Online Access Free 350-201 Practice Test

An engineer received multiple reports from users trying to access a company website and instead of landing on the website, they are redirected to a malicious website that asks them to fill in sensitive personal data. Which type of attack is occurring?

• A.Domain Name System poisoning
• B.Address Resolution Protocol poisoning
• C.teardrop attack
• D.session hijacking attack

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?

• A.Initiate a triage meeting to acknowledge the vulnerability and its potential impact
• B.Search for a patch to install from the vendor
• C.Determine company usage of the affected products
• D.Implement restrictions within the VoIP VLANS

Refer to the exhibit.

An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?

• A.The file is redirecting users to a website that requests privilege escalations from the user.
• B.The file is redirecting users to the website that is downloading ransomware to encrypt files.
• C.The file is redirecting users to a website that harvests cookies and stored account information.
• D.The file is redirecting users to a website that is determining users' geographic location.

Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

• A.Communicate with employees to determine who opened the link and isolate the affected assets.
• B.Evaluate the intrusion detection system alerts to determine the threat source and attack surface.
• C.Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.
• D.Check the email header to identify the sender and analyze the link in an isolated environment.
• E.Review the mail server and proxy logs to identify the impact of a potential breach.

According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

• A.Perform awareness testing
• B.Conduct penetration testing
• C.Conduct a data protection impact assessment
• D.Perform a vulnerability assessment