350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 101:

    Refer to the exhibit. An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?

    A. The file is redirecting users to a website that requests privilege escalations from the user.
    B. The file is redirecting users to the website that is downloading ransomware to encrypt files.
    C. The file is redirecting users to a website that harvests cookies and stored account information.
    D. The file is redirecting users to a website that is determining users’ geographic location.

  • Question 102:

    A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

    A. Identify the business applications running on the assets
    B. Update software to patch third-party software
    C. Validate CSRF by executing exploits within Metasploit
    D. Fix applications according to the risk scores

  • Question 103:

    A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device.

    Which should be disabled to resolve the issue?

    A. SNMPv2
    B. TCP small services
    C. port UDP 161 and 162
    D. UDP small services

  • Question 104:

    Refer to the exhibit. Where are the browser page rendering permissions displayed?

    A. x-frame-options
    B. x-xss-protection
    C. x-content-type-options
    D. x-test-debug

  • Question 105:

    A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities.

    Which additional element is needed to calculate the risk?

    A. assessment scope
    B. event severity and likelihood
    C. incident response playbook
    D. risk model framework

  • Question 106:

    What is a limitation of cyber security risk insurance?

    A. It does not cover the costs to restore stolen identities as a result of a cyber attack
    B. It does not cover the costs to hire forensics experts to analyze the cyber attack
    C. It does not cover the costs of damage done by third parties as a result of a cyber attack
    D. It does not cover the costs to hire a public relations company to help deal with a cyber attack

  • Question 107:

    A security incident affected an organization's critical business services, and the customer-side web API became unresponsive and crashed. An investigation revealed a spike of API call requests and a high number of inactive sessions during the incident. Which two recommendations should the engineers make to prevent similar incidents in the future? (Choose two.)

    A. Configure shorter timeout periods.
    B. Determine API rate-limiting requirements.
    C. Implement API key maintenance.
    D. Automate server-side error reporting for customers.
    E. Decrease simultaneous API responses.

  • Question 108:

    Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy.

    Which telemetry feeds were correlated with SMC to identify the malware?

    A. NetFlow and event data
    B. event data and syslog data
    C. SNMP and syslog data
    D. NetFlow and SNMP

  • Question 109:

    A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

    A. Allow list only authorized hosts to contact the application's IP at a specific port.
    B. Allow list HTTP traffic through the corporate VLANS.
    C. Allow list traffic to application's IP from the internal network at a specific port.
    D. Allow list only authorized hosts to contact the application's VLAN.

  • Question 110:

    The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability.

    Which step was missed according to the NIST incident handling guide?

    A. Contain the malware
    B. Install IPS software
    C. Determine the escalation path
    D. Perform vulnerability assessment

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.