350-201 exam

DRAG DROP Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right. View AnswerAnswer: Explanation: Reference: https://www.securitymetrics.com/blog/6-phases-incident-response-plan

Refer to the exhibit. An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim’s spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond...

A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?A . Classify the criticality of the information, research the attacker’s motives, and identify missing patchesB . Determine...

DRAG DROP Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right. View AnswerAnswer:

DRAG DROP An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to...

Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?A . chmod 666B . chmod 774C . chmod 775D . chmod 777View AnswerAnswer: D Explanation: Reference: https://www.pluralsight.com/blog/it-ops/linux-file-permissions

Refer to the exhibit. An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information...

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI...

A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A...

Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?A . exploitationB . actions on objectivesC . deliveryD . reconnaissanceView AnswerAnswer: C Explanation: Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101­july2017.pdf