350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 111:

    An engineer is investigating several cases of increased incoming spam emails and suspicious emails from the HR and service departments. While checking the event sources, the website monitoring tool showed several web scraping alerts overnight.

    Which type of compromise is indicated?

    A. phishing
    B. dumpster diving
    C. social engineering
    D. privilege escalation

  • Question 112:

    Refer to the exhibit. How must these advisories be prioritized for handling?

    A. The highest priority for handling depends on the type of institution deploying the devices
    B. Vulnerability #2 is the highest priority for every type of institution
    C. Vulnerability #1 and vulnerability #2 have the same priority
    D. Vulnerability #1 is the highest priority for every type of institution

  • Question 113:

    An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?

    A. data clustering
    B. data regression
    C. data ingestion
    D. data obfuscation

  • Question 114:

    A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

    A. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period
    B. Create a rule triggered by 1 successful VPN connection from any nondestination country
    C. Create a rule triggered by multiple successful VPN connections from the destination countries
    D. Analyze the logs from all countries related to this user during the traveling period

  • Question 115:

    An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed. A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

    A. Run the program through a debugger to see the sequential actions
    B. Unpack the file in a sandbox to see how it reacts
    C. Research the malware online to see if there are noted findings
    D. Disassemble the malware to understand how it was constructed

  • Question 116:

    A threat actor has crafted and sent a spear-phishing email with what appears to be a trustworthy link to the site of a conference that an employee recently attended. The employee clicked the link and was redirected to a malicious site through which the employee downloaded a PDF attachment infected with ransomware. The employee opened the attachment, which exploited vulnerabilities on the desktop. The ransomware is now installed and is calling back to its command and control server.

    Which security solution is needed at this stage to mitigate the attack?

    A. web security solution
    B. email security solution
    C. endpoint security solution
    D. network security solution

  • Question 117:

    Refer to the exhibit. Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 118:

    An engineer received an incident ticket of a malware outbreak and used antivirus and malware removal tools to eradicate the threat. The engineer notices that abnormal processes are still occurring in the system and determines that manual intervention is needed to clean the infected host and restore functionality. What is the next step the engineer should take to complete this playbook step?

    A. Scan the network to identify unknown assets and the asset owners.
    B. Analyze the components of the infected hosts and associated business services.
    C. Scan the host with updated signatures and remove temporary containment.
    D. Analyze the impact of the malware and contain the artifacts.

  • Question 119:

    DRAG DROP

    Drag and drop the NIST incident response process steps from the left onto the actions that occur in the steps on the right.

    Select and Place:

  • Question 120:

    DRAG DROP

    Drag and drop the function on the left onto the mechanism on the right.

    Select and Place:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.