1. Home
  2. Cisco
  3. 350-201

Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Exam Details

  • Exam Code
    :350-201
  • Exam Name
    :Performing CyberOps Using Cisco Security Technologies (CBRCOR)
  • Certification
    :CyberOps Professional
  • Vendor
    :Cisco
  • Total Questions
    :139 Q&As
  • Last Updated
    :Mar 26, 2025

Cisco CyberOps Professional 350-201 Questions & Answers

  • Question 81:

    Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

    A. customer data

    B. internal database

    C. internal cloud

    D. Internet

  • Question 82:

    An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

    A. Modify the alert rule to "output alert_syslog: output log"

    B. Modify the output module rule to "output alert_quick: output filename"

    C. Modify the alert rule to "output alert_syslog: output header"

    D. Modify the output module rule to "output alert_fast: output filename"

  • Question 83:

    Refer to the exhibit. An engineer received a report that an attacker has compromised a workstation and gained access to sensitive customer data from the network using insecure protocols. Which action prevents this type of attack in the future?

    A. Use VLANs to segregate zones and the firewall to allow only required services and secured protocols

    B. Deploy a SOAR solution and correlate log alerts from customer zones

    C. Deploy IDS within sensitive areas and continuously update signatures

    D. Use syslog to gather data from multiple sources and detect intrusion logs for timely responses

  • Question 84:

    An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?

    A. Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.

    B. Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.

    C. Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.

    D. Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.

  • Question 85:

    A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory.

    What is the next step the analyst should take?

    A. Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack

    B. Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities

    C. Review the server backup and identify server content and data criticality to assess the intrusion risk

    D. Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

  • Question 86:

    A security expert is investigating a breach that resulted in a $32 million loss from customer accounts. Hackers were able to steal API keys and two-factor codes due to a vulnerability that was introduced in a new code a few weeks before the attack.

    Which step was missed that would have prevented this breach?

    A. use of the Nmap tool to identify the vulnerability when the new code was deployed

    B. implementation of a firewall and intrusion detection system

    C. implementation of an endpoint protection system

    D. use of SecDevOps to detect the vulnerability during development

  • Question 87:

    Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network Analytics (Stealthwatch) and ISE detects the threat of malware-infected 802.1x authenticated endpoints and places that endpoint into a Quarantine VLAN using Adaptive Network Control policy.

    Which telemetry feeds were correlated with SMC to identify the malware?

    A. NetFlow and event data

    B. event data and syslog data

    C. SNMP and syslog data

    D. NetFlow and SNMP

  • Question 88:

    A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?

    A. DLP for data in motion

    B. DLP for removable data

    C. DLP for data in use

    D. DLP for data at rest

  • Question 89:

    An engineer receives a report that indicates a possible incident of a malicious insider sending company information to outside parties. What is the first action the engineer must take to determine whether an incident has occurred?

    A. Analyze environmental threats and causes

    B. Inform the product security incident response team to investigate further

    C. Analyze the precursors and indicators

    D. Inform the computer security incident response team to investigate further

  • Question 90:

    An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach.

    Which indicator generated this IOC event?

    A. ExecutedMalware.ioc

    B. Crossrider.ioc

    C. ConnectToSuspiciousDomain.ioc

    D. W32 AccesschkUtility.ioc

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 350-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.