Cisco Exam 350-201 Topic 10 Question 101 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 101
Topic #: 10

A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

ABlock local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.

BInform the user by enabling an automated email response when the rule is triggered.

CInform the incident response team by enabling an automated email response when the rule is triggered.

DCreate an automation script for blocking URLs on the firewall when the rule is triggered.

Show Suggested Answer

Suggested Answer: B, D

by Carlee at Oct 24, 2024, 07:43 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Della

13 hours ago

Hmm, I'm not so sure about option B. Do we really want to clutter people's inboxes with automated emails? I'd prefer the automation script in option D.

upvoted 0 times

...

Bea

3 days ago

Whoa, hold up! Option B might be a good idea too. Letting the user know when they've triggered the rule could help them avoid future issues.

upvoted 0 times

...

Mabel

13 days ago

I see both points, but I think option C is also important. Keeping the incident response team informed is crucial for coordination.

upvoted 0 times

...

Adaline

14 days ago

I think option D is the way to go. Automating the blocking process on the firewall is the most efficient solution here.

upvoted 0 times

...

Filiberto

17 days ago

I disagree, I believe option A is more effective. Blocking local to remote requests will prevent further damage.

upvoted 0 times

...

Adela

27 days ago

I think option D is the best choice. It will save time and ensure immediate action.

upvoted 0 times

...