350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 31:

    What is a principle of Infrastructure as Code?

    A. System maintenance is delegated to software systems
    B. Comprehensive initial designs support robust systems
    C. Scripts and manual configurations work together to ensure repeatable routines
    D. System downtime is grouped and scheduled across the infrastructure

  • Question 32:

    An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

    A. Command and Control, Application Layer Protocol, Duqu
    B. Discovery, Remote Services: SMB/Windows Admin Shares, Duqu
    C. Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu
    D. Discovery, System Network Configuration Discovery, Duqu

  • Question 33:

    An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected.

    What action should be taken to harden the network?

    A. Move the IPS to after the firewall facing the internal network
    B. Move the IPS to before the firewall facing the outside network
    C. Configure the proxy service on the IPS
    D. Configure reverse port forwarding on the IPS

  • Question 34:

    DRAG DROP

    Drag and drop the components from the left onto the phases of the CI/CD pipeline on the right.

    Select and Place:

  • Question 35:

    DRAG DROP

    An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

    Select and Place:

  • Question 36:

    The physical security department received a report that an unauthorized person followed an authorized individual to enter a secured premise. The incident was documented and given to a security specialist to analyze. Which step should be taken at this stage?

    A. Determine the assets to which the attacker has access
    B. Identify assets the attacker handled or acquired
    C. Change access controls to high risk assets in the enterprise
    D. Identify movement of the attacker in the enterprise

  • Question 37:

    A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high.

    Which step should be taken to continue the investigation?

    A. Run the sudo sysdiagnose command
    B. Run the sh command
    C. Run the w command
    D. Run the who command

  • Question 38:

    An organization installed a new application server for IP phones. An automated process fetched user credentials from the Active Directory server, and the application will have access to on-premises and cloud services. Which security threat should be mitigated first?

    A. aligning access control policies
    B. exfiltration during data transfer
    C. attack using default accounts
    D. data exposure from backups

  • Question 39:

    An engineer returned to work and realized that payments that were received over the weekend were sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these payments was down over the weekend. Which step should the engineer take first?

    A. Utilize the SaaS tool team to gather more information on the potential breach
    B. Contact the incident response team to inform them of a potential breach
    C. Organize a meeting to discuss the services that may be affected
    D. Request that the purchasing department creates and sends the payments manually

  • Question 40:

    Refer to the exhibit. An engineer received multiple reports from employees unable to log into systems with the error: The Group Policy Client service failed to logon – Access is denied. Through further analysis, the engineer discovered several unexpected modifications to system settings. Which type of breach is occurring?

    A. malware break
    B. data theft
    C. elevation of privileges
    D. denial-of-service

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.