Free Cisco 350-201 Exam Questions

Become Cisco Certified with updated 350-201 exam questions and correct answers

Page: 1 / 28

Total 140 Questions | Updated On: Mar 26, 2026

Add To Cart

Question 1

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to

prevent this type of attack from reoccurring? (Choose two.)

A : plement a patch management process.

B : an the company server files for known viruses.

C : ply existing patches to the company servers.

D : tomate antivirus scans of the company servers.

E : fine roles and responsibilities in the incident response playbook.

Answer: A,D

Question 2

Refer to the exhibit.

Which asset has the highest risk value?

A : rvers

B : website

C : payment process

D : cretary workstation

Answer: C

Question 3

Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

A : ploitation

B : tions on objectives

C : livery

D : connaissance

Answer: C

Question 4

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

A : eate a rule triggered by 3 failed VPN connection attempts in an 8-hour period

B : eate a rule triggered by 1 successful VPN connection from any nondestination country

C : eate a rule triggered by multiple successful VPN connections from the destination countries

D : alyze the logs from all countries related to this user during the traveling period

Answer: D

Question 5

An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?

#!/usr/bin/python import sys import requests

A : {1}, {2}

B : {1}, {3}

C : nsole_ip, api_token

D : nsole_ip, reference_set_name

Answer: C

Page: 1 / 28

Total 140 Questions | Updated On: Mar 26, 2026

Add To Cart