[Q51-Q71] 認証トレーニング350-201試験問題集テストエンジン [2024]

Share

認証トレーニング350-201試験問題集テストエンジン [2024]

2024年12月31日ガイド準備で350-201試験合格


シスコ350-201認定を取得するためには、最新のセキュリティ技術やベストプラクティスに関する強い理解力、そしてこの知識を実際のシナリオに適用する能力を示す必要があります。この認定は、サイバーセキュリティの分野でスキルと知識を向上させたいITプロフェッショナルや、このエキサイティングで急速に成長している産業でキャリアを進めたい人々に最適です。

 

質問 # 51
Refer to the exhibit.

An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon - Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

  • A. malware break
  • B. data theft
  • C. denial-of-service
  • D. elevation of privileges

正解:D

解説:
The error message "The Group Policy Client service failed to logon - Access is denied" suggests a problem with user permissions, which are managed by group policies in Windows environments. The unexpected modifications to system settings further indicate that an unauthorized user or process has gained higher-level permissions than originally assigned. This scenario is characteristic of an elevation of privileges breach, where an attacker gains elevated access to resources that are normally protected from an application or user. This can be achieved through various methods, including exploiting software vulnerabilities, configuration errors, or using social engineering techniques.
References:
* Cisco's CyberOps Using Core Security Technologies course would cover the identification and handling of security breaches, including elevation of privileges.
* The CyberOps Associate certification materials provide detailed information on various types of breaches and their indicators.
* Cisco's official blogs and learning resources offer insights into the latest cybersecurity threats and how to mitigate them, including privilege escalation incidents.


質問 # 52
A threat actor has crafted and sent a spear-phishing email with what appears to be a trustworthy link to the site of a conference that an employee recently attended. The employee clicked the link and was redirected to a malicious site through which the employee downloaded a PDF attachment infected with ransomware. The employee opened the attachment, which exploited vulnerabilities on the desktop. The ransomware is now installed and is calling back to its command and control server. Which security solution is needed at this stage to mitigate the attack?

  • A. endpoint security solution
  • B. email security solution
  • C. web security solution
  • D. network security solution

正解:A

解説:
At this stage of a ransomware attack, where the ransomware is installed and calling back to its command and control server, an endpoint security solution is needed to mitigate the attack. Endpoint security solutions can detect and respond to threats at the device level, isolate infected machines, and prevent the spread of ransomware within the network4.


質問 # 53
A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

  • A. Allow list only authorized hosts to contact the application's IP at a specific port.
  • B. Allow list only authorized hosts to contact the application's VLAN.
  • C. Allow list HTTP traffic through the corporate VLANS.
  • D. Allow list traffic to application's IP from the internal network at a specific port.

正解:B


質問 # 54
An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

  • A. Disable memory limit.
  • B. Disable CPU threshold trap toward the SNMP server.
  • C. Enable memory threshold notifications.
  • D. Enable memory tracing notifications.

正解:C

解説:
To prevent network availability issues related to peak memory pool buffer usage, the engineer should enable memory threshold notifications. This action allows the system to alert administrators before the memory usage reaches a critical level, enabling them to take proactive measures to prevent malfunction


質問 # 55
An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

  • A. Inform the product security incident response team to investigate further
  • B. Inform the computer security incident response team to investigate further
  • C. Analyze the precursors and indicators
  • D. Analyze environmental threats and causes

正解:B

解説:
When there is a report of a possible malicious insider incident, the first action should be to inform the computer security incident response team (CSIRT) to investigate further. The CSIRT has the expertise and authority to conduct a thorough investigation, analyze the precursors and indicators, and determine whether an incident has occurred3.


質問 # 56
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  • A. Run the who command
  • B. Run the sh command
  • C. Run the sudo sysdiagnose command
  • D. Run the w command

正解:C

解説:
Explanation/Reference: https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/


質問 # 57
What is idempotence?

  • A. the ability to recover from failures while keeping critical services running
  • B. the necessity of setting maintenance of individual deployment environments
  • C. the assurance of system uniformity throughout the whole delivery process
  • D. the ability to set the target environment configuration regardless of the starting state

正解:D

解説:
Idempotence is a property of certain operations in mathematics and computer science whereby they can be applied multiple times without changing the result beyond the initial application1. In the context of system operations, particularly in software deployment, an idempotent operation will produce the same result whether it is executed once or multiple times. This means that the operation can set the target environment configuration to a desired state no matter what the current state is


質問 # 58
A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

  • A. Collect evidence and maintain a chain-of-custody during further analysis.
  • B. Create a follow-up report based on the incident documentation.
  • C. Eradicate malicious software from the infected machines.
  • D. Perform a vulnerability assessment to find existing vulnerabilities.

正解:A


質問 # 59
Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.

正解:

解説:


質問 # 60
A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

  • A. Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan
  • B. Determine the damage to the business, extract reports, and save evidence according to a chain of custody
  • C. Classify the criticality of the information, research the attacker's motives, and identify missing patches
  • D. Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited

正解:D

解説:
When an incident response team receives a report of unexpected changes within software, the immediate steps involve classifying the attack vector, understanding the scope of the event, and identifying the vulnerabilities being exploited. This is a critical part of the incident response workflow as it helps in determining the nature of the attack and the appropriate containment and eradication strategies3.


質問 # 61
How is a SIEM tool used?

  • A. To collect security data from authentication failures and cyber attacks and forward it for analysis
  • B. To collect and analyze security data from network devices and servers and produce alerts
  • C. To compare security alerts against configured scenarios and trigger system responses
  • D. To search and compare security data against acceptance standards and generate reports for analysis

正解:B


質問 # 62
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?

