Question 1

A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

Options :

A : Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period

B : Create a rule triggered by 1 successful VPN connection from any nondestination country

C : Create a rule triggered by multiple successful VPN connections from the destination countries

D : Analyze the logs from all countries related to this user during the traveling period

Answer: D

Question 2

Refer to the exhibit.

Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

Options :

A : An attacker can initiate a DoS attack.

B : An attacker can read or change data.

C : An attacker can transfer data to an external server.

D : An attacker can modify the access logs.

Answer: A

Question 3

Refer to the exhibit.

Which asset has the highest risk value?

Options :

A : servers

B : website

C : payment process

D : secretary workstation

Answer: C

Question 4

Refer to the exhibit.

Where are the browser page rendering permissions displayed?

Options :

A : x-frame-options

B : x-xss-protection

C : x-content-type-options

D : x-test-debug

Answer: C

Question 5

Refer to the exhibit.

What results from this script?

Options :

A : Seeds for existing domains are checked

B : A search is conducted for additional seeds

C : Domains are compared to seed rules

D : A list of domains as seeds is blocked

Answer: B

Free 350-201 Mock Exam – Practice Online Confidently

Buying Options: