Free Practice Questions for Cisco 350-201 Exam

To gain a comprehensive overview of the incident involving DDOS attacks and ransomware, the SOC engineer should run and evaluate a full packet capture on the workloads, review Security Information and Event Management (SIEM) logs, and define a root cause. This will help in understanding the nature of the attacks, the extent of the damage, and the vulnerabilities that were exploited

According to the General Data Protection Regulation (GDPR), ensuring the confidentiality, integrity, and availability of data is a fundamental aspect of data security. One of the key measures to achieve this is by conducting a data protection impact assessment (DPIA). A DPIA helps to systematically analyze, identify, and minimize the data protection risks of a project or plan. It is a process for building and demonstrating compliance with the GDPR and should be conducted for processing operations that are likely to result in a high risk to the rights and freedoms of natural persons12.

The first action for an incident response team following the detection of a malware outbreak is to isolate critical hosts from the network. This containment strategy is crucial to prevent the spread of the malware to other parts of the network and to minimize the impact while the team works on eradicating the threat and recovering from the incident4.

Cisco Rapid Threat Containment integrates Cisco Secure Network Analytics (Stealthwatch) and ISE to detect malware-infected endpoints. The telemetry feeds that were correlated with the Stealthwatch Management Console (SMC) to identify the malware are NetFlow and event data. NetFlow provides visibility into network traffic patterns and volumes, while event data includes logs and alerts generated by network devices and security systems. Together, these feeds enable the SMC to analyze network behavior and identify potential threats, leading to the quarantine of the infected endpoint.

References:

Cisco Secure Network Analytics (Stealthwatch) documentation would detail the types of telemetry feeds used for threat detection.

Cisco Identity Services Engine (ISE) documentation would explain how Adaptive Network Control policies are applied to respond to detected threats.

 The script provided in the exhibit is indicative of a Domain Generation Algorithm (DGA), which is commonly used by cyber threats to dynamically generate a large number of domain names. These domain names can serve as potential communication points with command and control (C2) servers. The script takes a list of seeds and applies a transformation to generate new domain names. It then checks these domains against a set of rules, such as not starting with “www.” If a domain does not meet the specified criteria, it is flagged as a potential C2 domain. This process is crucial in cyber operations for identifying and mitigating threats that use DGAs for evasion and maintaining persistence.

References :=

Understanding Cisco CyberOps Using Core Security Technologies (Official Cisco course material)

Cisco Certified CyberOps Associate Certification Overview (Cisco Learning Network)

When an engineer discovers that payments have been sent to the wrong recipient due to a SaaS tool being down, the first step should be to contact the incident response team to inform them of a potential breach. This allows for an immediate investigation into the incident and the implementation of measures to mitigate any potential damage5.

In the context of Cisco Secure Network Analytics (formerly known as Stealthwatch) and ISE (Identity Services Engine), pxGrid (Platform Exchange Grid) is used for sharing context-aware information across different security tools toenable rapid threat containment. When a malware-infected endpoint is detected, Cisco Secure Network Analytics can communicate with ISE using pxGrid to signal the need for quarantine. This allows ISE to place the infected endpoint into a designated quarantine VLAN using an Adaptive Network Control policy, effectively isolating the threat and preventing it from spreading through the network.

References:

Cisco’s guide on pxGrid

Cisco’s solution overview on Rapid Threat Containment