Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 350-201

Cisco 350-201 Exam
Performing CyberOps Using Core Security Technologies (CBRCOR) (Page 2 )

Updated On: 1-Feb-2026
Page 2 of 29
PDF with 139 Questions

Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

  1. Limit the number of API calls that a single client is allowed to make
  2. Add restrictions on the edge router on how often a single client can access the API
  3. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
  4. Increase the application cache of the total pool of active clients that call the API

Answer(s): A



Refer to the exhibit. What is the connection status of the ICMP event?

  1. blocked by a configured access policy rule
  2. allowed by a configured access policy rule
  3. blocked by an intrusion policy rule
  4. allowed in the default action

Answer(s): B



Refer to the exhibit. For IP 192.168.1.209, what are the risk level, activity, and next step?

  1. high risk level, anomalous periodic communication, quarantine with antivirus
  2. critical risk level, malicious server IP, run in a sandboxed environment
  3. critical risk level, data exfiltration, isolate the device
  4. high risk level, malicious host, investigate further

Answer(s): A



Refer to the exhibit. An engineer is investigating a case with suspicious usernames within the active directory. After the engineer investigates and cross-correlates events from other sources, it appears that the 2 users are privileged, and their creation date matches suspicious network traffic that was initiated from the internal network 2 days prior. Which type of compromise is occurring?

  1. compromised insider
  2. compromised root access
  3. compromised database tables
  4. compromised network

Answer(s): D



A threat actor has crafted and sent a spear-phishing email with what appears to be a trustworthy link to the site of a conference that an employee recently attended. The employee clicked the link and was redirected to a malicious site through which the employee downloaded a PDF attachment infected with ransomware. The employee opened the attachment, which exploited vulnerabilities on the desktop. The ransomware is now installed and is calling back to its command and control server. Which security solution is needed at this stage to mitigate the attack?

  1. web security solution
  2. email security solution
  3. endpoint security solution
  4. network security solution

Answer(s): D



Viewing page 2 of 29
Viewing questions 6 - 10 out of 139 questions



Post your Comments and Discuss Cisco 350-201 exam prep with other Community members:

Join the 350-201 Discussion