Free Practice Questions for Cisco 350-201 Exam

The combination of increased incoming spam emails and web scraping alerts suggests a phishing attempt. Phishing is a type of social engineering attack where attackers send fraudulent messages designed to trick individuals into revealing sensitive information or deploying malicious software. Web scraping can be used to gather email addresses for such campaigns

The indicator of compromise (IoC) for the malware in question is that it has routines for encryption and decryption, which are used to conceal URLs/IP addresses. Additionally, it is capturing keystrokes and webcam events, and storing this data in encrypted files locally on the company server. This behavior is indicative of malware that is designed to stealthily collect and exfiltrate sensitive information without being easily detected. The use of encryption helps to hide the data and the destination to which it may be sent, making it more challenging for security systems to identify and block the malicious activity.

Hardening machine images for deployment reduces the attack surface by eliminating unnecessary services, closing open network ports, removing unused software, and applying security configurations. This process minimizes the number of potential vulnerabilities that can be exploited by attackers3.

When an intrusion event is detected and personal data has been accessed, the immediate action to contain the attack is to disconnect the affected server from the network. This prevents the attacker from accessing more resources or causing further damage and allows the organization to begin the process of investigating and eradicating the threat

 For PCI compliance, sensitive authentication data can be stored post-authorization by non-issuing entities if there is a documented business justification. The data must be protected according to PCI DSS requirements, ensuring that it is stored securely and access is controlled4.

To resolve the issue of a denial of service condition triggered by a remote attacker using SNMPv2, the ports associated with SNMP should be disabled. Ports UDP 161 and UDP 162 are used by SNMP for sending and receiving requests. Disabling these ports can prevent the attacker from exploiting the vulnerability associated with the ciscoFlashMIB OID on the affected device. It’s important to note that simply disabling SNMPv2 (option A) without addressing the specific ports may not fully mitigate the risk, and TCP small services (option B) and UDP small services (option D) are not directly related to SNMP traffic.

Moving the Intrusion Prevention System (IPS) before the firewall facing the outside network is a strategic action to harden the network. This placement allows the IPS to analyze and filter incoming traffic before it reaches the firewall, providing an additional layer of security. By positioning the IPS externally, it can prevent malicious traffic from ever reaching the internal network devices, thus reducing the number of false positives generated by trusted IP addresses and internal devices1.

To prevent network availability issues related to peak memory pool buffer usage, the engineer should enable memory threshold notifications. This action allows the system to alert administrators before the memory usage reaches a critical level, enabling them to take proactive measures to prevent malfunction

When an unidentified connection is detected and there is evidence of potentially malicious activity, such as the creation of a PE format file in the system directory, the immediate step should be to isolate the server to prevent any further potential breach or spread of malware. Forensic analysis of the file is crucial to understand the nature of the threat and the method of attack, which will inform the response and mitigation strategy.

If management decides not to prioritize fixing the vulnerabilities and accepts them, the next step for the engineer is to acknowledge the vulnerabilities and document the risk. This involves recording the decision and the rationale behind it, assessing the potential impact, and ensuring that there is a clear understanding of the risks being accepted. This documentation is crucial for future reference and accountability, and it may also include recommendations for mitigating the risk where possible