200-201 Practice Questions & Online Exam Preparation

200-201 Exam Details

Exam Code
:200-201
Exam Name
:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Certification
:CyberOps Associate
Vendor
:Cisco
Total Questions
:543 Q&As
Last Updated
:May 24, 2026

Cisco 200-201 Online Questions & Answers

Question 121:

Refer to the exhibit.
Which stakeholders must be involved when a company workstation is compromised?
A. Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7
B. Employee 1, Employee 2, Employee 4, Employee 5
C. Employee 4, Employee 6, Employee 7
D. Employee 2, Employee 3, Employee 4, Employee 5

D. Employee 2, Employee 3, Employee 4, Employee 5
Question 122:

What are the three critical security principles or goals of the CIA triad?
A. Protect the confidentiality of data, and ensure that protected data is unaltered at all stages and available for permitted requesters.
B. Validate the copyright of the data, and ensure that individual data owners are protected with a defense-in-depth approach.
C. Ensure that the connections are safe and the data delivery is improved continuously with appropriate monitoring and cross-checks.
D. Implement data tags to identify critical assets and data for preserving the secretness, and develop policies and procedures for accessing data.

A. Protect the confidentiality of data, and ensure that protected data is unaltered at all stages and available for permitted requesters.
Question 123:

An organization recently experienced a major incident in which servers were attacked and data integrity was compromised. The attacker exploited a vulnerability in TLS 1.2 and performed a man-in-the-middle attack by downgrading the connection.
Which action should a security specialist take to prevent similar attacks in the future?
A. Upgrade to TLS 1.3 or a higher version
B. Deploy a network monitoring solution
C. Update IIS server versions
D. Install a lower version of TLS such as 1.1

A. Upgrade to TLS 1.3 or a higher version
Explanation
Transport Layer Security (TLS) is a cryptographic protocol designed to provide confidentiality, integrity, and authentication for network communications. Older versions of TLS, including TLS 1.2, are susceptible to downgrade attacks when not properly configured. In a downgrade attack, an attacker forces communicating parties to fall back to a weaker or less secure protocol version, enabling man-in-the-middle exploitation. TLS 1.3 was specifically designed to mitigate these risks by removing insecure cryptographic algorithms, eliminating legacy handshake mechanisms, and enforcing stronger cipher suites. It also reduces the attack surface by simplifying the handshake process and providing built-in protections against downgrade attacks.
Option B is insufficient because monitoring alone does not prevent cryptographic weaknesses.
Option C may improve general security posture but does not directly address protocol-level downgrade vulnerabilities.
Option D significantly weakens security and would increase exposure. Cybersecurity best practices and operations documentation strongly recommend disabling outdated TLS versions and enforcing TLS 1.3 wherever possible to ensure robust protection against MITM and downgrade attacks.
Therefore, upgrading to TLS 1.3 or higher is the correct preventive action.
Question 124:

Which category relates to improper use or disclosure of PII data?
A. legal
B. compliance
C. regulated
D. contractual

C. regulated
Question 125:

Refer to the exhibit.
A SOC engineer is analyzing the provided Cuckoo Sandbox report for a file that has been downloaded from an URL, received via email.
What is the state of this file?
A. The file was identified as PE32 executable for MS Windows and the Yara filed lists it as Trojan.
B. The file was detected as executable and was matched by PEiD threat signatures for further analysis.
C. The file was detected as executable, but no suspicious features are identified.
D. The calculated SHA256 hash of the file was matched and identified as malicious.

A. The file was identified as PE32 executable for MS Windows and the Yara filed lists it as Trojan.
Question 126:

What is the primary purpose of a command-and-control (C2) server in a cyberattack?
A. to scan open ports on a network
B. to distribute software updates
C. to send instructions to compromised systems
D. to block malicious traffic

C. to send instructions to compromised systems
Explanation
A command-and-control (C2) server is a central system used by attackers to communicate with compromised devices. Once malware infects a host, it establishes a connection to the C2 server, allowing the attacker to send commands such as executing files, exfiltrating data, or launching further attacks. This communication is often encrypted or disguised as legitimate traffic to avoid detection. Port scanning (A) is typically performed during reconnaissance. Distributing updates (B) is a legitimate administrative function, not related to attacks. Blocking traffic (D) is the role of defensive systems like firewalls. C2 infrastructure is a critical component of many advanced threats, including botnets and ransomware campaigns. Detecting C2 activity often involves analyzing outbound traffic patterns, DNS queries, and known malicious domains. Disrupting C2 communication can effectively neutralize an attack by isolating compromised systems from attacker control.
Question 127:

Which process represents the application-level allow list?
A. allowing everything and denying specific executable files
B. allowing everything and denying specific applications protocols
C. allowing specific files and deny everything else
D. allowing specific format files and deny executable files

C. allowing specific files and deny everything else
Question 128:

Refer to the exhibit.
Which application protocol is in this PCAP file?
A. SSH
B. TCP
C. TLS
D. HTTP

C. TLS
Question 129:

An analyst performs traffic analysis to detect suspicious activity and identifies the multiple UDP connections through the same port.
Which technology makes this behavior feasible?
A. TOR
B. ACL
C. P2P
D. NAT

C. P2P
Question 130:

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?
A. Hypertext Transfer Protocol
B. SSL Certificate
C. Tunneling
D. VPN

B. SSL Certificate

Related Exams:

200-201
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 200-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.

Cisco 200-201 Online Practice Questions and Exam Preparation

200-201 Exam Details

Exam Code

Exam Name

Certification

Vendor

Total Questions

Last Updated

Cisco 200-201 Online Questions & Answers

Question 121:

Question 122:

Question 123:

Question 124:

Question 125:

Question 126:

Question 127:

Question 128:

Question 129:

Question 130:

Related Exams:

200-201

Tips on How to Prepare for the Exams