Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Cisco Exam 350-201 Topic 8 Question 79 Discussion

Actual exam question for Cisco's 350-201 exam

Question #: 79
Topic #: 8

[All 350-201 Questions]

A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross- correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

ADisable BIND forwarding from the DNS server to avoid reconnaissance.

BDisable affected assets and isolate them for further investigation.

CConfigure affected devices to disable NETRJS protocol.

DConfigure affected devices to disable the Finger service.

Show Suggested Answer

Suggested Answer: B, D

by Devora at Dec 27, 2023, 11:07 PM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ula

11 days ago

But wouldn't it be better to isolate the affected assets for further investigation?

upvoted 0 times

...

Chery

12 days ago

I agree with Charlesetta, it will help prevent further reconnaissance.

upvoted 0 times

...

Charlesetta

13 days ago

I think we should disable BIND forwarding from the DNS server.

upvoted 0 times

...

Kelvin

16 days ago

Hmm, I'm not sure disabling NETRJS is the right move here. Wouldn't that just bring more attention to the issue? I'd go with option D to be safe.

upvoted 0 times

...

Therese

19 days ago

But what about isolating the affected assets for investigation?

upvoted 0 times

...

Kimbery

20 days ago

The Finger service sounds like a very suspicious protocol. Disabling it seems like the best way to address this attack!

upvoted 0 times

Elfriede

2 days ago

But should we also isolate the affected assets for further investigation?

upvoted 0 times

...

My

9 days ago

I agree, disabling the Finger service is a good idea.

upvoted 0 times

...

...

Karina

22 days ago

I agree with Ryann, it will help prevent further reconnaissance.

upvoted 0 times

...

Ryann

23 days ago

I think we should disable BIND forwarding from the DNS server.

upvoted 0 times

...

az-700 pass4success az-104 200-301 200-201 cissp 350-401 350-201 350-501 350-601 350-801 350-901 az-720 az-305 pl-300

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77