Cisco Exam 350-201 Topic 8 Question 79 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 79
Topic #: 8

A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

ADisable BIND forwarding from the DNS server to avoid reconnaissance.

BDisable affected assets and isolate them for further investigation.

CConfigure affected devices to disable NETRJS protocol.

DConfigure affected devices to disable the Finger service.

Show Suggested Answer

Suggested Answer: B, D

by Devora at Dec 27, 2023, 11:07 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Vannessa

1 months ago

Fingers crossed the answer is D! I can't imagine anyone actually using the Finger service these days, it's gotta be a relic from the 80s.

upvoted 0 times

Lorrie

4 days ago

Disabling the Finger service sounds like a good plan to mitigate the attack.

upvoted 0 times

...

Sheldon

13 days ago

I think we should disable the Finger service on the affected devices.

upvoted 0 times

...

Paola

14 days ago

I agree, the Finger service is definitely outdated.

upvoted 0 times

...

Armando

1 months ago

Wait, is the Finger service actually a real thing? I thought that was just a joke from The IT Crowd! Either way, better disable it just in case.

upvoted 0 times

Carlota

2 days ago

We should definitely disable it on the affected devices to prevent further attacks.

upvoted 0 times

...

Joye

3 days ago

Yes, the Finger service is real and can be exploited by attackers.

upvoted 0 times

...

Janessa

2 months ago

Disabling BIND forwarding could work, but that feels like a bandaid solution. Isolating the affected assets seems like the most thorough approach to me.

upvoted 0 times