Free Cisco 350-201 Practice Questions 2026 | Performing CyberOps Using Core Security Technologies (CBRCOR)

An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger. The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach. Which indicator generated this IOC event?

A. ExecutedMalware.ioc

B. Crossrider.ioc

C. ConnectToSuspiciousDomain.ioc

D. W32 AccesschkUtility.ioc

A company’s web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

A. assessment scope

B. event severity and likelihood

C. incident response playbook

D. risk model framework

A patient views information that is not theirs when they sign in to the hospital’s online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real-time. What is the first step the analyst should take to address this incident?

A. Evaluate visibility tools to determine if external access resulted in tampering

B. Contact the third-party handling provider to respond to the incident as critical

C. Turn off all access to the patient portal to secure patient records

D. Review system and application logs to identify errors in the portal code

A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?

A. Classify the criticality of the information, research the attacker’s motives, and identify missing patches

B. Determine the damage to the business, extract reports, and save evidence according to a chain of custody

C. Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited

D. Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

What is a benefit of key risk indicators?

A. clear perspective into the risk position of an organization

B. improved visibility on quantifiable information

C. improved mitigation techniques for unknown threats

D. clear procedures and processes for organizational risk

A logistic company must use an outdated application located in a private VLAN during the migration to new technologies. The IPS blocked and reported an unencrypted communication. Which tuning option should be applied to IPS?

A. Allow list only authorized hosts to contact the application’s IP at a specific port.

B. Allow list HTTP traffic through the corporate VLANS.

C. Allow list traffic to application’s IP from the internal network at a specific port.

D. Allow list only authorized hosts to contact the application’s VLAN.

A European-based advertisement company collects tracking information from partner websites and stores it on a local server to provide tailored ads. Which standard must the company follow to safeguard the resting data?

A. HIPAA

B. PCI-DSS

C. Sarbanes-Oxley

D. GDPR

An engineer detects an intrusion event inside an organization’s network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?

A. Disconnect the affected server from the network

B. Analyze the source

C. Access the affected server to confirm compromised files are encrypted

D. Determine the attack surface

A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

A. Identify the business applications running on the assets

B. Update software to patch third-party software

C. Validate CSRF by executing exploits within Metasploit

D. Fix applications according to the risk scores

An analyst wants to upload an infected file containing sensitive information to a hybridanalysis sandbox. According to the NIST.SP 800-150 guide to cyber threat information sharing, what is the analyst required to do before uploading the file to safeguard privacy?

A. Verify hash integrity

B. Remove all personally identifiable information

C. Ensure the online sandbox is GDPR compliant.

D. Lock the file to prevent unauthorized access.