Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 151:

  Which regular expression matches "color" and "colour"?

  A. colo?ur
  B. col[08]+our
  C. colou?r
  D. col[09]+our
  C. colou?r

• Question 152:

  A system administrator is ensuring that specific registry information is accurate.

  Which type of configuration information does the HKEY_LOCAL_MACHINE hive contain?

  A. file extension associations
  B. hardware, software, and security settings for the system
  C. currently logged in users, including folders and control panel settings
  D. all users on the system, including visual settings
  B. hardware, software, and security settings for the system

  ---

  Explanation

  https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users

• Question 153:

  What is the advantage of agent-based protection compared to agentless protection?

  A. easier to manage due to the centralized platform
  B. monitors and detects traffic locally
  C. manages unlimited devices simultaneously
  D. lower resource requirements during implementation
  A. easier to manage due to the centralized platform

• Question 154:

  At which layer is deep packet inspection investigated on a firewall?

  A. internet
  B. transport
  C. application
  D. data link
  C. application

  ---

  Explanation

  Deep packet inspection is a form of packet filtering usually carried out as a function of your firewall. It is applied at the Open Systems Interconnection's application layer. Deep packet inspection evaluates the contents of a packet that is going through a checkpoint.

• Question 155:

  Refer to the exhibit.

  

  Which component is identifiable in this exhibit?

  A. Trusted Root Certificate store on the local machine
  B. Windows PowerShell verb
  C. Windows Registry hive
  D. local service in the Windows Services Manager
  C. Windows Registry hive

  ---

  Explanation

  https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-hives

  https://ldapwiki.com/wiki/HKEY_LOCAL_MACHINE#:~:text=HKEY_LOCAL_MACHINE%20Windows%20registry%20hive%20contains,detected%20hardware%20and%20device%20drivers.

• Question 156:

  Which evasion technique is indicated when an intrusion detection system begins receiving an abnormally high volume of scanning from numerous sources?

  A. resource exhaustion
  B. tunneling
  C. traffic fragmentation
  D. timing attack
  A. resource exhaustion

  ---

  Explanation

  Resource exhaustion is a type of denial-of-service attack; however, it can also be used to evade detection by security defenses. A simple definition of resource exhaustion is "consuming the resources necessary to perform an action." Cisco

  CyberOps Associate CBROPS 200-201 Official Cert Guide

• Question 157:

  Which type of attack attempts to overwhelm a system by sending excessive traffic to exhaust resources?

  A. phishing
  B. SQL injection
  C. denial-of-service
  D. privilege escalation
  C. denial-of-service

  ---

  Explanation

  A denial-of-service (DoS) attack is designed to make a system, network, or service unavailable by overwhelming it with excessive traffic or resource requests. This flood of traffic consumes bandwidth, CPU, or memory resources, preventing legitimate users from accessing the service. Distributed denial-of-service (DDoS) attacks amplify this effect by using multiple compromised systems (botnets). Phishing (A) is a social engineering attack aimed at stealing credentials. SQL injection (B) targets databases by manipulating queries. Privilege escalation (D) involves gaining higher access rights within a system. DoS attacks directly impact availability, which is one of the core components of the CIA triad. Detecting

  DoS attacks often involves monitoring traffic volume, connection rates, and unusual patterns in network flows. Mitigation strategies include rate limiting, traffic filtering, and using specialized DDoS protection services.

• Question 158:

  Refer to the exhibit.

  

  What does the message indicate?

  A. an access attempt was made from the Mosaic web browser
  B. a successful access attempt was made to retrieve the password file
  C. a successful access attempt was made to retrieve the root of the website
  D. a denied access attempt was made to retrieve the password file
  C. a successful access attempt was made to retrieve the root of the website

• Question 159:

  

  Refer to the exhibit.

  What is occurring?

  A. ARP spoofing attack
  B. man-in-the-middle attack
  C. brute-force attack
  D. denial-of-service attack
  D. denial-of-service attack

• Question 160:

  A vulnerability analyst is performing the monthly scan data review. Output data is very big and getting bigger each month. The analyst decides to create a more efficient process to complete the task on time. All false positives and true positives are excluded from the results. The remaining findings will be assigned to a technical team for further remediation.

  What is the result of such activity?

  A. False negatives must also be excluded from the data
  B. Data is filtered property and contains only valid results
  C. Exclusion is not needed and all data must be remediated
  D. Analysis is not performed correctly, and it is missing correct data
  D. Analysis is not performed correctly, and it is missing correct data