350-201試験無料問題集（141題）「Cisco Performing CyberOps Using Cisco Security Technologies 認定」

出題：1

What is a limitation of cyber security risk insurance?

A. It does not cover the costs to restore stolen identities as a result of a cyber attack

B. It does not cover the costs to hire forensics experts to analyze the cyber attack

C. It does not cover the costs of damage done by third parties as a result of a cyber attack

D. It does not cover the costs to hire a public relations company to help deal with a cyber attack

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle.
The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.
Which action will improve workflow automation?

A. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

B. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

C. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

D. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

正解：A 解答を投票する

出題：3

Refer to the exhibit.

Which indicator of compromise is represented by this STIX?

A. web server vulnerability exploited by malware

B. website hosting malware to download files

C. cross-site scripting vulnerability to backdoor server

D. website redirecting traffic to ransomware server

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.

B. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

C. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

D. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

正解：

出題：6

An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

正解：

出題：7

Refer to the exhibit.

Where is the MIME type that should be followed indicated?

A. x-test-debug

B. strict-transport-security

C. x-content-type-options

D. x-xss-protection

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

A. Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.

B. Identify who installed the application by reviewing the logs and gather a user access log from the HR department.

C. Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.

D. Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.861.2117.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?

A. phishing attack

B. DDoS attack

C. malware outbreak

D. virus outbreak

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Refer to the exhibit.

Where are the browser page rendering permissions displayed?

A. x-test-debug

B. x-frame-options

C. x-content-type-options

D. x-xss-protection

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

350-201試験無料問題集「Cisco Performing CyberOps Using Cisco Security Technologies 認定」