a compromise, such as malware artifacts or suspicious file changes. Both tools would provide an engineer with the necessary data to analyze the events leading up to and during the compromise.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 28 </div> <div class="qquestion" > <div class="questionContent"><p>An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually. Which action will improve workflow automation?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.</p></div> <div class="qoption">B. <p>Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.</p></div> <div class="qoption">C. <p>Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.</p></div> <div class="qoption">D. <p>Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('28');">Show Answer</button> <div class="myanswer" id="28" style="display: none;"> <h4>Answer:</h4> <span class="ans"> C </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 29 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/ff69a5d5-462e-4778-bd1e-815bb61a425b.jpeg" ></img></p><p>Which indicator of compromise is represented by this STIX?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>website redirecting traffic to ransomware server</p></div> <div class="qoption">B. <p>website hosting malware to download files</p></div> <div class="qoption">C. <p>web server vulnerability exploited by malware</p></div> <div class="qoption">D. <p>cross-site scripting vulnerability to backdoor server</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('29');">Show Answer</button> <div class="myanswer" id="29" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The STIX (Structured Threat Information eXpression) object in the exhibit indicates that the compromise involves a website hosting malware, which is designed to download files onto a user’s system without their knowledge. This type of indicator is commonly associated with drive-by download attacks, where visiting a website can result in the automatic download and execution of malware. The STIX object would contain information about the malicious URLs, file hashes, and other relevant indicators that can be used to detect and prevent such threats.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 30 </div> <div class="qquestion" > <div class="questionContent"><p>What is the impact of hardening machine images for deployment?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>reduces the attack surface</p></div> <div class="qoption">B. <p>increases the speed of patch deployment</p></div> <div class="qoption">C. <p>reduces the steps needed to mitigate threats</p></div> <div class="qoption">D. <p>increases the availability of threat alerts</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('30');">Show Answer</button> <div class="myanswer" id="30" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>Hardening machine images for deployment reduces the attack surface by eliminating unnecessary services, closing open network ports, removing unused software, and applying security configurations. This process minimizes the number of potential vulnerabilities that can be exploited by attackers3.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 31 </div> <div class="qquestion" > <div class="questionContent"><p>A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>HIPAA</p></div> <div class="qoption">B. <p>PCI-DSS</p></div> <div class="qoption">C. <p>Sarbanes-Oxley</p></div> <div class="qoption">D. <p>GDPR</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('31');">Show Answer</button> <div class="myanswer" id="31" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>A European-based advertisement company that collects tracking information from partner websites must adhere to the General Data Protection Regulation (GDPR). GDPR is the standard that governs data protection and privacy in the European Union and the European Economic Area. It provides guidelines on how personal data should be collected, processed, and stored, ensuring that individuals’ data is protected and that companies are transparent about their data handling practices</p></div><div class="reference">[Reference: https://www.thesslstore.com/blog/10-data-privacy-and-encryption-laws-every-business-needs-to- know/, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 32 </div> <div class="qquestion" > <div class="questionContent"><p>A company launched an e-commerce website with multiple points of sale through internal and external e- stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Mask PAN numbers</p></div> <div class="qoption">B. <p>Encrypt personal data</p></div> <div class="qoption">C. <p>Encrypt access</p></div> <div class="qoption">D. <p>Mask sales details</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('32');">Show Answer</button> <div class="myanswer" id="32" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>To comply with PCI standards for hardening systems, especially for an e-commerce website with multiple points of sale, it is essential to encrypt personal data. This includes any information that can be used to identify an individual, such as names, addresses, and credit card numbers. Encryption helps protect this data during transmission and storage, reducing the risk of unauthorized access and data breaches2.