Free Access Cisco.350-201.v2022-08-24.q70 Practice Test (Page 3)

Question 6

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

A.Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts

B.Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats

C.Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts

D.Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Question 7

An engineer is analyzing a possible compromise that happened a week ago when the company ? (Choose two.)

A.SHA512

B.Wireshark

C.autopsy

D.IPS

E.firewall

Question 8

Refer to the exhibit.

An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

A.The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.

B.The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.

C.The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

D.The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.

Question 9

A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

A.Configure affected devices to disable the Finger service.

B.Disable affected assets and isolate them for further investigation.

C.Disable BIND forwarding from the DNS server to avoid reconnaissance.

D.Configure affected devices to disable NETRJS protocol.

Question 10

Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.

Premium Bundle

Newest 350-201 Exam PDF Dumps shared by BraindumpsPass.com for Helping Passing 350-201 Exam! BraindumpsPass.com now offer the updated 350-201 exam dumps, the BraindumpsPass.com 350-201 exam questions have been updated and answers have been corrected get the latest BraindumpsPass.com 350-201 pdf dumps with Exam Engine here:

Access 350-201 Premium Version

(141 Q&As Dumps, 40%OFF Special Discount: Exam-Tests)

Other Version: 490Cisco.350-201.v2024-10-08.q108; 1024Cisco.350-201.v2023-04-04.q66; 1319Cisco.350-201.v2022-11-05.q67; 1562Cisco.350-201.v2022-03-01.q65; 56Cisco.Prepawaypdf.350-201.v2021-12-18.by.heather.67q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 151Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 224CFAInstitute.ESG-Investing.v2025-09-08.q173; 175PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 151Salesforce.Data-Architect.v2025-09-05.q216; 147Adobe.AD0-E605.v2025-09-05.q50