Free 350-201 Exam Braindumps

Refer to the exhibit.

An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

1. A. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
2. B. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
3. C. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
4. D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

Correct Answer: B

An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor. Which two behaviors triggered UEBA? (Choose two.)

1. A. domain belongs to a competitor
2. B. log in during non-working hours
3. C. email forwarding to an external domain
4. D. log in from a first-seen country
5. E. increased number of sent mails

Correct Answer: AB

A company launched an e-commerce website with multiple points of sale through internal and external e- stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?

1. A. Mask PAN numbers
2. B. Encrypt personal data
3. C. Encrypt access
4. D. Mask sales details

Correct Answer: B

The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource. What is the next step?

1. A. Conduct a risk assessment of systems and applications
2. B. Isolate the infected host from the rest of the subnet
3. C. Install malware prevention software on the host
4. D. Analyze network traffic on the host’s subnet

Correct Answer: B

An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected. What action should be taken to harden the network?

1. A. Move the IPS to after the firewall facing the internal network
2. B. Move the IPS to before the firewall facing the outside network
3. C. Configure the proxy service on the IPS
4. D. Configure reverse port forwarding on the IPS

Correct Answer: C