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 33 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/9127e119-1cfc-46bb-a7e8-161953897592.jpeg" ></img></p><p>An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.</p></div> <div class="qoption">B. <p>The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.</p></div> <div class="qoption">C. <p>The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.</p></div> <div class="qoption">D. <p>The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('33');">Show Answer</button> <div class="myanswer" id="33" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The indicator of compromise (IoC) for the malware in question is that it has routines for encryption and decryption, which are used to conceal URLs/IP addresses. Additionally, it is capturing keystrokes and webcam events, and storing this data in encrypted files locally on the company server. This behavior is indicative of malware that is designed to stealthily collect and exfiltrate sensitive information without being easily detected. The use of encryption helps to hide the data and the destination to which it may be sent, making it more challenging for security systems to identify and block the malicious activity.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 34 </div> <div class="qquestion" > <div class="questionContent"><p>A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>Allow list only authorized hosts to contact the application’s IP at a specific port.</p></div> <div class="qoption">B. <p>Allow list HTTP traffic through the corporate VLANS.</p></div> <div class="qoption">C. <p>Allow list traffic to application’s IP from the internal network at a specific port.</p></div> <div class="qoption">D. <p>Allow list only authorized hosts to contact the application’s VLAN.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('34');">Show Answer</button> <div class="myanswer" id="34" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>When dealing with an outdated application in a private VLAN, the IPS should be tuned to allow list only authorized hosts to contact the application’s IP at a specific port. This ensures that only known and trusted entities can communicate with the application, reducing the risk of unauthorized access or data leakage3.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 35 </div> <div class="qquestion" > <div class="questionContent"><p>What is a benefit of key risk indicators?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>clear perspective into the risk position of an organization</p></div> <div class="qoption">B. <p>improved visibility on quantifiable information</p></div> <div class="qoption">C. <p>improved mitigation techniques for unknown threats</p></div> <div class="qoption">D. <p>clear procedures and processes for organizational risk</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('35');">Show Answer</button> <div class="myanswer" id="35" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>Key risk indicators (KRIs) provide a clear perspective into the risk position of an organization. KRIs are metrics used to proactively measure risks that a business may face. They serve as early warning signs of upcoming crises, which can provide an organization’s management team time to create an action plan to mitigate that risk’s potential impact or prevent it from occurring2.</p></div><div class="reference">[Reference: https://www.metricstream.com/insights/Key-Risk-indicators-ERM.htm#:~:text=Risk% 20Management%20(ERM)-,Overview,and%20mitigate%20them%20in%20time., ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 36 </div> <div class="qquestion" > <div class="questionContent"><p>An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>diagnostic</p></div> <div class="qoption">B. <p>qualitative</p></div> <div class="qoption">C. <p>predictive</p></div> <div class="qoption">D. <p>statistical</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('36');">Show Answer</button> <div class="myanswer" id="36" style="display: none;"> <h4>Answer:</h4> <span class="ans"> C </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>Predictive analytics is the most suitable data analytic technique for anticipating future cyberattacks. It involves using historical data, statistical algorithms, and machine learning techniques to identify the likelihood of future outcomes based on patterns and trends. This approach can help organizations forecast potential cyber threats and take proactive measures to mitigate them before they occur123.