Cisco 350-201 Quiz 2 Topic 11 Questions 6-10

Question: 1

A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

AAssess the network for unexpected behavior

BIsolate critical hosts from the network

CPatch detected vulnerabilities from critical hosts

DPerform analysis based on the established risk factors

Show Answer

Question: 2

An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

ARun the program through a debugger to see the sequential actions

BUnpack the file in a sandbox to see how it reacts

CResearch the malware online to see if there are noted findings

DDisassemble the malware to understand how it was constructed

Show Answer

Question: 3

The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

Aeradication and recovery

Bpost-incident activity

Ccontainment

Ddetection and analysis

Show Answer

Question: 4

Refer to the exhibit.

q4_350-201

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

AThe prioritized behavioral indicators of compromise do not justify the execution of the ''ransomware'' because the scores do not indicate the likelihood of malicious ransomware.

BThe prioritized behavioral indicators of compromise do not justify the execution of the ''ransomware'' because the scores are high and do not indicate the likelihood of malicious ransomware.

CThe prioritized behavioral indicators of compromise justify the execution of the ''ransomware'' because the
scores are high and indicate the likelihood that malicious ransomware has been detected.

DThe prioritized behavioral indicators of compromise justify the execution of the ''ransomware'' because the scores are low and indicate the likelihood that malicious ransomware has been detected.

Show Answer

Question: 5

Refer to the exhibit.

q5_350-201

Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy. Which telemetry feeds were correlated with SMC to identify the malware?

ANetFlow and event data

Bevent data and syslog data

CSNMP and syslog data

DNetFlow and SNMP

Show Answer

Cisco 350-201 Quiz:2 Topic:11 Questions:6-10