350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 1:

    Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?

    A. Threat scores are high, malicious ransomware has been detected, and files have been modified
    B. Threat scores are low, malicious ransomware has been detected, and files have been modified
    C. Threat scores are high, malicious activity is detected, but files have not been modified
    D. Threat scores are low and no malicious file activity is detected

  • Question 2:

    A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?

    A. Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
    B. Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
    C. Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
    D. Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.

  • Question 3:

    A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

    A. post-authorization by non-issuing entities if there is a documented business justification
    B. by entities that issue the payment cards or that perform support issuing services
    C. post-authorization by non-issuing entities if the data is encrypted and securely stored
    D. by issuers and issuer processors if there is a legitimate reason

  • Question 4:

    What is needed to assess risk mitigation effectiveness in an organization?

    A. analysis of key performance indicators
    B. compliance with security standards
    C. cost-effectiveness of control measures
    D. updated list of vulnerable systems

  • Question 5:

    How does Wireshark decrypt TLS network traffic?

    A. with a key log file using per-session secrets
    B. using an RSA public key
    C. by observing DH key exchange
    D. by defining a user-specified decode-as

  • Question 6:

    A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled.

    Which activity triggered the behavior analytics tool?

    A. accessing the Active Directory server
    B. accessing the server with financial data
    C. accessing multiple servers
    D. downloading more than 10 files

  • Question 7:

    Refer to the exhibit. Which indicator of compromise is represented by this STIX?

    A. website redirecting traffic to ransomware server
    B. website hosting malware to download files
    C. web server vulnerability exploited by malware
    D. cross-site scripting vulnerability to backdoor server

  • Question 8:

    A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

    A. Determine the systems involved and deploy available patches
    B. Analyze event logs and restrict network access
    C. Review access lists and require users to increase password complexity
    D. Identify the attack vector and update the IDS signature list

  • Question 9:

    Refer to the exhibit. Which command was executed in PowerShell to generate this log?

    A. Get-EventLog -LogName*
    B. Get-EventLog -List
    C. Get-WinEvent -ListLog* -ComputerName localhost
    D. Get-WinEvent -ListLog*

  • Question 10:

    Refer to the exhibit. An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior.

    Which type of compromise is occurring?

    A. compromised insider
    B. compromised root access
    C. compromised database tables
    D. compromised network

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.