350-201 Online Practice Questions and Answers

DRAG DROP

Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

Select and Place:

DRAG DROP

Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

Select and Place:

Refer to the exhibit. Which two steps mitigate attacks on the webserver from the Internet? (Choose two.)

A. Create an ACL on the firewall to allow only TLS 1.3

B. Implement a proxy server in the DMZ network

C. Create an ACL on the firewall to allow only external connections

D. Move the webserver to the internal network

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.

What is the next step in handling the incident?

A. Block the source IP from the firewall

B. Perform an antivirus scan on the laptop

C. Identify systems or services at risk

D. Identify lateral movement

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials.

How should the workflow be improved to resolve these issues?

A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts

B. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats

C. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts

D. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

A. HIPAA

B. FISMA

C. COBIT

D. PCI DSS

Refer to the exhibit. Where are the browser page rendering permissions displayed?

A. x-frame-options

B. x-xss-protection

C. x-content-type-options

D. x-test-debug

An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

A. Utilize the SaaS tool team to gather more information on the potential breach

B. Contact the incident response team to inform them of a potential breach

C. Organize a meeting to discuss the services that may be affected

D. Request that the purchasing department creates and sends the payments manually

An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

A. Verify hash integrity.

B. Remove all personally identifiable information.

C. Ensure the online sandbox is GDPR compliant.

D. Lock the file to prevent unauthorized access.

A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.

B. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.

C. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.

D. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.