1. Home
  2. Cisco
  3. 200-201

Cisco 200-201 Online Practice Questions and Exam Preparation

200-201 Exam Details

  • Exam Code
    :200-201
  • Exam Name
    :Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
  • Certification
    :CyberOps Associate
  • Vendor
    :Cisco
  • Total Questions
    :543 Q&As
  • Last Updated
    :Jun 01, 2026

Cisco 200-201 Online Questions & Answers

  • Question 261:

    Refer to exhibit. An engineer is investigating an intrusion and is analyzing the pcap file.

    Which two key elements must an engineer consider? (Choose two.)

    A. variable "info" field and unchanging sequence number
    B. high volume of SYN packets with very little variance in time
    C. SYN packets acknowledged from several source IP addresses
    D. identical length of 120 and window size (64)
    E. same source IP address with a destination port 80

  • Question 262:

    What is the definition of threat intelligence in the context of cybersecurity?

    A. Update and hardening of IT infrastructure
    B. Design and implementation of advanced defense mechanisms
    C. Information and analysis related to potential security threats
    D. Design and delivery of sophisticated cyberattacks

  • Question 263:

    A company encountered a breach on its web servers using IIS 7 5 Dunng the investigation, an engineer discovered that an attacker read and altered the data on a secure communication using TLS 1 2 and intercepted sensitive information by downgrading a connection to export-grade cryptography. The engineer must mitigate similar incidents in the future and ensure that clients and servers always negotiate with the most secure protocol versions and cryptographic parameters.

    Which action does the engineer recommend?

    A. Upgrade to TLS v1 3.
    B. Install the latest IIS version.
    C. Downgrade to TLS 1.1.
    D. Deploy an intrusion detection system

  • Question 264:

    A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.

    Which type of evidence is this?

    A. best evidence
    B. prima facie evidence
    C. indirect evidence
    D. physical evidence

  • Question 265:

    Refer to the exhibit.

    A company's user HTTP connection to a malicious site was blocked according to configured policy.

    What is the source technology used for this measure?

    A. network application control
    B. firewall
    C. IPS
    D. web proxy

  • Question 266:

    Refer to the exhibit.

    Which set of actions must an engineer perform to identify and fix this issue?

    A. Reinstall the IIS server to reset certificate details to default and try to connect to the server.
    B. Remove the intermediate certificates and install the CA root certificate on each server.
    C. Implement a different version of CA authority and install intermediate certificates.
    D. Add client authentication to the certificate template, reissue, and apply the certificate.

  • Question 267:

    An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts.

    What is causing the lack of data visibility needed to detect the attack?

    A. The threat actor used a dictionary-based password attack to obtain credentials.
    B. The threat actor gained access to the system by known credentials.
    C. The threat actor used the teardrop technique to confuse and crash login services.
    D. The threat actor used an unknown vulnerability of the operating system that went undetected.

  • Question 268:

    What is a description of a man-in-the-middle network attack?

    A. After attackers penetrate a network, they can use privilege escalation to expand their reach.
    B. Attackers build botnets, large fleets of compromised devices, and use them to direct false traffic at networks or servers.
    C. It involves attackers intercepting traffic, either between a network and external sites or within a network.
    D. Attackers replicate malicious traffic as legitimate and bypass network protection solutions.

  • Question 269:

    What are two denial-of-service (DoS) attacks? (Choose two)

    A. port scan
    B. SYN flood
    C. man-in-the-middle
    D. phishing
    E. teardrop

  • Question 270:

    According to CVSS, what is a description of the attack vector score?

    A. It depends on how far away the attacker is located and the vulnerable component.
    B. The metric score will be larger when a remote attack is more likely.
    C. It depends on how many physical and logical manipulations are possible on a vulnerable component.
    D. The metric score will be larger when it is easier to physically touch or manipulate the vulnerable component.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 200-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.