Question 1

Refer to the exhibit.

Which asset has the highest risk value?

Options :

A : servers

B :

website

C :

payment process

D : secretary workstation

Answer: C

Question 2

An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?

#!/usr/bin/python import sys import requests

Options :

A : {1}, {2}

B : {1}, {3}

C : console_ip, api_token

D : console_ip, reference_set_name

Answer: C

Question 3

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

Options :

A : Modify the alert rule to ''output alert_syslog: output log''

B : Modify the output module rule to ''output alert_quick: output filename''

C : Modify the alert rule to ''output alert_syslog: output header''

D : Modify the output module rule to ''output alert_fast: output filename''

Answer: A

Question 4

Refer to the exhibit.

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

Options :

A : An attacker can initiate a DoS attack.

B : An attacker can read or change data.

C : An attacker can transfer data to an external server.

D : An attacker can modify the access logs.

Answer: A

Question 5

An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to

prevent this type of attack from reoccurring? (Choose two.)

Options :

A : Implement a patch management process.

B : Scan the company server files for known viruses.

C : Apply existing patches to the company servers.

D : Automate antivirus scans of the company servers.

E : Define roles and responsibilities in the incident response playbook.

Answer: A,D

Higher Test Marks with Free Online 350-201 Exam Practice

Buying Options: