Free Cisco 350-201 Exam Questions

Become Cisco Certified with updated 350-201 exam questions and correct answers

Page: 1 / 28

Total 140 Questions | Updated On: Nov 20, 2025

Add To Cart

Question 1

The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

A : nduct a risk assessment of systems and applications

B : olate the infected host from the rest of the subnet

C : tall malware prevention software on the host

D : alyze network traffic on the host's subnet

Answer: B

Question 2

Refer to the exhibit.

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

A : attacker can initiate a DoS attack.

B : attacker can read or change data.

C : attacker can transfer data to an external server.

D : attacker can modify the access logs.

Answer: A

Question 3

A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

A : eate a follow-up report based on the incident documentation.

B : rform a vulnerability assessment to find existing vulnerabilities.

C : Eradicate malicious software from the infected machines.

D : llect evidence and maintain a chain-of-custody during further analysis.

Answer: D

Question 4

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

A : eate a rule triggered by 3 failed VPN connection attempts in an 8-hour period

B : eate a rule triggered by 1 successful VPN connection from any nondestination country

C : eate a rule triggered by multiple successful VPN connections from the destination countries

D : alyze the logs from all countries related to this user during the traveling period

Answer: D

Question 5

Refer to the exhibit.

At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

A : ploitation

B : tions on objectives

C : livery

D : connaissance

Answer: C

Page: 1 / 28

Total 140 Questions | Updated On: Nov 20, 2025

Add To Cart