Online Access Free Cisco.350-201.v2022-03-21.q68 Practice Test (Page 13)

350-201 Exam Question 56

Refer to the exhibit. Which indicator of compromise is represented by this STIX?

A.web server vulnerability exploited by malware

B.cross-site scripting vulnerability to backdoor server

C.website hosting malware to download files

D.website redirecting traffic to ransomware server

350-201 Exam Question 57

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

A.Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats

B.Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts

C.Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts

D.Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

350-201 Exam Question 58

Which action should be taken when the HTTP response code 301 is received from a web application?

A.Modify the session timeout setting.

B.Confirm the resource's location.

C.Increase the allowed user limit.

D.Update the cached header metadata.

350-201 Exam Question 59

How does Wireshark decrypt TLS network traffic?

A.by observing DH key exchange

B.using an RSA public key

C.with a key log file using per-session secrets

D.by defining a user-specified decode-as

350-201 Exam Question 60

An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

A.Move the IPS to after the firewall facing the internal network

B.Configure reverse port forwarding on the IPS

C.Configure the proxy service on the IPS

D.Move the IPS to before the firewall facing the outside network

Other Version: 76Cisco.Verifieddumps.350-201.v2022-03-05.by.sigrid.68q.pdf; 1325Cisco.350-201.v2021-08-13.q63

Latest Upload: 155CBIC.CIC.v2025-09-13.q75; 161Cisco.700-841.v2025-09-13.q131; 145SAP.C_ABAPD_2507.v2025-09-12.q56; 128SAP.C_TS452_2022.v2025-09-12.q83; 212ACSM.020-222.v2025-09-11.q48; 169VMware.5V0-31.23.v2025-09-10.q73; 138Oracle.1z0-915-1.v2025-09-10.q24; 174Citrix.1Y0-231.v2025-09-10.q87; 150SAP.C-THR85-2505.v2025-09-09.q29; 188Adobe.AD0-E727.v2025-09-09.q76

350-201 Exam Question 56

350-201 Exam Question 57

350-201 Exam Question 58

350-201 Exam Question 59

350-201 Exam Question 60

Download PDF File