</p></div><div class="reference">[Reference: https://insights.principa.co.za/4-types-of-data-analytics-descriptive-diagnostic-predictive- prescriptive, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 37 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/b7ccdcce-08ee-470b-9199-95ee81cdf848.png" ></img></p><p>Where is the MIME type that should be followed indicated?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>x-test-debug</p></div> <div class="qoption">B. <p>strict-transport-security</p></div> <div class="qoption">C. <p>x-xss-protection</p></div> <div class="qoption">D. <p>x-content-type-options</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('37');">Show Answer</button> <div class="myanswer" id="37" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The MIME type that should be followed is indicated by the x-content-type-options header in HTTP responses. This header is used to instruct the browser not to attempt MIME type sniffing, but to stick with the MIME type declared by the server. This can help prevent security risks associated with incorrect MIME type interpretation, such as executing non-executable MIME types as if they were scripts12.</p><p><i>References</i>:</p><ul><p>The Performing CyberOps Using Cisco Security Technologies (CBRCOR) course guides learners through cybersecurity operations fundamentals, including how to interpret security event logs and understand access control policies1.</p><p>The Cisco Certified CyberOps Associate certification provides knowledge on monitoring, detecting, and responding to cybersecurity threats, which includes understanding the significance of access control rules in network traffic management2.</p></ul></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 38 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/4d691eb9-6f9a-4a25-b314-fc1475cc9e5c.jpeg" ></img></p><p>Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores do not indicate the likelihood of malicious ransomware.</p></div> <div class="qoption">B. <p>The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores are high and do not indicate the likelihood of malicious ransomware.</p></div> <div class="qoption">C. <p>The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the</p><p>scores are high and indicate the likelihood that malicious ransomware has been detected.</p></div> <div class="qoption">D. <p>The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are low and indicate the likelihood that malicious ransomware has been detected.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('38');">Show Answer</button> <div class="myanswer" id="38" style="display: none;"> <h4>Answer:</h4> <span class="ans"> C </span> <h4>Explanation:</h4> <span> <div class="explanation"><p> In the context of Cisco Advanced Malware Protection (AMP), when a file is submitted to the Threat Grid analysis engine, it undergoes a thorough behavioral analysis to determine if it exhibits characteristics typical of malware. The Threat Grid provides detailed reports that include behavioral indicators of compromise (IoCs), which are actions or artifacts on a network or an endpoint that with high confidence indicate a breach.</p><p>In this case, the report generated by the Threat Grid for a low prevalence file shows high severity scores for the behavioral indicators. This suggests that the behaviors observed are strongly indicative of malicious activity, specifically ransomware. The high scores reflect the Threat Grid’s confidence in the malicious nature of the file based on its observed behaviors, which may include patterns of encryption consistent with ransomware, network activity that matches known ransomware command and control patterns, or file system changes that are characteristic of ransomware encryption.</p><p>Therefore, the correct answer is C, as the high scores on the behavioral indicators strongly suggest the presence of ransomware, justifying the execution of the ransomware detection mechanisms by Cisco AMP.</p></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 39 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/28ebc139-c97a-4cf4-b35a-80689d143a7e.jpeg" ></img></p><p>Where are the browser page rendering permissions displayed?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>x-frame-options</p></div> <div class="qoption">B. <p>x-xss-protection</p></div> <div class="qoption">C. <p>x-content-type-options</p></div> <div class="qoption">D. <p>x-test-debug</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('39');">Show Answer</button> <div class="myanswer" id="39" style="display: none;"> <h4>Answer:</h4> <span class="ans"> A </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The browser page rendering permissions are displayed in the HTTP response header named x-frame-options. This header is used to control whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>. Sites can use this to avoid clickjacking attacks by ensuring that their content is not embedded into other sites. The directive SAMEORIGIN means the page can only be displayed in a frame on the same origin as the page itself. Other values could be DENY, which prevents any domain from framing the content, or ALLOW-FROM uri, which permits framing the content only by the specified URI.