Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

350-201 Questions and Answers

Question # 6

Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

Full Access
Question # 7

Refer to the exhibit.

An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?

A.

The file is redirecting users to a website that requests privilege escalations from the user.

B.

The file is redirecting users to the website that is downloading ransomware to encrypt files.

C.

The file is redirecting users to a website that harvests cookies and stored account information.

D.

The file is redirecting users to a website that is determining users’ geographic location.

Full Access
Question # 8

Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

A.

compromised insider

B.

compromised root access

C.

compromised database tables

D.

compromised network

Full Access
Question # 9

Refer to the exhibit.

Where does it signify that a page will be stopped from loading when a scripting attack is detected?

A.

x-frame-options

B.

x-content-type-options

C.

x-xss-protection

D.

x-test-debug

Full Access
Question # 10

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

A.

Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period

B.

Create a rule triggered by 1 successful VPN connection from any nondestination country

C.

Create a rule triggered by multiple successful VPN connections from the destination countries

D.

Analyze the logs from all countries related to this user during the traveling period

Full Access
Question # 11

Drag and drop the function on the left onto the mechanism on the right.

Full Access
Question # 12

Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

Full Access
Question # 13

Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.

Full Access
Question # 14

Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.

Full Access
Question # 15

Refer to the exhibit.

Which command was executed in PowerShell to generate this log?

A.

Get-EventLog -LogName*

B.

Get-EventLog -List

C.

Get-WinEvent -ListLog* -ComputerName localhost

D.

Get-WinEvent -ListLog*

Full Access
Question # 16

The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

A.

Perform static and dynamic code analysis of the specimen.

B.

Unpack the specimen and perform memory forensics.

C.

Contain the subnet in which the suspicious file was found.

D.

Document findings and clean-up the laboratory.

Full Access
Question # 17

An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?

A.

data clustering

B.

data regression

C.

data ingestion

D.

data obfuscation

Full Access
Question # 18

An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

Full Access
Question # 19

An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

A.

Verify hash integrity.

B.

Remove all personally identifiable information.

C.

Ensure the online sandbox is GDPR compliant.

D.

Lock the file to prevent unauthorized access.

Full Access
Question # 20

An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

A.

Command and Control, Application Layer Protocol, Duqu

B.

Discovery, Remote Services: SMB/Windows Admin Shares, Duqu

C.

Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu

D.

Discovery, System Network Configuration Discovery, Duqu

Full Access