1. Home
  2. Cisco
  3. 350-201

Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Mar 26, 2025

Cisco CyberOps Professional 350-201 Questions & Answers

  • Question 101:

    The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability.

    Which step was missed according to the NIST incident handling guide?

    A. Contain the malware

    B. Install IPS software

    C. Determine the escalation path

    D. Perform vulnerability assessment

  • Question 102:

    A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

    A. Determine the systems involved and deploy available patches

    B. Analyze event logs and restrict network access

    C. Review access lists and require users to increase password complexity

    D. Identify the attack vector and update the IDS signature list

  • Question 103:

    A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time.

    What is the first step the analyst should take to address this incident?

    A. Evaluate visibility tools to determine if external access resulted in tampering

    B. Contact the third-party handling provider to respond to the incident as critical

    C. Turn off all access to the patient portal to secure patient records

    D. Review system and application logs to identify errors in the portal code

  • Question 104:

    An organization is using a PKI management server and a SOAR platform to manage the certificate lifecycle. The SOAR platform queries a certificate management tool to check all endpoints for SSL certificates that have either expired or are nearing expiration. Engineers are struggling to manage problematic certificates outside of PKI management since deploying certificates and tracking them requires searching server owners manually.

    Which action will improve workflow automation?

    A. Implement a new workflow within SOAR to create tickets in the incident response system, assign problematic certificate update requests to server owners, and register change requests.

    B. Integrate a PKI solution within SOAR to create certificates within the SOAR engines to track, update, and monitor problematic certificates.

    C. Implement a new workflow for SOAR to fetch a report of assets that are outside of the PKI zone, sort assets by certification management leads and automate alerts that updates are needed.

    D. Integrate a SOAR solution with Active Directory to pull server owner details from the AD and send an automated email for problematic certificates requesting updates.

  • Question 105:

    Which command does an engineer use to set read/write/execute access on a folder for everyone who reaches the resource?

    A. chmod 666

    B. chmod 774

    C. chmod 775

    D. chmod 777

  • Question 106:

    A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network.

    What is the next step in handling the incident?

    A. Block the source IP from the firewall

    B. Perform an antivirus scan on the laptop

    C. Identify systems or services at risk

    D. Identify lateral movement

  • Question 107:

    A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?

    A. Assess the network for unexpected behavior

    B. Isolate critical hosts from the network

    C. Patch detected vulnerabilities from critical hosts

    D. Perform analysis based on the established risk factors

  • Question 108:

    Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?

    A. Threat scores are high, malicious ransomware has been detected, and files have been modified

    B. Threat scores are low, malicious ransomware has been detected, and files have been modified

    C. Threat scores are high, malicious activity is detected, but files have not been modified

    D. Threat scores are low and no malicious file activity is detected

  • Question 109:

    The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive. The team collects and documents all the necessary evidence from the computing resource.

    What is the next step?

    A. Conduct a risk assessment of systems and applications

    B. Isolate the infected host from the rest of the subnet

    C. Install malware prevention software on the host

    D. Analyze network traffic on the host's subnet

  • Question 110:

    An organization had several cyberattacks over the last 6 months and has tasked an engineer with looking for patterns or trends that will help the organization anticipate future attacks and mitigate them. Which data analytic technique should the engineer use to accomplish this task?

    A. diagnostic

    B. qualitative

    C. predictive

    D. statistical

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.