Free 350-201 Exam Braindumps

Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

1. A. Limit the number of API calls that a single client is allowed to make
2. B. Add restrictions on the edge router on how often a single client can access the API
3. C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
4. D. Increase the application cache of the total pool of active clients that call the API

Correct Answer: A

Refer to the exhibit.

An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?

1. A. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
2. B. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
3. C. There is a possible data leak because payloads should be encoded as UTF-8 text
4. D. There is a malware that is communicating via encrypted channels to the command and control server

Correct Answer: C

An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

1. A. Analyze environmental threats and causes
2. B. Inform the product security incident response team to investigate further
3. C. Analyze the precursors and indicators
4. D. Inform the computer security incident response team to investigate further

Correct Answer: C

Refer to the exhibit.

Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: C