350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 131:

    Refer to the exhibit. An employee is a victim of a social engineering phone call and installs remote access software to allow an "MS Support" technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https.

    What should be determined regarding data loss between the employee's laptop and the remote technician's system?

    A. No database files were disclosed
    B. The database files were disclosed
    C. The database files integrity was violated
    D. The database files were intentionally corrupted, and encryption is possible

  • Question 132:

    Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

    A. The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores do not indicate the likelihood of malicious ransomware.
    B. The prioritized behavioral indicators of compromise do not justify the execution of the "ransomware" because the scores are high and do not indicate the likelihood of malicious ransomware.
    C. The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are high and indicate the likelihood that malicious ransomware has been detected.
    D. The prioritized behavioral indicators of compromise justify the execution of the "ransomware" because the scores are low and indicate the likelihood that malicious ransomware has been detected.

  • Question 133:

    A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time.

    What is the first step the analyst should take to address this incident?

    A. Evaluate visibility tools to determine if external access resulted in tampering
    B. Contact the third-party handling provider to respond to the incident as critical
    C. Turn off all access to the patient portal to secure patient records
    D. Review system and application logs to identify errors in the portal code

  • Question 134:

    A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

    A. Determine if there is internal knowledge of this incident.
    B. Check incoming and outgoing communications to identify spoofed emails.
    C. Disconnect the network from Internet access to stop the phishing threats and regain control.
    D. Engage the legal department to explore action against the competitor that posted the spreadsheet.

  • Question 135:

    Refer to the exhibit. For IP 192.168.1.209, what are the risk level, activity, and next step?

    A. high risk level, anomalous periodic communication, quarantine with antivirus
    B. critical risk level, malicious server IP, run in a sandboxed environment
    C. critical risk level, data exfiltration, isolate the device
    D. high risk level, malicious host, investigate further

  • Question 136:

    According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?

    A. Perform a vulnerability assessment
    B. Conduct a data protection impact assessment
    C. Conduct penetration testing
    D. Perform awareness testing

  • Question 137:

    Refer to the exhibit. Two types of clients are accessing the front ends and the core database that manages transactions, access control, and atomicity. What is the threat model for the SQL database?

    A. An attacker can initiate a DoS attack.
    B. An attacker can read or change data.
    C. An attacker can transfer data to an external server.
    D. An attacker can modify the access logs.

  • Question 138:

    The network operations center has identified malware, created a ticket within their ticketing system, and assigned the case to the SOC with high-level information. A SOC analyst was able to stop the malware from spreading and identified the attacking host. What is the next step in the incident response workflow?

    A. eradication and recovery
    B. post-incident activity
    C. containment
    D. detection and analysis

  • Question 139:

    A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

    A. Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
    B. Inform the user by enabling an automated email response when the rule is triggered.
    C. Inform the incident response team by enabling an automated email response when the rule is triggered.
    D. Create an automation script for blocking URLs on the firewall when the rule is triggered.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.