Free Access Cisco.350-201.v2022-11-05.q67 Practice Test (Page 11)

Question 46

The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

A.Change access controls to high risk assets in the enterprise

B.Identify movement of the attacker in the enterprise

C.Identify assets the attacker handled or acquired

D.Determine the assets to which the attacker has access

Question 47

Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

A.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.

B.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.

C.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.

D.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.

Question 48

Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Question 49

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

A.Modify the alert rule to "output alert_syslog: output log"

B.Modify the output module rule to "output alert_quick: output filename"

C.Modify the alert rule to "output alert_syslog: output header"

D.Modify the output module rule to "output alert_fast: output filename"

Question 50

Refer to the exhibit.

For IP 192.168.1.209, what are the risk level, activity, and next step?

A.critical risk level, data exfiltration, isolate the device

B.critical risk level, malicious server IP, run in a sandboxed environment

C.high risk level, malicious host, investigate further

D.high risk level, anomalous periodic communication, quarantine with antivirus

Other Version: 490Cisco.350-201.v2024-10-08.q108; 1024Cisco.350-201.v2023-04-04.q66; 1637Cisco.350-201.v2022-08-24.q70; 1562Cisco.350-201.v2022-03-01.q65; 56Cisco.Prepawaypdf.350-201.v2021-12-18.by.heather.67q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 119Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 229CFAInstitute.ESG-Investing.v2025-09-08.q173; 180PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 153Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 46

Question 47

Question 48

Question 49

Question 50

Download PDF File