350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 41:

    Refer to the exhibit. An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

    A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols
    B. Deploy a SOAR solution and correlate log alerts from customer zones
    C. Deploy IDS within sensitive areas and continuously update signatures
    D. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses

  • Question 42:

    A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

    A. Assess the network for unexpected behavior
    B. Isolate critical hosts from the network
    C. Patch detected vulnerabilities from critical hosts
    D. Perform analysis based on the established risk factors

  • Question 43:

    Refer to the exhibit. An organization is using an internal application for printing documents that requires a separate registration on the website. The application allows format-free user creation, and users must match these required conditions to comply with the company's user creation policy: minimum length: 3 usernames can only use letters, numbers, dots, and underscores usernames cannot begin with a number

    The application administrator has to manually change and track these daily to ensure compliance. An engineer is tasked to implement a script to automate the process according to the company user creation policy. The engineer implemented this piece of code within the application, but users are still able to create format-free usernames.

    Which change is needed to apply the restrictions?

    A. modify code to return error on restrictions def return false_user(username, minlen)
    B. automate the restrictions def automate_user(username, minlen)
    C. validate the restrictions, def validate_user(username, minlen)
    D. modify code to force the restrictions, def force_user(username, minlen)

  • Question 44:

    A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

    A. Classify the criticality of the information, research the attacker's motives, and identify missing patches
    B. Determine the damage to the business, extract reports, and save evidence according to a chain of custody
    C. Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited
    D. Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

  • Question 45:

    What do 2xx HTTP response codes indicate for REST APIs?

    A. additional action must be taken by the client to complete the request
    B. the server takes responsibility for error status codes
    C. communication of transfer protocol-level information
    D. successful acceptance of the client's request

  • Question 46:

    Refer to the exhibit. Where is the MIME type that should be followed indicated?

    A. x-test-debug
    B. strict-transport-security
    C. x-xss-protection
    D. x-content-type-options

  • Question 47:

    A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory.

    What is the next step the analyst should take?

    A. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
    B. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
    C. Review the server backup and identify server content and data criticality to assess the intrusion risk
    D. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

  • Question 48:

    Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

    A. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
    B. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
    C. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
    D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

  • Question 49:

    Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

    A. Evaluate the intrusion detection system alerts to determine the threat source and attack surface.
    B. Communicate with employees to determine who opened the link and isolate the affected assets.
    C. Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.
    D. Review the mail server and proxy logs to identify the impact of a potential breach.
    E. Check the email header to identify the sender and analyze the link in an isolated environment.

  • Question 50:

    An engineer has created a bash script to automate a complicated process. During script execution, this error occurs: permission denied. Which command must be added to execute this script?

    A. chmod +x ex.sh
    B. source ex.sh
    C. chroot ex.sh
    D. sh ex.sh

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.