  • A. IaaS
  • B. PaaS
  • C. SaaS
  • D. DaaS

正解:B

解説:
Platform as a Service (PaaS) is the cloud environment type that allows cloud engineers to deploy applications without managing and controlling the server operating system. PaaS provides a platform with tools to test, develop, and host applications in the same environment


質問 # 63
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

  • A. compromised insider
  • B. compromised database tables
  • C. compromised network
  • D. compromised root access

正解:C


質問 # 64
What is the difference between process orchestration and automation?

  • A. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
  • B. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
  • C. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.
  • D. Orchestration arranges the tasks, while automation arranges processes.

正解:C

解説:
Automation refers to the configuration of a single process or a small number of related tasks to run without human intervention. Orchestration, on the other hand, involves managing multiple automated tasks to create a dynamic workflow. While automation focuses on making individual tasks more efficient, orchestration looks at the bigger picture to optimize a series of tasks that make up a process


質問 # 65
Refer to the exhibit.

What is the threat in this Wireshark traffic capture?

  • A. A flood of SYN packets coming from a single source IP to a single destination IP
  • B. A high rate of SYN packets being sent from multiple sources toward a single destination IP
  • C. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
  • D. A flood of ACK packets coming from a single source IP to multiple destination IPs

正解:A

解説:
The Wireshark traffic capture exhibits a pattern where a single source IP address is sending a series of SYN packets to a single destination IP address. This pattern is indicative of a SYN flood attack, which is a form of Denial-of-Service (DoS) attack. In a SYN flood attack, the attacker exploits the TCP handshake mechanism by sending a flood of SYN packets to the target's IP address. Theattacker does not complete the handshake with an ACK after receiving a SYN-ACK from the server, leaving connections half-open and eventually exhausting the server's resources, which can lead to denial of service.
References:
* The Cisco CyberOps curriculum, particularly the courses on Performing CyberOps Using Cisco Security Technologies (CBRCOR), would cover the identification and analysis of network threats, including SYN flood attacks.
* Cisco's official certification resources for the CyberOps Associate level would provide detailed information on various network threats and how to mitigate them, including the mechanisms of a SYN flood attack.


質問 # 66
Refer to the exhibit.

An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior.
Which type of compromise is occurring?

  • A. compromised insider
  • B. compromised database tables
  • C. compromised network
  • D. compromised root access

正解:C

解説:
The creation of privileged user accounts in the Active Directory that coincide with suspicious network traffic suggests a network compromise. This type of activity is often indicative of an attacker gaining sufficient access to create accounts with elevated privileges, which can be used for further malicious activities within the network. The cross-correlation of events from other sources that align with the timing of these account creations strengthens the case for a compromised network. This scenario is consistent with tactics used by attackers to maintain persistence and establish control over network resources for ongoing exploitation1.
References:
* The Performing CyberOps Using Cisco Security Technologies (CBRCOR) course covers the fundamentals of cybersecurity operations, including the identification and analysis of security incidents and network compromises1.
* The Cisco Certified CyberOps Associate certification provides knowledge on monitoring, detecting, and responding to cybersecurity threats, which includes understanding the signs of a compromised network2


質問 # 67
Drag and drop the function on the left onto the mechanism on the right.

正解:

解説:


質問 # 68
Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

  • A. Evaluate the intrusion detection system alerts to determine the threat source and attack surface.
  • B. Review the mail server and proxy logs to identify the impact of a potential breach.
  • C. Check the email header to identify the sender and analyze the link in an isolated environment.
  • D. Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.
  • E. Communicate with employees to determine who opened the link and isolate the affected assets.

正解:C、E

解説:
In the case of a suspicious email, the security analyst should communicate with employees to determine who opened the link and isolate the affected assets to prevent further spread of potential malware. Additionally, checking the email header to identify the sender and analyzing the link in an isolated environment are crucial steps to begin the investigation and understand the scope and impact of the potential breach13.


質問 # 69
An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

  • A. Configure the proxy service on the IPS
  • B. Move the IPS to before the firewall facing the outside network
  • C. Move the IPS to after the firewall facing the internal network
  • D. Configure reverse port forwarding on the IPS

正解:B

解説:
Moving the Intrusion Prevention System (IPS) before the firewall facing the outside network is a strategic action to harden the network. This placement allows the IPS to analyze and filter incoming traffic before it reaches the firewall, providing an additional layer of security. By positioning the IPS externally, it can prevent malicious traffic from ever reaching the internal network devices, thus reducing the number of false positives generated by trusted IP addresses and internal devices1.


質問 # 70
How is a SIEM tool used?

  • A. To collect security data from authentication failures and cyber attacks and forward it for analysis
  • B. To collect and analyze security data from network devices and servers and produce alerts
  • C. To compare security alerts against configured scenarios and trigger system responses
  • D. To search and compare security data against acceptance standards and generate reports for analysis

正解:B

解説:
Explanation/Reference: https://www.varonis.com/blog/what-is-siem/


質問 # 71
......


Cisco 350-201試験は、Cisco Security Technologies Examを使用してCyber​​opsの実行としても知られており、Cisco Technologiesを使用してセキュリティソリューションを実装する知識とスキルを検証したいセキュリティ専門家向けに設計されています。この認定試験では、セキュリティの概念とベストプラクティス、セキュリティ運用と監視、インシデント対応、ネットワークセキュリティなど、幅広いトピックをカバーしています。この試験に合格することは、Cisco Certified Cyber​​ops Professional認定を取得するための要件です。

 

究極のガイド350-201認証試験準備CyberOps Professional:https://jp.fast2test.com/350-201-premium-file.html

無料最新のCyberOps Professional 350-201リアル試験問題と解答:https://drive.google.com/open?id=1NDniYG62HtcQaczoM5mRkuFPj2EfgNoY


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어