Free Access Cisco.350-201.v2023-04-04.q66 Practice Test (Page 6)

Question 21

A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

A.Perform a vulnerability assessment to find existing vulnerabilities.

B.Eradicate malicious software from the infected machines.

C.Collect evidence and maintain a chain-of-custody during further analysis.

D.Create a follow-up report based on the incident documentation.

Question 22

Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

A.Evaluate the intrusion detection system alerts to determine the threat source and attack surface.

B.Communicate with employees to determine who opened the link and isolate the affected assets.

C.Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.

D.Review the mail server and proxy logs to identify the impact of a potential breach.

E.Check the email header to identify the sender and analyze the link in an isolated environment.

Question 23

Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

A.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.

B.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.

C.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.

D.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.

Question 24

A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

A.assessment scope

B.risk model framework

C.event severity and likelihood

D.incident response playbook

Question 25

Refer to the exhibit.

What is occurring in this packet capture?

A.TCP flood

B.DNS flood

C.TCP port scan

D.DNS tunneling

Other Version: 1457Cisco.350-201.v2024-10-08.q108; 1645Cisco.350-201.v2022-11-05.q67; 1970Cisco.350-201.v2022-08-24.q70; 1813Cisco.350-201.v2022-03-01.q65; 56Cisco.Prepawaypdf.350-201.v2021-12-18.by.heather.67q.pdf

Latest Upload: 202PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 299Nokia.4A0-113.v2026-05-01.q69; 255EC-COUNCIL.312-49v11.v2026-04-30.q214; 228Microsoft.MB-820.v2026-04-30.q101; 211Salesforce.MC-202.v2026-04-30.q57; 206BICSI.INSTC_V8.v2026-04-29.q53; 335NMLS.MLO.v2026-04-28.q82; 243NCARB.Project-Management.v2026-04-28.q27; 463EMC.D-AV-DY-23.v2026-04-27.q184; 1117ServiceNow.CSA.v2026-04-27.q483

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File