Cisco 200-201 Online Practice Questions and Exam Preparation

Cisco 200-201 Online Questions & Answers

• Question 241:

  What is a purpose of a vulnerability management framework?

  A. identifies, removes, and mitigates system vulnerabilities
  B. detects and removes vulnerabilities in source code
  C. conducts vulnerability scans on the network
  D. manages a list of reported vulnerabilities
  A. identifies, removes, and mitigates system vulnerabilities

• Question 242:

  An investigator is examining a copy of an ISO file that is stored in CDFS format.

  What type of evidence is this file?

  A. data from a CD copied using Mac-based system
  B. data from a CD copied using Linux system
  C. data from a DVD copied using Windows system
  D. data from a CD copied using Windows
  D. data from a CD copied using Windows

• Question 243:

  DRAG DROP

  Refer to the exhibit.

  

  Drag and drop the element name from the left onto the correct piece of the PCAP file on the right.

  Select and Place:

  

  

• Question 244:

  An employee of a company receives an email with an attachment. They notice that this email is from a suspicious source, and they decide not to open the attached file. After further investigation, a security analyst concludes that this file is malware.

  To which category of the Cyber Kill Chain model does this event belong?

  A. Weaponization
  B. Installation
  C. Exploitation
  D. Delivery
  D. Delivery

• Question 245:

  What is the primary goal of vulnerability management?

  A. to detect active attacks
  B. to identify and remediate weaknesses
  C. to encrypt sensitive data
  D. to monitor user activity
  B. to identify and remediate weaknesses

  ---

  Explanation

  Vulnerability management is a continuous process of identifying, evaluating, prioritizing, and remediating security weaknesses in systems and applications. The goal is to reduce the risk of exploitation by addressing vulnerabilities before attackers can take advantage of them. This process typically includes vulnerability scanning, risk assessment, patch management, and reporting. Detecting active attacks (A) is part of incident response or intrusion detection. Encrypting data (C) is a security control, not a management process. Monitoring user activity (D) relates to user behavior analytics. Effective vulnerability management requires coordination across teams and integration with threat intelligence to prioritize critical vulnerabilities. It is a foundational component of proactive cybersecurity strategy and helps organizations maintain compliance with security standards.

• Question 246:

  Which technology prevents end-device to end-device IP traceability?

  A. encryption
  B. load balancing
  C. NAT/PAT
  D. tunneling
  C. NAT/PAT

• Question 247:

  A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads.

  What is causing this situation?

  A. failure of the full packet capture solution
  B. misconfiguration of a web filter
  C. insufficient network resources
  D. TCP injection
  D. TCP injection

• Question 248:

  Which tool provides a full packet capture from network traffic?

  A. Nagios
  B. CAINE
  C. Hydra
  D. Wireshark
  D. Wireshark

  ---

  Explanation

  Wireshark is a widely-used network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It provides full packet capture capabilities, enabling detailed analysis of network traffic.

  References:

  This is supported by the CBROPS course materials, which discuss security monitoring and the analysis of network traffic, including full packet capture tools like Wireshark

• Question 249:

  Which security principle is violated by running all processes as root or administrator?

  A. principle of least privilege
  B. role-based access control
  C. separation of duties
  D. trusted computing base
  A. principle of least privilege

  ---

  Explanation

  Running all processes as root or administrator violates the principle of least privilege, which states that users and processes should be granted only the minimum permissions necessary to perform their specific role or function within an organization. Running all processes as root or administrator gives them full access and control over the system, which increases the risk of unauthorized actions, malicious attacks, and accidental errors. It also makes it easier for attackers to escalate their privileges and compromise the system.

  References:

  Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 1: Security Concepts, Lesson 1.2: Security Principles Cisco Certified CyberOps Associate Overview, Exam Topics, 1.1 Explain the CIA triad

• Question 250:

  What does the principle of least privilege enforce in a system?

  A. users have maximum access rights
  B. users have only necessary permissions
  C. users can share credentials
  D. users must authenticate multiple times
  B. users have only necessary permissions

  ---

  Explanation

  The principle of least privilege ensures that users and processes are granted only the minimum level of access required to perform their tasks. This reduces the attack surface and limits the potential damage if an account is compromised. For example, a user who only needs to read data should not have write or administrative permissions. Option A contradicts this principle, as excessive privileges increase risk. Sharing credentials (C) violates security best practices. Multiple authentication steps (D) relate to multi-factor authentication, not least privilege. Implementing least privilege is essential for preventing unauthorized access and reducing the impact of insider threats or compromised accounts. It is commonly enforced through role-based access control (RBAC) and periodic access reviews. This principle is foundational in cybersecurity frameworks and helps maintain system integrity and confidentiality.