1. Home
  2. Cisco
  3. 350-201

Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Mar 26, 2025

Cisco CyberOps Professional 350-201 Questions & Answers

  • Question 61:

    An engineer is moving data from NAS servers in different departments to a combined storage database so that the data can be accessed and analyzed by the organization on-demand. Which data management process is being used?

    A. data clustering

    B. data regression

    C. data ingestion

    D. data obfuscation

  • Question 62:

    What is a benefit of key risk indicators?

    A. clear perspective into the risk position of an organization

    B. improved visibility on quantifiable information

    C. improved mitigation techniques for unknown threats

    D. clear procedures and processes for organizational risk

  • Question 63:

    An engineer is developing an application that requires frequent updates to close feedback loops and enable teams to quickly apply patches. The team wants their code updates to get to market as often as possible. Which software development approach should be used to accomplish these goals?

    A. continuous delivery

    B. continuous integration

    C. continuous deployment

    D. continuous monitoring

  • Question 64:

    Refer to the exhibit. An engineer notices a significant anomaly in the traffic in one of the host groups in Cisco Secure Network Analytics (Stealthwatch) and must analyze the top data transmissions. Which tool accomplishes this task?

    A. Top Peers

    B. Top Hosts

    C. Top Conversations

    D. Top Ports

  • Question 65:

    Refer to the exhibit. Which indicator of compromise is represented by this STIX?

    A. website redirecting traffic to ransomware server

    B. website hosting malware to download files

    C. web server vulnerability exploited by malware

    D. cross-site scripting vulnerability to backdoor server

  • Question 66:

    An audit is assessing a small business that is selling automotive parts and diagnostic services. Due to increased customer demands, the company recently started to accept credit card payments and acquired a POS terminal. Which compliance regulations must the audit apply to the company?

    A. HIPAA

    B. FISMA

    C. COBIT

    D. PCI DSS

  • Question 67:

    A customer is using a central device to manage network devices over SNMPv2. A remote attacker caused a denial of service condition and can trigger this vulnerability by issuing a GET request for the ciscoFlashMIB OID on an affected device.

    Which should be disabled to resolve the issue?

    A. SNMPv2

    B. TCP small services

    C. port UDP 161 and 162

    D. UDP small services

  • Question 68:

    Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

    A. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.

    B. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.

    C. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.

    D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.

  • Question 69:

    A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities.

    Which additional element is needed to calculate the risk?

    A. assessment scope

    B. event severity and likelihood

    C. incident response playbook

    D. risk model framework

  • Question 70:

    An employee who often travels abroad logs in from a first-seen country during non-working hours. The SIEM tool generates an alert that the user is forwarding an increased amount of emails to an external mail domain and then logs out. The investigation concludes that the external domain belongs to a competitor.

    Which two behaviors triggered UEBA? (Choose two.)

    A. domain belongs to a competitor

    B. log in during non-working hours

    C. email forwarding to an external domain

    D. log in from a first-seen country

    E. increased number of sent mails

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.