Free Cisco 350-201 Practice Questions 2026 | Performing CyberOps Using Core Security Technologies (CBRCOR)

What do 2xx HTTP response codes indicate for REST APIs?

A. additional action must be taken by the client to complete the request

B. the server takes responsibility for error status codes

C. communication of transfer protocol-level information

D. successful acceptance of the client’s request

The incident response team was notified of detected malware. The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability. Which step was missed according to the NIST incident handling guide?

A. Contain the malware

B. Install IPS software

C. Determine the escalation path

D. Perform vulnerability assessment

A security architect is working in a processing center and must implement a DLP solution to detect and prevent any type of copy and paste attempts of sensitive data within unapproved applications and removable devices. Which technical architecture must be used?

A. DLP for data in motion

B. DLP for removable data

C. DLP for data in use

D. DLP for data at rest

What is idempotence?

A. the assurance of system uniformity throughout the whole delivery process

B. the ability to recover from failures while keeping critical services running

C. the necessity of setting maintenance of individual deployment environments

D. the ability to set the target environment configuration regardless of the starting state

An organization installed a new application server for IP phones. An automated process fetched user credentials from the Active Directory server, and the application will have access to on-premises and cloud services. Which security threat should be mitigated first?

A. aligning access control policies

B. exfiltration during data transfer

C. attack using default accounts

D. data exposure from backups

A security engineer discovers that a spreadsheet containing confidential information for nine of their employees was fraudulently posted on a competitor’s website. The spreadsheet contains names, salaries, and social security numbers. What is the next step the engineer should take in this investigation?

A. Determine if there is internal knowledge of this incident

B. Check incoming and outgoing communications to identify spoofed emails.

C. Disconnect the network from Internet access to stop the phishing threats and regain control.

D. Engage the legal department to explore action against the competitor that posted the spreadsheet.

What is needed to assess risk mitigation effectiveness in an organization?

A. analysis of key performance indicators

B. compliance with security standards

C. cost-effectiveness of control measures

D. updated list of vulnerable systems

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company’s infrastructure. Which steps should an engineer take at the recovery stage?

A. Determine the systems involved and deploy available patches

B. Analyze event logs and restrict network access

C. Review access lists and require users to increase password complexity

D. Identify the attack vector and update the IDS signature list

A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator’s account was disabled. Which activity triggered the behavior analytics tool?

A. accessing the Active Directory server

B. accessing the server with financial data

C. accessing multiple servers

D. downloading more than 10 files

An organization had an incident with the network availability during which devices unexpectedly malfunctioned. An engineer is investigating the incident and found that the memory pool buffer usage reached a peak before the malfunction. Which action should the engineer take to prevent this issue from reoccurring?

A. Disable memory limit.

B. Disable CPU threshold trap toward the SNMP server.

C. Enable memory tracing notifications

D. Enable memory threshold notifications.