350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 61:

    An analyst wants to upload an infected file containing sensitive information to a hybrid-analysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

    A. Verify hash integrity.
    B. Remove all personally identifiable information.
    C. Ensure the online sandbox is GDPR compliant.
    D. Lock the file to prevent unauthorized access.

  • Question 62:

    An engineer implemented a SOAR workflow to detect and respond to incorrect login attempts and anomalous user behavior. Since the implementation, the security team has received dozens of false positive alerts and negative feedback from system administrators and privileged users. Several legitimate users were tagged as a threat and their accounts blocked, or credentials reset because of unexpected login times and incorrectly typed credentials.

    How should the workflow be improved to resolve these issues?

    A. Meet with privileged users to increase awareness and modify the rules for threat tags and anomalous behavior alerts
    B. Change the SOAR configuration flow to remove the automatic remediation that is increasing the false positives and triggering threats
    C. Add a confirmation step through which SOAR informs the affected user and asks them to confirm whether they made the attempts
    D. Increase incorrect login tries and tune anomalous user behavior not to affect privileged accounts

  • Question 63:

    What is the HTTP response code when the REST API information requested by the authenticated user cannot be found?

    A. 401
    B. 402
    C. 403
    D. 404
    E. 405

  • Question 64:

    DRAG DROP

    Drag and drop the cloud computing service descriptions from the left onto the cloud service categories on the right.

    Select and Place:

  • Question 65:

    An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?

    #!/usr/bin/pythonimport sysimport requests

    A. {1}, {2}
    B. {1}, {3}
    C. console_ip, api_token
    D. console_ip, reference_set_name

  • Question 66:

    Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?

    A. chmod 666
    B. chmod 774
    C. chmod 775
    D. chmod 777

  • Question 67:

    Engineers are working to document, list, and discover all used applications within an organization. During the regular assessment of applications from the HR backup server, an engineer discovered an unknown application. The analysis showed that the application is communicating with external addresses on a non-secure, unencrypted channel. Information gathering revealed that the unknown application does not have an owner and is not being used by a business unit. What are the next two steps the engineers should take in this investigation? (Choose two.)

    A. Determine the type of data stored on the affected asset, document the access logs, and engage the incident response team.
    B. Identify who installed the application by reviewing the logs and gather a user access log from the HR department.
    C. Verify user credentials on the affected asset, modify passwords, and confirm available patches and updates are installed.
    D. Initiate a triage meeting with department leads to determine if the application is owned internally or used by any business unit and document the asset owner.

  • Question 68:

    A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment. The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)

    A. incident response playbooks
    B. asset vulnerability assessment
    C. report of staff members with asset relations
    D. key assets and executives
    E. malware analysis report

  • Question 69:

    DRAG DROP

    Drag and drop the phases to evaluate the security posture of an asset from the left onto the activity that happens during the phases on the right.

    Select and Place:

  • Question 70:

    An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach.

    Which indicator generated this IOC event?

    A. ExecutedMalware.ioc
    B. Crossrider.ioc
    C. ConnectToSuspiciousDomain.ioc
    D. W32 AccesschkUtility.ioc

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.