Available Number of Questions: Maximum of
139 Questions
Exam Name: Performing CyberOps Using Core Security Technologies
Related Certification(s):
Cisco Certified CyberOps Professional Certification
Cisco 350-201 Exam Topics - You’ll Be Tested in Actual Exam
Expect the exam to care less about memorized trivia and more about whether you can think like a working analyst under time pressure. Fundamentals matter, but mostly as the glue for everything else, so you need to recognize what normal looks like in networks and endpoints, then spot when it is off and explain why. The heavier lift is techniques, where you translate observations into security meaning, connect artifacts to likely activity, and choose the next best analytic move without overreaching. You will bounce between understanding data sources and interpreting them, and you are judged on judgment as much as recall. Processes show up as the reality check. Can you follow a defensible flow from detection to triage to escalation, and keep your notes and handoffs consistent enough that another analyst could pick up the thread. Automation is there to test whether you can speed up the boring parts without breaking the investigation, by knowing what should be automated and what still needs a human call. A common tripwire is treating techniques as isolated tricks instead of tying them back to fundamentals and then expressing the result in a process friendly way. Study by practicing short scenarios in your head, because on exam day you will need to decide, quickly, what you trust and what you would verify next.
Cisco 350-201 Exam Short Quiz
Attempt this Cisco 350-201 exam quiz to self-assess your preparation for the actual Cisco Performing CyberOps Using Core Security Technologies exam. CertBoosters also provides premium Cisco 350-201 exam questions to pass the Cisco Performing CyberOps Using Core Security Technologies exam in the shortest possible time. Be sure to try our free practice exam software for the Cisco 350-201 exam.
1of 0 questions |
Cisco 350-201 Exam Quiz
✓ 0 answered
🔖 0 bookmarked
Cisco350-201
Q1:
An analyst received multiple alerts on the SIEM console of users that are navigating to malicious URLs. The analyst needs to automate the task of receiving alerts and processing the data for further investigations. Three variables are available from the SIEM console to include in an automation script: console_ip, api_token, and reference_set_name. What must be added to this script to receive a successful HTTP response?
#!/usr/bin/python import sys import requests
○
A{1}, {2}
○
B{1}, {3}
○
Cconsole_ip, api_token
○
Dconsole_ip, reference_set_name
Cisco350-201
Q2:
A cloud engineer needs a solution to deploy applications on a cloud without being able to manage and control the server OS. Which type of cloud environment should be used?
○
AIaaS
○
BPaaS
○
CDaaS
○
DSaaS
Cisco350-201
Q3:
A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?
○
ABlock local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
○
BInform the user by enabling an automated email response when the rule is triggered.
○
CInform the incident response team by enabling an automated email response when the rule is triggered.
○
DCreate an automation script for blocking URLs on the firewall when the rule is triggered.
Cisco350-201
Q4:
Refer to the exhibit.
An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?
○
AThe file is redirecting users to a website that requests privilege escalations from the user.
○
BThe file is redirecting users to the website that is downloading ransomware to encrypt files.
○
CThe file is redirecting users to a website that harvests cookies and stored account information.
○
DThe file is redirecting users to a website that is determining users' geographic location.
Cisco350-201
Q5:
A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor's website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?
○
ADetermine if there is internal knowledge of this incident.
○
BCheck incoming and outgoing communications to identify spoofed emails.
○
CDisconnect the network from Internet access to stop the phishing threats and regain control.
○
DEngage the legal department to explore action against the competitor that posted the spreadsheet.