Free Access Cisco.350-201.v2022-03-01.q65 Practice Test (Page 10)

Question 41

Refer to the exhibit. Where are the browser page rendering permissions displayed?

A.x-frame-options

B.x-xss-protection

C.x-content-type-options

D.x-test-debug

Question 42

Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

A.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.

B.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.

C.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.

D.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.

Question 43

Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?

A.The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible

B.There is a possible data leak because payloads should be encoded as UTF-8 text

C.The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information

D.There is a malware that is communicating via encrypted channels to the command and control server

Question 44

The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

A.Isolate the infected host from the rest of the subnet

B.Conduct a risk assessment of systems and applications

C.Analyze network traffic on the host's subnet

D.Install malware prevention software on the host