QUESTION: 41

An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

Analyze environmental threats and causes
Inform the product security incident response team to investigate further
Analyze the precursors and indicators
Inform the computer security incident response team to investigate further

Answer(s): C

Reveal Solution Next Question

QUESTION: 42

An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?

ExecutedMalware.ioc
Crossrider.ioc
ConnectToSuspiciousDomain.ioc
W32 AccesschkUtility.ioc

Answer(s): D

Reveal Solution Next Question

QUESTION: 43

Refer to the exhibit. Which command was executed in PowerShell to generate this log?

Get-EventLog -LogName*
Get-EventLog -List
Get-WinEvent -ListLog* -ComputerName localhost
Get-WinEvent -ListLog*

Answer(s): A

Reference:

https://lists.xymon.com/archive/2019-March/046125.html

Reveal Solution Next Question

QUESTION: 44

Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

NetFlow and event data
event data and syslog data
SNMP and syslog data
NetFlow and SNMP

Answer(s): B

Reveal Solution Next Question

Free 350-201 Exam Braindumps (page: 12)

QUESTION: 41

QUESTION: 42

QUESTION: 43

Reference:

QUESTION: 44

350-201 Discussions & Posts