</p></div><div class="reference">[Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options, ]</div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 40 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/cd30f6fe-51b7-46f4-8fb4-880f81845c81.jpeg" ></img></p><p>What is occurring in this packet capture?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>TCP port scan</p></div> <div class="qoption">B. <p>TCP flood</p></div> <div class="qoption">C. <p>DNS flood</p></div> <div class="qoption">D. <p>DNS tunneling</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('40');">Show Answer</button> <div class="myanswer" id="40" style="display: none;"> <h4>Answer:</h4> <span class="ans"> D </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The packet capture shown in the exhibit is indicative of DNS tunneling. This conclusion is drawn from the observation of the packets’ consistent size and frequency, which are directed to a specific destination IP address. Such a pattern is characteristic of DNS tunneling, where data is encapsulated within DNS queries and responses. This method is often used to bypass security controls or for data exfiltration, as it can blend with regular DNS traffic, making detection more challenging.</p><p>DNS tunneling can be used for legitimate purposes, such as when an organization’s remote workers need to access internal networks. However, it is also a technique commonly exploited by attackers to smuggle data out of a network or to communicate with command and control servers while evading detection.</p><p><i>References</i>:</p><ul><p>Cisco’s official training materials on Performing CyberOps Using Cisco Security Technologies (CBRCOR) provide insights into analyzing packet captures and identifying different types of network traffic, including malicious activities like DNS tunneling.</p><p>The Cisco CyberOps Associate Certification resources include detailed information on threat identification and response strategies pertinent to DNS tunneling.</p></ul></div> </span> </div> </div> </div> <div class="col-lg-12 examQuestions"> <div class="qheader"> Question 41 </div> <div class="qquestion" > <div class="questionContent"><p>Refer to the exhibit.</p><p><img src="/img/media/Cisco/350-201/4.1/a47f29f2-aeed-4a22-8d22-69aa5f5d2fba.jpeg" ></img></p><p>An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?</p></div> </div> <div class="options"> <h4>Options:</h4> <div class="qoption">A. <p>The file is redirecting users to a website that requests privilege escalations from the user.</p></div> <div class="qoption">B. <p>The file is redirecting users to the website that is downloading ransomware to encrypt files.</p></div> <div class="qoption">C. <p>The file is redirecting users to a website that harvests cookies and stored account information.</p></div> <div class="qoption">D. <p>The file is redirecting users to a website that is determining users’ geographic location.</p></div> <div class="qoption"></div> <div class="qoption"></div> <div class="qoption"></div> </div> <div class="qanswer"> <button class="btn btn-success" onclick="showhidequesion('41');">Show Answer</button> <div class="myanswer" id="41" style="display: none;"> <h4>Answer:</h4> <span class="ans"> B </span> <h4>Explanation:</h4> <span> <div class="explanation"><p>The STIX (Structured Threat Information eXpression) provided in the exhibit indicates a risk associated with a file that redirects users to a malicious website. The code snippet shows an HTTP request being made to a URL known fordistributing ransomware. This type of threat involves tricking users into downloading and executing malicious software that encrypts their files and then demands payment for decryption. The static analysis of the file’s behavior, as shown in the code, supports the conclusion that the file poses a risk of ransomware infection1.</p><p><i>References</i>:</p><ul><p>Cisco CyberOps Using Core Security Technologies documentation.</p><p>Understanding Cisco CyberOps Using Core Security Technologies from Cisco’s official training and certifications resources.</p><p>Foundation Topics > Security Principles | Cisco Press1.</p><p>Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR) v1.02.