350-201試験無料問題集（141題）「Cisco Performing CyberOps Using Cisco Security Technologies 認定」

出題：1

A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?

A. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities

B. Review the server backup and identify server content and data criticality to assess the intrusion risk

C. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

D. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

正解：

出題：3

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days.
Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

A. Analyze the logs from all countries related to this user during the traveling period

B. Create a rule triggered by multiple successful VPN connections from the destination countries

C. Create a rule triggered by 1 successful VPN connection from any nondestination country

D. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company- owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

A. Escalate to contractor's manager.

B. Measure confidentiality level of downloaded documents.

C. Communicate with the contractor to identify the motives.

D. Report to the incident response team.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

正解：

出題：6

How does Wireshark decrypt TLS network traffic?

A. by observing DH key exchange

B. with a key log file using per-session secrets

C. using an RSA public key

D. by defining a user-specified decode-as

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

A. Review access lists and require users to increase password complexity

B. Identify the attack vector and update the IDS signature list

C. Analyze event logs and restrict network access

D. Determine the systems involved and deploy available patches

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?

A. continuous integration

B. continuous deployment

C. continuous delivery

D. continuous monitoring

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Refer to the exhibit.

Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?

A. Option D

B. Option C

C. Option A

D. Option B

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

正解：

350-201試験無料問題集「Cisco Performing CyberOps Using Cisco Security Technologies 認定」