Free Cisco 350-201 Exam Questions

Become Cisco Certified with updated 350-201 exam questions and correct answers

Page: 1 / 28

Total 140 Questions | Updated On: Jul 02, 2025

Add To Cart

Question 1

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to

prevent this type of attack from reoccurring? (Choose two.)

A : plement a patch management process.

B : an the company server files for known viruses.

C : ply existing patches to the company servers.

D : tomate antivirus scans of the company servers.

E : fine roles and responsibilities in the incident response playbook.

Answer: A,D

Question 2

The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

A : nduct a risk assessment of systems and applications

B : olate the infected host from the rest of the subnet

C : tall malware prevention software on the host

D : alyze network traffic on the host's subnet

Answer: B

Question 3

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

A : dify the alert rule to ''output alert_syslog: output log''

B : dify the output module rule to ''output alert_quick: output filename''

C : dify the alert rule to ''output alert_syslog: output header''

D : dify the output module rule to ''output alert_fast: output filename''

Answer: A

Question 4

An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?

#!/usr/bin/python import sys import requests

A : {1}, {2}

B : {1}, {3}

C : nsole_ip, api_token

D : nsole_ip, reference_set_name

Answer: C

Question 5

A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

A : essment scope

B : ent severity and likelihood

C : cident response playbook

D : k model framework

Answer: D

Page: 1 / 28

Total 140 Questions | Updated On: Jul 02, 2025

Add To Cart