This page was exported from Testking Free Dumps [ http://blog.testkingfree.com ] Export date:Thu Jan 16 21:58:06 2025 / +0000 GMT ___________________________________________________ Title: 2022 350-201 exam torrent 350-201 Study Guide [Q54-Q73] --------------------------------------------------- 2022 350-201 exam torrent 350-201 Study Guide Easily pass 350-201 Exam with our Dumps & PDF Test Engine NO.54 A security architect in an automotive factory is working on the Cyber Security Management System and is implementing procedures and creating policies to prevent attacks. Which standard must the architect apply?  IEC62446  IEC62443  IEC62439-3  IEC62439-2 NO.55 Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?  customer data  internal database  internal cloud  Internet NO.56 Refer to the exhibit. Where does it signify that a page will be stopped from loading when a scripting attack is detected?  x-frame-options  x-content-type-options  x-xss-protection  x-test-debug Explanation/Reference: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security- headers-ad-fsNO.57 Drag and drop the type of attacks from the left onto the cyber kill chain stages at which the attacks are seen on the right. NO.58 Refer to the exhibit.Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?  An attacker can initiate a DoS attack.  An attacker can read or change data.  An attacker can transfer data to an external server.  An attacker can modify the access logs. NO.59 Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?  chmod 666  chmod 774  chmod 775  chmod 777 NO.60 A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor’s website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?  Determine if there is internal knowledge of this incident.  Check incoming and outgoing communications to identify spoofed emails.  Disconnect the network from Internet access to stop the phishing threats and regain control.  Engage the legal department to explore action against the competitor that posted the spreadsheet. NO.61 A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?  Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack  Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities  Review the server backup and identify server content and data criticality to assess the intrusion risk  Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious NO.62 An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?  Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.  Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.  Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.  Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code. NO.63 What is a principle of Infrastructure as Code?  System maintenance is delegated to software systems  Comprehensive initial designs support robust systems  Scripts and manual configurations work together to ensure repeatable routines  System downtime is grouped and scheduled across the infrastructure NO.64 A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company’s confidential document management folder using a company- owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?  Measure confidentiality level of downloaded documents.  Report to the incident response team.  Escalate to contractor’s manager.  Communicate with the contractor to identify the motives. NO.65 A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?  Create a follow-up report based on the incident documentation.  Perform a vulnerability assessment to find existing vulnerabilities.  Eradicate malicious software from the infected machines.  Collect evidence and maintain a chain-of-custody during further analysis. NO.66 Refer to the exhibit. What is occurring in this packet capture?  TCP port scan  TCP flood  DNS flood  DNS tunneling NO.67 Refer to the exhibit.An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?  The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible  The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information  There is a possible data leak because payloads should be encoded as UTF-8 text  There is a malware that is communicating via encrypted channels to the command and control server NO.68 An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?#!/usr/bin/python import sys import requests  {1}, {2}  {1}, {3}  console_ip, api_token  console_ip, reference_set_name NO.69 Drag and drop the function on the left onto the mechanism on the right. NO.70 Refer to the exhibit. An employee is a victim of a social engineering phone call and installs remote access software to allow an “MS Support” technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee’s laptop and the remote technician’s system?  No database files were disclosed  The database files were disclosed  The database files integrity was violated  The database files were intentionally corrupted, and encryption is possible NO.71 Refer to the exhibit.How must these advisories be prioritized for handling?  The highest priority for handling depends on the type of institution deploying the devices  Vulnerability #2 is the highest priority for every type of institution  Vulnerability #1 and vulnerability #2 have the same priority  Vulnerability #1 is the highest priority for every type of institution NO.72 An engineer has created a bash script to automate a complicated process. During script execution, this error occurs: permission denied. Which command must be added to execute this script?  chmod +x ex.sh  source ex.sh  chroot ex.sh  sh ex.sh Explanation/Reference: https://www.redhat.com/sysadmin/exit-codes-demystifiedNO.73 Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization’s mail server. How should the Snort rule be modified to improve performance?  Block list of internal IPs from the rule  Change the rule content match to case sensitive  Set the rule to track the source IP  Tune the count and seconds threshold of the rule  Loading … 350-201 PDF Pass Leader, 350-201 Latest Real Test: https://www.testkingfree.com/Cisco/350-201-practice-exam-dumps.html --------------------------------------------------- Images: https://blog.testkingfree.com/wp-content/plugins/watu/loading.gif https://blog.testkingfree.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-06-09 12:21:48 Post date GMT: 2022-06-09 12:21:48 Post modified date: 2022-06-09 12:21:48 Post modified date GMT: 2022-06-09 12:21:48