350-201 무료 덤프문제 온라인 액세스

Refer to the exhibit.

The Cisco Secure Network Analytics (Stealthwatch) console alerted with "New Malware Server Discovered" and the IOC indicates communication from an end-user desktop to a Zeus C&C Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

정답:

Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

• A.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.
• B.The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.
• C.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.
• D.The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.

What is a benefit of key risk indicators?

• A.improved visibility on quantifiable information
• B.clear perspective into the risk position of an organization
• C.improved mitigation techniques for unknown threats
• D.clear procedures and processes for organizational risk

An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login. Which step should an engineer take after receiving this alert?

• A.Determine company usage of the affected products
• B.Search for a patch to install from the vendor
• C.Initiate a triage meeting to acknowledge the vulnerability and its potential impact
• D.Implement restrictions within the VoIP VLANS

A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

• A.Ask the company to execute the payload for real time analysis
• B.Investigate further in open source repositories using YARA to find matches
• C.Run and analyze the DLP Incident Summary Report from the Email Security Appliance
• D.Obtain a copy of the file for detonation in a sandbox