2023年最新の100%試験高合格率350-201問題集PDF [Q29-Q46]

Share

2023年最新の100%試験高合格率350-201問題集PDF

合格させる試験完全版350-201問題集141解答

質問 # 29
Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

正解:

解説:


質問 # 30
An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

  • A. Analyze the impact of the malware and contain the artifacts.
  • B. Analyze the components of the infected hosts and associated business services.
  • C. Scan the network to identify unknown assets and the asset owners.
  • D. Scan the host with updated signatures and remove temporary containment.

正解:B


質問 # 31
Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder. It appears that the shortcuts redirect users to malicious URLs. What is the next step the engineer should take to investigate this case?

  • A. Investigate the malicious URLs
  • B. Check the audit logs
  • C. Remove the shortcut files
  • D. Identify affected systems

正解:D


質問 # 32
A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

  • A. Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan
  • B. Determine the damage to the business, extract reports, and save evidence according to a chain of custody
  • C. Classify the criticality of the information, research the attacker's motives, and identify missing patches
  • D. Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited

正解:B


質問 # 33
How does Wireshark decrypt TLS network traffic?

  • A. with a key log file using per-session secrets
  • B. using an RSA public key
  • C. by defining a user-specified decode-as
  • D. by observing DH key exchange

正解:A

解説:
Explanation/Reference: https://wiki.wireshark.org/TLS


質問 # 34
The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

  • A. Contain the malware
  • B. Determine the escalation path
  • C. Install IPS software
  • D. Perform vulnerability assessment

正解:D

解説:
Explanation/Reference:


質問 # 35
Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

  • A. internal cloud
  • B. Internet
  • C. internal database
  • D. customer data

正解:B


質問 # 36
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?

  • A. SaaS
  • B. PaaS
  • C. IaaS
  • D. DaaS

正解:C


質問 # 37
An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

  • A. Unpack the file in a sandbox to see how it reacts
  • B. Run the program through a debugger to see the sequential actions
  • C. Research the malware online to see if there are noted findings
  • D. Disassemble the malware to understand how it was constructed

正解:C


質問 # 38
An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

  • A. Analyze environmental threats and causes
  • B. Inform the computer security incident response team to investigate further
  • C. Inform the product security incident response team to investigate further
  • D. Analyze the precursors and indicators

正解:D


質問 # 39

Refer to the exhibit. An engineer is investigating a case with suspicious usernames within the active directory.
After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

  • A. compromised database tables
  • B. compromised insider
  • C. compromised network
  • D. compromised root access

正解:C


質問 # 40
Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

正解:

解説:


質問 # 41
A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)

  • A. Automate server-side error reporting for customers.
  • B. Implement API key maintenance.
  • C. Configure shorter timeout periods.
  • D. Decrease simultaneous API responses.
  • E. Determine API rate-limiting requirements.

正解:A、E


質問 # 42
A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

  • A. post-authorization by non-issuing entities if there is a documented business justification
  • B. by issuers and issuer processors if there is a legitimate reason
  • C. by entities that issue the payment cards or that perform support issuing services
  • D. post-authorization by non-issuing entities if the data is encrypted and securely stored

正解:D


質問 # 43

Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company's user creation policy:
* minimum length: 3
* usernames can only use letters, numbers, dots, and underscores
* usernames cannot begin with a number
The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames. Which change is needed to apply the restrictions?

  • A. modify code to return error on restrictions def return false_user(username, minlen)
  • B. modify code to force the restrictions, def force_user(username, minlen)
  • C. validate the restrictions, def validate_user(username, minlen)
  • D. automate the restrictions def automate_user(username, minlen)

正解:D


質問 # 44
Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.

正解:

解説:


質問 # 45
Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

  • A. Check the email header to identify the sender and analyze the link in an isolated environment.
  • B. Review the mail server and proxy logs to identify the impact of a potential breach.
  • C. Evaluate the intrusion detection system alerts to determine the threat source and attack surface.
  • D. Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.
  • E. Communicate with employees to determine who opened the link and isolate the affected assets.

正解:A、D

解説:
Section: (none)
Explanation


質問 # 46
......

検証済み350-201問題集で問題と解答100%合格Fast2test:https://jp.fast2test.com/350-201-premium-file.html

合格させる350-201試験一発合格保証2023問題集:https://drive.google.com/open?id=1NDniYG62HtcQaczoM5mRkuFPj2EfgNoY


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어