</p><p>CBRFIR Exam Topics - Cisco Learning Network</p></ul></div> </span> </div> </div> </div> </div> <div class="col-lg-4"> <div class="col-lg-12 bundlePkg"> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data text-center pkgHeading"> <div class="col-sm-12">Exam Detail</div> </div> </div> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data"> <div class="col-sm-12"><b>Vendor:</b> <a href="/cisco-certification-exams.html" style="color:#fff; text-decoration: underline;">Cisco</a></div> </div> </div> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data"> <div class="col-sm-12"><b>Certification:</b> <a href="/cisco/cyberops-professional-dumps.html" style="color:#fff; text-decoration: underline;" >CyberOps Professional</a></div> </div> </div> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data"> <div class="col-sm-12"><b>Exam Code:</b> <a href="/product-detail/350-201.html" style="color:#fff; text-decoration: underline;">350-201</a></div> </div> </div> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data"> <div class="col-sm-12"><b>Exam Name:</b> <a href="/Cisco-dumps/350-201.html" style="color:#fff; text-decoration: underline;">Performing CyberOps Using Core Security Technologies (CBRCOR)</a></div> </div> </div> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data"> <div class="col-sm-12"><b>Last Update:</b> Mar 10, 2025</div> </div> </div> </div> <div class="spacing"></div> <div class="col-lg-12 bundlePkg" style=" background-color: #f7f7f7; box-shadow: unset; border: 1px solid #f7f7f7;"> <div class="row-eq-height"> <div class="col-sm-12 exam-row-data text-center pkgHeading"> <div class="col-sm-12">350-201 Question Answers</div> </div> </div> </div> <div class="spacing" style="background-color: #f7f7f7;"></div> <ul class="sidebarMenu" style="background-color: #f7f7f7;"> <li> <a href="/questions/350-201-questions-bank.html"> 350-201 Questions Bank </a> </li> <li> <a href="/questions/350-201-vce-exam-download.html"> 350-201 VCE Exam Download </a> </li> <li> <a href="/questions/newly-released-cisco-350-201-exam-pdf.html"> Newly Released Cisco 350-201 Exam PDF </a> </li> <li> <a href="/questions/350-201-premium-exam-questions.html"> 350-201 Premium Exam Questions </a> </li> <li> <a href="/questions/complete-350-201-cisco-materials.html"> Complete 350-201 Cisco Materials </a> </li> <li> <a href="/questions/cyberops-professional-350-201-updated-exam.html"> CyberOps Professional 350-201 Updated Exam </a> </li> <li> <a href="/questions/pdf-350-201-study-guide.html"> PDF 350-201 Study Guide </a> </li> <li> <a href="/questions/cyberops-professional-350-201-book.html"> CyberOps Professional 350-201 Book </a> </li> <li> <a href="/questions/changed-350-201-exam-questions.html"> Changed 350-201 Exam Questions </a> </li> <li> <a href="/free-access-cisco.html" style="color: #4cae4c; font-weight:bold;"> Get More Cisco Exams Free Access </a> </li> </ul> </div> </div> </div> </section> <section id="practiceDetail"> <div class="container"> <div class="row"> <div class="col-lg-2 pdC1"> Page: 1 / 10<br /> Total 139 questions </div> <div class="col-lg-4" style="padding: 4px;"> <a href="/questions/350-201-questions-bank.html" class="btn btn-warning"><i class="fa fa-arrow-circle-o-right fa-2x" aria-hidden="true"></i></a> </div> <div class="col-lg-6 text-right" style="padding: 8px;"> <a href="/product-detail/350-201.html" class="btn btn-success practiceBtn1">Get 350-201 Full Access</a> <a href="javascript:void(0);" data-toggle="modal" data-target="#myModal" class="btn btn-warning practiceBtn1">Download 350-201 PDF</a> </div> </div> </div> </section> <div class="modal fade " id="myModal2" role="dialog"> <div class="modal-dialog">  <div class="modal-content"> <div class="modal-header text-center"> <button type="button" class="close" data-dismiss="modal">×</button> <h4 class="modal-title">Unlock 350-201 Features </h4> </div> <div class="modal-body"> <div class="row"> <div class="col-md-12"> <ul> <li>350-201 All Real Exam Questions</li> <li>350-201 Exam easy to use and print PDF format</li> <li>Download Free 350-201 Demo (Try before Buy)</li> <li>Free Frequent Updates</li> <li>100% Passing Guarantee by CertsTopics</li> </ul> </div> <div class="col-lg-12 text-center"> <a href="javascript:void(0);" data-toggle="modal" data-target="#myModal" class="btn btn-warning">Download Demo</a> <a href="/product-detail/350-201.html" class="btn btn-warning">Get Full Access Now</a> </div> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> </div> </div> </div> </div> <div class="modal fade" id="myModal" role="dialog"> <div class="modal-dialog">  <div class="modal-content" style="z-index:2"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal">×</button> <h4 class="modal-title">Questions & Answers PDF Demo</h4> </div> <div class="modal-body"> <div class="row"> <div class="col-md-8"> <ul> <li>350-201 All Real Exam Questions</li> <li>350-201 Exam easy to use and print PDF format</li> <li>Download Free 350-201 Demo (Try before Buy)</li> <li>Free Frequent Updates</li> <li>100% Passing Guarantee by CertsTopics</li> </ul> <form name="downloadDemo" action="/main/cert/download_demo.html" method="post"> <input id="form-token" type="hidden" name="_csrf" value="H8z26zYvT1PeK6ul8n1f2bgQZh25OuxtJQOIJvFb4q5W_8ebcVkVEutT4vGoFTWf7XQucPRx2Bx0TLwTtgyr2w=="/> <input type="email" name="email" placeholder="Email" class="form-control" required> <input type="hidden" name="id" value="7793"> <input type="hidden" name="code" value="350-201"> <input type="hidden" name="vendor" value="Cisco"> <input type="image" src="/img/download-demo.png" alt="download 350-201 demo" /> </form> </div> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> </div> </div> </div> </div> <div