Free 350-201 Exam Braindumps

According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

1. A. Perform a vulnerability assessment
2. B. Conduct a data protection impact assessment
3. C. Conduct penetration testing
4. D. Perform awareness testing

Correct Answer: B

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?

1. A. Initiate a triage meeting to acknowledge the vulnerability and its potential impact
2. B. Determine company usage of the affected products
3. C. Search for a patch to install from the vendor
4. D. Implement restrictions within the VoIP VLANS

Correct Answer: C

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company’s infrastructure. Which steps should an engineer take at the recovery stage?

1. A. Determine the systems involved and deploy available patches
2. B. Analyze event logs and restrict network access
3. C. Review access lists and require users to increase password complexity
4. D. Identify the attack vector and update the IDS signature list

Correct Answer: B

An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials. How should the workflow be improved to resolve these issues?

1. A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
2. B. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
3. C. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
4. D. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

Correct Answer: B

A company’s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

1. A. assessment scope
2. B. event severity and likelihood
3. C. incident response playbook
4. D. risk model framework

Correct Answer: D