1. Home
  2. Cisco
  3. 350-201

Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Mar 26, 2025

Cisco CyberOps Professional 350-201 Questions & Answers

  • Question 91:

    Refer to the exhibit. Which command was executed in PowerShell to generate this log?

    A. Get-EventLog -LogName*

    B. Get-EventLog -List

    C. Get-WinEvent -ListLog* -ComputerName localhost

    D. Get-WinEvent -ListLog*

  • Question 92:

    Refer to the exhibit. Which code snippet will parse the response to identify the status of the domain as malicious, clean or undefined?

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 93:

    An engineer receives an incident ticket with hundreds of intrusion alerts that require investigation. An analysis of the incident log shows that the alerts are from trusted IP addresses and internal devices. The final incident report stated that these alerts were false positives and that no intrusions were detected.

    What action should be taken to harden the network?

    A. Move the IPS to after the firewall facing the internal network

    B. Move the IPS to before the firewall facing the outside network

    C. Configure the proxy service on the IPS

    D. Configure reverse port forwarding on the IPS

  • Question 94:

    A SOC team is informed that a UK-based user will be traveling between three countries over the next 60 days. Having the names of the 3 destination countries and the user's working hours, what must the analyst do next to detect an abnormal behavior?

    A. Create a rule triggered by 3 failed VPN connection attempts in an 8-hour period

    B. Create a rule triggered by 1 successful VPN connection from any nondestination country

    C. Create a rule triggered by multiple successful VPN connections from the destination countries

    D. Analyze the logs from all countries related to this user during the traveling period

  • Question 95:

    An engineer received an alert of a zero-day vulnerability affecting desktop phones through which an attacker sends a crafted packet to a device, resets the credentials, makes the device unavailable, and allows a default administrator account login.

    Which step should an engineer take after receiving this alert?

    A. Initiate a triage meeting to acknowledge the vulnerability and its potential impact

    B. Determine company usage of the affected products

    C. Search for a patch to install from the vendor

    D. Implement restrictions within the VoIP VLANS

  • Question 96:

    Refer to the exhibit. An engineer is analyzing this Vlan0386-int12-117.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable.

    What does this STIX indicate?

    A. The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible

    B. The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information

    C. There is a possible data leak because payloads should be encoded as UTF-8 text

    D. There is a malware that is communicating via encrypted channels to the command and control server

  • Question 97:

    What do 2xx HTTP response codes indicate for REST APIs?

    A. additional action must be taken by the client to complete the request

    B. the server takes responsibility for error status codes

    C. communication of transfer protocol-level information

    D. successful acceptance of the client's request

  • Question 98:

    Refer to the exhibit. An engineer must tune the Cisco IOS device to mitigate an attack that is broadcasting a large number of ICMP packets. The attack is sending the victim's spoofed source IP to a network using an IP broadcast address that causes devices in the network to respond back to the source IP address.

    Which action does the engineer recommend?

    A. Use command ip verify reverse-path interface

    B. Use global configuration command service tcp-keepalives-out

    C. Use subinterface command no ip directed-broadcast

    D. Use logging trap 6

  • Question 99:

    Refer to the exhibit. What results from this script?

    A. Seeds for existing domains are checked

    B. A search is conducted for additional seeds

    C. Domains are compared to seed rules

    D. A list of domains as seeds is blocked

  • Question 100:

    Refer to the exhibit. Which data format is being used?

    A. JSON

    B. HTML

    C. XML

    D. CSV

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.