class="modal fade" id="myModal3" role="dialog"> <div class="modal-dialog modal-sm">  <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal">×</button> <h4 class="modal-title">Practice Tesitng Engine Demo</h4> </div> <div class="modal-body"> <div class="row"> <form name="downloadDemo" action="/main/cert/download_demo.html" method="post"> <div class="col-md-12"> <input id="form-token" type="hidden" name="_csrf" value="H8z26zYvT1PeK6ul8n1f2bgQZh25OuxtJQOIJvFb4q5W_8ebcVkVEutT4vGoFTWf7XQucPRx2Bx0TLwTtgyr2w=="/> <input type="email" name="email" placeholder="Email" class="form-control" required> <input type="hidden" name="id" value="7793"> <input type="hidden" name="code" value="350-201"> <input type="hidden" name="vendor" value="Cisco"> </div><br /><br /><br /> <div class="col-md-12 text-center"> <input type="submit" class="btn btn-primary" value="Download Demo" /> </div> </form> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> </div> </div> </div> </div> <div id="special-footer" style="background-color:#e7e7e7; padding:10px 0px;"> <div class="container"> <div class="col-md-3"> <h4><b>CompTIA</b></h4> <ul class="footer-links"> <li style="width:100%"><a href="/comptia-dumps/cv0-003.html" style="color:#000;">CV0-003 Dumps</a></li> <li style="width:100%"><a href="/comptia-dumps/sy0-601.html" style="color:#000;">SY0-601 Dumps</a></li> <li style="width:100%"><a href="/comptia-dumps/pt0-002.html" style="color:#000;">PT0-002 Dumps</a></li> <li style="width:100%"><a href="/comptia-dumps/sk0-005.html" style="color:#000;">SK0-005 Dumps</a></li> <li style="width:100%"><a href="/comptia-dumps/cas-004.html" style="color:#000;">CAS-004 Dumps</a></li> </ul> </div> <div class="col-md-3"> <h4><b>Fortinet</b></h4> <ul class="footer-links"> <li style="width:100%"><a href="/fortinet-dumps/nse7_efw-7-0.html" style="color:#000;">NSE7_EFW-7.0 Dumps</a></li> <li style="width:100%"><a href="/fortinet-dumps/nse4_fgt-7-2.html" style="color:#000;">NSE4_FGT-7.2 Dumps</a></li> <li style="width:100%"><a href="/fortinet-dumps/nse8_812.html" style="color:#000;">NSE8_812 Dumps</a></li> <li style="width:100%"><a href="/fortinet-dumps/nse7_pbc-7-2.html" style="color:#000;">NSE7_PBC-7.2 Dumps</a></li> <li style="width:100%"><a href="/fortinet-dumps/fcss_sase_ad-23.html" style="color:#000;">FCSS_SASE_AD-23 Dumps</a></li> </ul> </div> <div class="col-md-3"> <h4><b>Microsoft</b></h4> <ul class="footer-links"> <li style="width:100%"><a href="/microsoft-dumps/az-400.html" style="color:#000;">AZ-400 Dumps</a></li> <li style="width:100%"><a href="/microsoft-dumps/ms-900.html" style="color:#000;">MS-900 Dumps</a></li> <li style="width:100%"><a href="/microsoft-dumps/az-500.html" style="color:#000;">AZ-500 Dumps</a></li> <li style="width:100%"><a href="/microsoft-dumps/mb-310.html" style="color:#000;">MB-310 Dumps</a></li> <li style="width:100%"><a href="/microsoft-dumps/dp-203.html" style="color:#000;">DP-203 Dumps</a></li> </ul> </div> <div class="col-md-3"> <h4><b>Salesforce</b></h4> <ul class="footer-links"> <li style="width:100%"><a href="/salesforce-dumps/sales-cloud-consultant.html" style="color:#000;">Sales-Cloud-Consultant Dumps</a></li> <li style="width:100%"><a href="/salesforce-dumps/service-cloud-consultant.html" style="color:#000;">Service-Cloud-Consultant Dumps</a></li> <li style="width:100%"><a href="/salesforce-dumps/platform-app-builder.html" style="color:#000;">Platform-App-Builder Dumps</a></li> <li style="width:100%"><a href="/salesforce-dumps/pdii.html" style="color:#000;">PDII Dumps</a></li> <li style="width:100%"><a href="/salesforce-dumps/advanced-administrator.html" style="color:#000;">Advanced-Administrator Dumps</a></li> </ul> </div> </div> </div> <div id="sub-footer"> <div class="container"> <div class="col-md-12 col-sm-12 col-xs-12"> <ul class="footer-links"> <li><a href="/">Home</a></li> <li><a href="/vendors.html">All Vendors</a></li> <li><a href="/faq.html">FAQs</a></li> <li><a href="/contactus.html">Contact us</a></li> <li><a href="/aboutus.html">About us</a></li> <li><a href="/guarantee.html">Guarantee</a></li> <li><a href="/dmca.html">DMCA & Copyrights</a></li> </ul> </div> </div> </div> <div id="end-footer"> <div class="container"> <div class="col-md-6 col-sm-6 col-xs-12"> <p style="margin-top:10px; color:#fff;">Copyright © 2021-2025 CertsTopics. All Rights Reserved</p> </div> <div class="col-md-6 col-sm-6 col-xs-12" style=" text-align:right; padding:6px 0px;"> <img src="/img/payment/payment-image.png" style="max-width:260px;" alt="certstopics we accept" /> </div> </div> </div> <script src="/assets/26c808d0/jquery.js"></script> <script src="/assets/58c4cf47/yii.js"></script> <script src="/js/bootstrap.min.js"></script> <script src="/js/manage.js?ver=1.2"></script> <script src="/js/popper.min.js"></script></body> </html>

Pre-Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Cisco 350-201 Dumps Questions Answers

Performing CyberOps Using Core Security Technologies (CBRCOR) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: