Performing CyberOps Using Core Security Technologies (CBRCOR)

Here you have the best Cisco 350-201 practice exam questions

You have 139 total questions to study from
Each page has 5 questions, making a total of 28 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on October 15, 2025
This site is not affiliated with or endorsed by Cisco.

Question 1 of 139

Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end- user community?
Exam 350-201: Question 1 - Image 1

Limit the number of API calls that a single client is allowed to make

Add restrictions on the edge router on how often a single client can access the API

Reduce the amount of data that can be fetched from the total pool of active clients that call the API

Increase the application cache of the total pool of active clients that call the API

Correct Answer: A

To protect an application from being overloaded and ensure equitable access, implementing a rate limit on the number of API calls that a single client can make is a suitable approach. By limiting the number of requests a single client can send within a given timeframe, it helps prevent abuse from a single source while ensuring that legitimate users can access the application. This rate limiting can help mitigate the effects of denial-of-service (DoS) attacks and ensure more stable and fair access for all users.

Question 2 of 139

DRAG DROP -
An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.
Select and Place:
Exam 350-201: Question 2 - Image 1

Correct Answer:

Question 3 of 139

A threat actor attacked an organization's Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator's account was disabled. Which activity triggered the behavior analytics tool?

accessing the Active Directory server

accessing the server with financial data

accessing multiple servers

downloading more than 10 files

Correct Answer: D

The activity that most likely triggered the behavior analytics tool was downloading more than 10 files. Behavior analytics tools are designed to detect unusual activities, and downloading a large number of files in a short period typically stands out as suspicious behavior. Accessing multiple servers or the financial data server could raise flags, but the clear quantitative threshold of downloading more than 10 files makes it a decisive trigger.

Question 4 of 139

Refer to the exhibit. A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender?
Exam 350-201: Question 4 - Image 1

packet sniffer

malware analysis

SIEM

firewall manager

Correct Answer: A

To identify the source IP of the offender, the analyst should use a packet sniffer. Packet sniffers, like Wireshark, capture and analyze the data packets traveling through the network. They can provide detailed information about the source and destination IP addresses, which is crucial in identifying the origin of suspicious connections. This allows the security analyst to pinpoint the source IP of the potential attacker by examining the network traffic in detail.

Question 5 of 139

Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded from this report?

The prioritized behavioral indicators of compromise do not justify the execution of the ג€ransomwareג€ because the scores do not indicate the likelihood of malicious ransomware.

The prioritized behavioral indicators of compromise do not justify the execution of the ג€ransomwareג€ because the scores are high and do not indicate the likelihood of malicious ransomware.

The prioritized behavioral indicators of compromise justify the execution of the ג€ransomwareג€ because the scores are high and indicate the likelihood that malicious ransomware has been detected.

The prioritized behavioral indicators of compromise justify the execution of the ג€ransomwareג€ because the scores are low and indicate the likelihood that malicious ransomware has been detected.

Correct Answer: C

The prioritized behavioral indicators of compromise justify the execution of the 'ransomware' because the scores are high and indicate the likelihood that malicious ransomware has been detected. The report shows multiple indicators with high severity and confidence levels. For instance, 'CTB Locker Detected' and 'Generic Ransomware Detected' both have severity and confidence scores of 100, strongly suggesting that ransomware activity has been detected.