350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 11:

    Which action should be taken when the HTTP response code 301 is received from a web application?

    A. Update the cached header metadata.
    B. Confirm the resource's location.
    C. Increase the allowed user limit.
    D. Modify the session timeout setting.

  • Question 12:

    A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.

    What is the next step in handling the incident?

    A. Block the source IP from the firewall
    B. Perform an antivirus scan on the laptop
    C. Identify systems or services at risk
    D. Identify lateral movement

  • Question 13:

    An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.

    Which action will improve workflow automation?

    A. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.
    B. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.
    C. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.
    D. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

  • Question 14:

    Refer to the exhibit. Which data format is being used?

    A. JSON
    B. HTML
    C. XML
    D. CSV

  • Question 15:

    Refer to the exhibit. What is occurring in this packet capture?

    A. TCP port scan
    B. TCP flood
    C. DNS flood
    D. DNS tunneling

  • Question 16:

    Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

    A. Limit the number of API calls that a single client is allowed to make
    B. Add restrictions on the edge router on how often a single client can access the API
    C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
    D. Increase the application cache of the total pool of active clients that call the API

  • Question 17:

    A SOC analyst detected a ransomware outbreak in the organization coming from a malicious email attachment. Affected parties are notified, and the incident response team is assigned to the case. According to the NIST incident response handbook, what is the next step in handling the incident?

    A. Create a follow-up report based on the incident documentation.
    B. Perform a vulnerability assessment to find existing vulnerabilities.
    C. Eradicate malicious software from the infected machines.
    D. Collect evidence and maintain a chain-of-custody during further analysis.

  • Question 18:

    What is the impact of hardening machine images for deployment?

    A. reduces the attack surface
    B. increases the speed of patch deployment
    C. reduces the steps needed to mitigate threats
    D. increases the availability of threat alerts

  • Question 19:

    An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

    A. HIPAA
    B. FISMA
    C. COBIT
    D. PCI DSS

  • Question 20:

    Which bash command will print all lines from the “colors.txt” file containing the non case-sensitive pattern “Yellow”?

    A. grep -i “yellow” colors.txt
    B. locate “yellow” colors.txt
    C. locate -i “Yellow” colors.txt
    D. grep “Yellow” colors.txt

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.