Cisco Performing CyberOps Using Cisco Security Technologies - 350-201 FREE EXAM DUMPS QUESTIONS & ANSWERS
An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity.
Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?
Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?
Correct Answer: A
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Refer to the exhibit.

What results from this script?

What results from this script?
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle.
The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.
Which action will improve workflow automation?
The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.
Which action will improve workflow automation?
Correct Answer: A
Vote an answer
Refer to the exhibit.

Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?


Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?

Correct Answer: A
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Refer to the exhibit.

An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?

An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
Correct Answer: B
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Which action should be taken when the HTTP response code 301 is received from a web application?
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?

Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?
Correct Answer: A
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Refer to the exhibit.

Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?

Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?
Correct Answer: A
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).