Free Cisco 350-201 Practice Exam with Questions & Answers | Set: 2

The 2xx series of HTTP response codes indicate that the client’s request was successfully received, understood, and accepted1. These codes are used to communicate that the action requested by the client was processed successfully without any server-sideissues. For example, a 200 OK status code confirms that the request has succeeded, and a 201 Created indicates that a new resource has been created as a result of the request1.

 In the context of Cisco Advanced Malware Protection (AMP), when a file is submitted to the Threat Grid analysis engine, it undergoes a thorough behavioral analysis to determine if it exhibits characteristics typical of malware. The Threat Grid provides detailed reports that include behavioral indicators of compromise (IoCs), which are actions or artifacts on a network or an endpoint that with high confidence indicate a breach.

In this case, the report generated by the Threat Grid for a low prevalence file shows high severity scores for the behavioral indicators. This suggests that the behaviors observed are strongly indicative of malicious activity, specifically ransomware. The high scores reflect the Threat Grid’s confidence in the malicious nature of the file based on its observed behaviors, which may include patterns of encryption consistent with ransomware, network activity that matches known ransomware command and control patterns, or file system changes that are characteristic of ransomware encryption.

Therefore, the correct answer is C, as the high scores on the behavioral indicators strongly suggest the presence of ransomware, justifying the execution of the ransomware detection mechanisms by Cisco AMP.

The recommended action to mitigate an attack that is broadcasting a large number of ICMP packets using a spoofed source IP address is to use the subinterface command no ip directed-broadcast. This command prevents the Cisco IOS device from forwarding packets that are addressed to IP broadcast addresses. By disabling the directed broadcast feature, the network devices will not respond to broadcast messages sent to the network’s broadcast address, thus mitigating the attack and preventing the amplification of the ICMP packets back to the victim’s IP address.

Creating an automation script for blocking URLs on the firewall when the rule is triggered will improve the effectiveness of the process by reducing the time between the detection of a request to a malicious URL and the blocking action. This proactive approach ensures that the URLs are blocked immediately, minimizing the window of opportunity for the threat to cause harm

During the recovery phase of the incident response process, especially after a phishing attack, it’s crucial to update the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) signatures to detect and prevent similar attacks in the future. Additionally, reimaging the affected hosts ensures that any malware or changes made by the attacker are removed and that the systems are restored to a known good state. This step is essential to eradicate the threat and restore normal operations

 The script provided in the exhibit is indicative of a Domain Generation Algorithm (DGA), which is commonly used by cyber threats to dynamically generate a large number of domain names. These domain names can serve as potential communication points with command and control (C2) servers. The script takes a list of seeds and applies a transformation to generate new domain names. It then checks these domains against a set of rules, such as not starting with “www.” If a domain does not meet the specified criteria, it is flagged as a potential C2 domain. This process is crucial in cyber operations for identifying and mitigating threats that use DGAs for evasion and maintaining persistence.

References :=

Understanding Cisco CyberOps Using Core Security Technologies (Official Cisco course material)

Cisco Certified CyberOps Associate Certification Overview (Cisco Learning Network)

The threat model for the SQL database, given that it manages transactions, access control, and atomicity, is primarily concerned with the confidentiality and integrity of the data. An attacker who gains access to the database could potentially read sensitive information or modify data, which could lead to unauthorized transactions, access control breaches, or compromise the atomicity of database operations. Therefore, the most pertinent threat is that an attacker can read or change data within the database.

References:

Understanding Cisco CyberOps Using Core Security Technologies (CBRCOR) course material would cover the various threats to databases and the importance of securing them against unauthorized access or modification.

The Cisco Certified CyberOps Associate certification includes knowledge about identifying and protecting against threats to critical infrastructure, such as SQL databases.

The security architect working on the Cyber Security Management System (CSMS) for an automotive factory should apply the IEC62443 standard3. This standard provides a framework for addressing and mitigating current and future security vulnerabilities in industrial automation and control systems4.

 Data ingestion is the process of moving data from one or more sources to a destination where it can be stored and further analyzed. When an engineer moves data from NAS servers in different departments to a combined storage database, they are engaging in data ingestion. This process allows the data to be centralized and made readily accessible for on-demand analysis by the organization1.