1. Home
  2. Cisco
  3. 200-201

Cisco 200-201 Online Practice Questions and Exam Preparation

200-201 Exam Details

  • Exam Code
    :200-201
  • Exam Name
    :Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
  • Certification
    :CyberOps Associate
  • Vendor
    :Cisco
  • Total Questions
    :543 Q&As
  • Last Updated
    :Jun 01, 2026

Cisco 200-201 Online Questions & Answers

  • Question 251:

    An engineer must compare NIST vs ISO frameworks. The engineer deeded to compare as readable documentation and also to watch a comparison video review. Using Windows 10 OS. the engineer started a browser and searched for a NIST document and then opened a new tab in the same browser and searched for an ISO document for comparison.

    The engineer tried to watch the video, but there 'was an audio problem with OS so the engineer had to troubleshoot it. At first, the engineer started CMD and looked fee a driver path then locked for a corresponding registry in the registry editor. The engineer enabled "Audiosrv" in task manager and put it on auto start and the problem was solved.

    Which two components of the OS did the engineer touch? (Choose two)

    A. permissions
    B. PowerShell logs
    C. service
    D. MBR
    E. process and thread

  • Question 252:

    Refer to the exhibit.

    A suspicious IP address is tagged by Threat Intelligence as a brute-force attempt source. After the attacker produces many of failed login entries it successfully compromises the account.

    Which stakeholder is responsible for the incident response detection step?

    A. employee 2
    B. employee 3
    C. employee 4
    D. employee 5

  • Question 253:

    Refer to the exhibit.

    Which type of attack is being executed?

    A. SQL injection
    B. cross-site scripting
    C. cross-site request forgery
    D. command injection

  • Question 254:

    Which action matches the weaponization step of the Cyber Kill Chain model?

    A. Research data on a specific vulnerability.
    B. Test and construct the appropriate malware to launch the attack.
    C. Scan a host to find open ports and vulnerabilities.
    D. Construct the appropriate malware and deliver it to the victim.

  • Question 255:

    Where is a host-based intrusion detection system located?

    A. on a dedicated proxy server monitoring egress traffic
    B. on a tap switch port
    C. on a span switch port
    D. on an end-point as an agent

  • Question 256:

    What is the key difference between mandatory access control (MAC) and discretionary access control (DAC)?

    A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
    B. MAC is the strictest of all levels of control and DAC is object-based access
    C. DAC is controlled by the operating system and MAC is controlled by an administrator
    D. DAC is the strictest of all levels of control and MAC is object-based access

  • Question 257:

    What is the difference between a vulnerability and an attack surface?

    A. A vulnerability is the risk of exploiting a weakness in the application, and the target application itself is the attack surface
    B. The attack surface is the SQL injection targeted on the database, and the database is the vulnerability that might be exploited.
    C. The attack surface is a sum of measured risks for a particular asset, and the vulnerability is an unmeasured exploitable risk
    D. A vulnerability is unsanitized user input sent to exploit a web application and the browser is the attack surface for the web application

  • Question 258:

    Which layer of the OSI model is responsible for deep packet inspection in modern firewalls?

    A. data link
    B. network
    C. transport
    D. application

  • Question 259:

    A security engineer must investigate a recent breach within the organization. An engineer noticed that a breached workstation is trying to connect to the domain "Ranso4730- mware92-647". which is known as malicious.

    In which step of the Cyber Kill Chain is this event?

    A. Vaporization
    B. Delivery
    C. reconnaissance
    D. Action on objectives

  • Question 260:

    According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it.

    Which type of attack is described?

    A. malware attack
    B. ransomware attack
    C. whale-phishing
    D. insider threat

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 200-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.