350-201試験無料問題集（141題）「Cisco Performing CyberOps Using Cisco Security Technologies 認定」

出題：1

What is idempotence?

A. the assurance of system uniformity throughout the whole delivery process

B. the necessity of setting maintenance of individual deployment environments

C. the ability to recover from failures while keeping critical services running

D. the ability to set the target environment configuration regardless of the starting state

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Refer to the exhibit.

Where are the browser page rendering permissions displayed?

A. Content-Type

B. X-XSS-Protection

C. Cache-Control

D. X-Frame-Options

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.

B. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

C. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

D. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Refer to the exhibit.

An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks. Which action will accomplish this goal?

A. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine

B. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation

C. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis

D. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days.
How must data be stored for compliance?

A. post-authorization by non-issuing entities if there is a documented business justification

B. by entities that issue the payment cards or that perform support issuing services

C. post-authorization by non-issuing entities if the data is encrypted and securely stored

D. by issuers and issuer processors if there is a legitimate reason

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?

A. DLP for data in use

B. DLP for data at rest

C. DLP for removable data

D. DLP for data in motion

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle.
The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.
Which action will improve workflow automation?

A. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

B. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

C. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

D. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

正解：A 解答を投票する

出題：8

An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

A. Disconnect the affected server from the network.

B. Determine the attack surface.

C. Analyze the source.

D. Access the affected server to confirm compromised files are encrypted.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

What is the purpose of hardening systems?

A. to identify vulnerabilities within an operating system

B. to analyze attacks to identify threat actors and points of entry

C. to create the logic that triggers alerts when anomalies occur

D. to securely configure machines to limit the attack surface

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

350-201試験無料問題集「Cisco Performing CyberOps Using Cisco Security Technologies 認定」