350-201 Free Practice Test

Refer to the exhibit.

A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?

1. A. packet sniffer
2. B. malware analysis
3. C. SIEM
4. D. firewall manager

Correct Answer: A

Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

1. A. Limit the number of API calls that a single client is allowed to make
2. B. Add restrictions on the edge router on how often a single client can access the API
3. C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
4. D. Increase the application cache of the total pool of active clients that call the API

Correct Answer: A

Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

1. A. The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores do not indicate the likelihood of malicious ransomware.
2. B. The prioritized behavioral indicators of compromise do not justify the execution of the “ransomware” because the scores are high and do not indicate the likelihood of malicious ransomware.
3. C. The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are high and indicate the likelihood that malicious ransomware has been detected.
4. D. The prioritized behavioral indicators of compromise justify the execution of the “ransomware” because the scores are low and indicate the likelihood that malicious ransomware has been detected.

Correct Answer: C

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

1. A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
2. B. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
3. C. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
4. D. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Correct Answer: B

What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

1. A. 401B.-402C.403D.404E.405

Correct Answer: A