Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 350-201

Cisco 350-201 Exam
Performing CyberOps Using Core Security Technologies (CBRCOR) (Page 4 )

Updated On: 1-Feb-2026
Page 4 of 29
PDF with 139 Questions

Refer to the exhibit. An employee is a victim of a social engineering phone call and installs remote access software to allow an “MS Support” technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee’s laptop and the remote technician’s system?

  1. No database files were disclosed
  2. The database files were disclosed
  3. The database files integrity was violated
  4. The database files were intentionally corrupted, and encryption is possible

Answer(s): C



A SOC analyst is notified by the network monitoring tool that there are unusual types of internal traffic on IP subnet 103.921.2239.0/24. The analyst discovers unexplained encrypted data files on a computer system that belongs on that specific subnet. What is the cause of the issue?

  1. DDoS attack
  2. phishing attack
  3. virus outbreak
  4. malware outbreak

Answer(s): D



A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled “Invoice RE: 0004489”. The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?

  1. Run and analyze the DLP Incident Summary Report from the Email Security Appliance
  2. Ask the company to execute the payload for real time analysis
  3. Investigate further in open source repositories using YARA to find matches
  4. Obtain a copy of the file for detonation in a sandbox

Answer(s): D



A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?

  1. Run the sudo sysdiagnose command
  2. Run the sh command
  3. Run the w command
  4. Run the who command

Answer(s): A


Reference:

https://eclecticlight.co/2016/02/06/the-ultimate-diagnostic-tool-sysdiagnose/



Drag and drop the function on the left onto the mechanism on the right.
Select and Place:

Exhibit A:



Exhibit B:

  1. Please refer to Exhibit B for the answer.

Answer(s): A



Viewing page 4 of 29
Viewing questions 16 - 20 out of 139 questions



Post your Comments and Discuss Cisco 350-201 exam prep with other Community members:

Join the 350-201 Discussion