350-201 Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 350-201 Online Questions & Answers

  • Question 81:

    How is a SIEM tool used?

    A. To collect security data from authentication failures and cyber attacks and forward it for analysis
    B. To search and compare security data against acceptance standards and generate reports for analysis
    C. To compare security alerts against configured scenarios and trigger system responses
    D. To collect and analyze security data from network devices and servers and produce alerts

  • Question 82:

    What is the difference between process orchestration and automation?

    A. Orchestration combines a set of automated tools, while automation is focused on the tools to automate process flows.
    B. Orchestration arranges the tasks, while automation arranges processes.
    C. Orchestration minimizes redundancies, while automation decreases the time to recover from redundancies.
    D. Automation optimizes the individual tasks to execute the process, while orchestration optimizes frequent and repeatable processes.

  • Question 83:

    Refer to the exhibit. How are tokens authenticated when the REST API on a device is accessed from a REST API client?

    A. The token is obtained by providing a password. The REST client requests access to a resource using the access token. The REST API validates the access token and gives access to the resource.
    B. The token is obtained by providing a password. The REST API requests access to a resource using the access token, validates the access token, and gives access to the resource.
    C. The token is obtained before providing a password. The REST API provides resource access, refreshes tokens, and returns them to the REST client. The REST client requests access to a resource using the access token.
    D. The token is obtained before providing a password. The REST client provides access to a resource using the access token. The REST API encrypts the access token and gives access to the resource.

  • Question 84:

    Refer to the exhibit. What results from this script?

    A. Seeds for existing domains are checked
    B. A search is conducted for additional seeds
    C. Domains are compared to seed rules
    D. A list of domains as seeds is blocked

  • Question 85:

    An organization suffered a security breach in which the attacker exploited a Netlogon Remote Protocol vulnerability for further privilege escalation. Which two actions should the incident response team take to prevent this type of attack from reoccurring? (Choose two.)

    A. Implement a patch management process.
    B. Scan the company server files for known viruses.
    C. Apply existing patches to the company servers.
    D. Automate antivirus scans of the company servers.
    E. Define roles and responsibilities in the incident response playbook.

  • Question 86:

    A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.861.2117.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet.

    What is the cause of the issue?

    A. DDoS attack
    B. phishing attack
    C. virus outbreak
    D. malware outbreak

  • Question 87:

    Refer to the exhibit. Where are the browser page rendering permissions displayed?

    A. X-Frame-Options
    B. X-XSS-Protection
    C. Content-Type
    D. Cache-Control

  • Question 88:

    A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross-correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

    A. Disable BIND forwarding from the DNS server to avoid reconnaissance.
    B. Disable affected assets and isolate them for further investigation.
    C. Configure affected devices to disable NETRJS protocol.
    D. Configure affected devices to disable the Finger service.

  • Question 89:

    After a recent malware incident, the forensic investigator is gathering details to identify the breach and causes. The investigator has isolated the affected workstation. What is the next step that should be taken in this investigation?

    A. Analyze the applications and services running on the affected workstation.
    B. Compare workstation configuration and asset configuration policy to identify gaps.
    C. Inspect registry entries for recently executed files.
    D. Review audit logs for privilege escalation events.

  • Question 90:

    DRAG DROP

    Drag and drop the mitigation steps from the left onto the vulnerabilities they mitigate on the right.

    Select and Place:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.