350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 21:

    An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

    A. Analyze environmental threats and causes
    B. Inform the product security incident response team to investigate further
    C. Analyze the precursors and indicators
    D. Inform the computer security incident response team to investigate further

  • Question 22:

    An organization had a breach due to a phishing attack. An engineer leads a team through the recovery phase of the incident response process. Which action should be taken during this phase?

    A. Host a discovery meeting and define configuration and policy updates
    B. Update the IDS/IPS signatures and reimage the affected hosts
    C. Identify the systems that have been affected and tools used to detect the attack
    D. Identify the traffic with data capture using Wireshark and review email filters

  • Question 23:

    DRAG DROP

    Drag and drop the telemetry-related considerations from the left onto their cloud service models on the right.

    Select and Place:

  • Question 24:

    Refer to the exhibit. Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a quarantine VLAN using Adaptive Network Control policy. Which method was used to signal ISE to quarantine the endpoints?

    A. SNMP
    B. syslog
    C. REST API
    D. pxGrid

  • Question 25:

    A security expert is investigating a breach that resulted in a $32 million loss from customer accounts. Hackers were able to steal API keys and two-factor codes due to a vulnerability that was introduced in a new code a few weeks before the attack.

    Which step was missed that would have prevented this breach?

    A. use of the Nmap tool to identify the vulnerability when the new code was deployed
    B. implementation of a firewall and intrusion detection system
    C. implementation of an endpoint protection system
    D. use of SecDevOps to detect the vulnerability during development

  • Question 26:

    An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities.

    What is the next step the engineer should take?

    A. Investigate the vulnerability to prevent further spread
    B. Acknowledge the vulnerabilities and document the risk
    C. Apply vendor patches or available hot fixes
    D. Isolate the assets affected in a separate network

  • Question 27:

    DRAG DROP

    Drag and drop the threat from the left onto the scenario that introduces the threat on the right. Not all options are used.

    Select and Place:

  • Question 28:

    A company launched an e-commerce website with multiple points of sale through internal and external e-stores. Customers access the stores from the public website, and employees access the stores from the intranet with an SSO. Which action is needed to comply with PCI standards for hardening the systems?

    A. Mask PAN numbers
    B. Encrypt personal data
    C. Encrypt access
    D. Mask sales details

  • Question 29:

    Refer to the exhibit. An engineer is reverse engineering a suspicious file by examining its resources. What does this file indicate?

    A. a DOS MZ executable format
    B. a MS-DOS executable archive
    C. an archived malware
    D. a Windows executable file

  • Question 30:

    The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

    A. Perform static and dynamic code analysis of the specimen.
    B. Unpack the specimen and perform memory forensics.
    C. Contain the subnet in which the suspicious file was found.
    D. Document findings and clean-up the laboratory.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.