350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 51:

    Refer to the exhibit. Where does it signify that a page will be stopped from loading when a scripting attack is detected?

    A. x-frame-options
    B. x-content-type-options
    C. x-xss-protection
    D. x-test-debug

  • Question 52:

    Refer to the exhibit. An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?

    A. Top Peers
    B. Top Hosts
    C. Top Conversations
    D. Top Ports

  • Question 53:

    Refer to the exhibit. An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim's spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address.

    Which action does the engineer recommend?

    A. Use command ip verify reverse-path interface
    B. Use global configuration command service tcp-keepalives-out
    C. Use subinterface command no ip directed-broadcast
    D. Use logging trap 6

  • Question 54:

    An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?

    A. continuous delivery
    B. continuous integration
    C. continuous deployment
    D. continuous monitoring

  • Question 55:

    A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company-owned asset al039-ice4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

    A. Measure confidentiality level of downloaded documents.
    B. Report to the incident response team.
    C. Escalate to contractor's manager.
    D. Communicate with the contractor to identify the motives.

  • Question 56:

    The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource.

    What is the next step?

    A. Conduct a risk assessment of systems and applications
    B. Isolate the infected host from the rest of the subnet
    C. Install malware prevention software on the host
    D. Analyze network traffic on the host's subnet

  • Question 57:

    DRAG DROP

    An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.

    Select and Place:

  • Question 58:

    Refer to the exhibit. What is the threat in this Wireshark traffic capture?

    A. A high rate of SYN packets being sent from multiple sources toward a single destination IP
    B. A flood of ACK packets coming from a single source IP to multiple destination IPs
    C. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs
    D. A flood of SYN packets coming from a single source IP to a single destination IP

  • Question 59:

    An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

    A. Disable memory limit.
    B. Disable CPU threshold trap toward the SNMP server.
    C. Enable memory tracing notifications.
    D. Enable memory threshold notifications.

  • Question 60:

    DRAG DROP

    Drag and drop the actions below the image onto the boxes in the image for the actions that should be taken during this playbook step. Not all options are used.

    Select and Place:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.