350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 91:

    Refer to the exhibit. At which stage of the threat kill chain is an attacker, based on these URIs of inbound web requests from known malicious Internet scanners?

    A. exploitation
    B. actions on objectives
    C. delivery
    D. reconnaissance

  • Question 92:

    An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

    A. Disconnect the affected server from the network.
    B. Analyze the source.
    C. Access the affected server to confirm compromised files are encrypted.
    D. Determine the attack surface.

  • Question 93:

    A security architect in an automotive factory is working on the Cyber Security Management System and is implementing procedures and creating policies to prevent attacks. Which standard must the architect apply?

    A. IEC62446
    B. IEC62443
    C. IEC62439-3
    D. IEC62439-2

  • Question 94:

    An engineer notices that every Sunday night, there is a two-hour period with a large load of network activity. Upon further investigation, the engineer finds that the activity is from locations around the globe outside the organization's service area. What are the next steps the engineer must take?

    A. Assign the issue to the incident handling provider because no suspicious activity has been observed during business hours.
    B. Review the SIEM and FirePower logs, block all traffic, and document the results of calling the call center.
    C. Define the access points using StealthWatch or SIEM logs, understand services being offered during the hours in question, and cross-correlate other source events.
    D. Treat it as a false positive, and accept the SIEM issue as valid to avoid alerts from triggering on weekends.

  • Question 95:

    Refer to the exhibit. An engineer configured this SOAR solution workflow to identify account theft threats and privilege escalation, evaluate risk, and respond by resolving the threat. This solution is handling more threats than Security analysts have time to analyze. Without this analysis, the team cannot be proactive and anticipate attacks.

    Which action will accomplish this goal?

    A. Exclude the step "BAN malicious IP" to allow analysts to conduct and track the remediation
    B. Include a step "Take a Snapshot" to capture the endpoint state to contain the threat for analysis
    C. Exclude the step "Check for GeoIP location" to allow analysts to analyze the location and the associated risk based on asset criticality
    D. Include a step "Reporting" to alert the security department of threats identified by the SOAR reporting engine

  • Question 96:

    Refer to the exhibit. What is the connection status of the ICMP event?

    A. blocked by a configured access policy rule
    B. allowed by a configured access policy rule
    C. blocked by an intrusion policy rule
    D. allowed in the default action

  • Question 97:

    A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web.

    What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

    A. Run and analyze the DLP Incident Summary Report from the Email Security Appliance
    B. Ask the company to execute the payload for real time analysis
    C. Investigate further in open source repositories using YARA to find matches
    D. Obtain a copy of the file for detonation in a sandbox

  • Question 98:

    DRAG DROP

    Refer to the exhibit. The Cisco Secure Network Analytics (Stealthwatch) console alerted with “New Malware Server Discovered” and the IOC indicates communication from an end-user desktop to a Zeus CandC Server. Drag and drop the actions that the analyst should take from the left into the order on the right to investigate and remediate this IOC.

    Select and Place:

  • Question 99:

    Refer to the exhibit. An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable.

    What does this STIX indicate?

    A. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
    B. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
    C. There is a possible data leak because payloads should be encoded as UTF-8 text
    D. There is a malware that is communicating via encrypted channels to the command and control server

  • Question 100:

    Employees report computer system crashes within the same week. An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder. It appears that the shortcuts redirect users to malicious URLs.

    What is the next step the engineer should take to investigate this case?

    A. Remove the shortcut files
    B. Check the audit logs
    C. Identify affected systems
    D. Investigate the malicious URLs

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.