200-201 Exam Details
-
Exam Code
:200-201 -
Exam Name
:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) -
Certification
:CyberOps Associate -
Vendor
:Cisco -
Total Questions
:543 Q&As -
Last Updated
:May 24, 2026
Cisco 200-201 Online Questions & Answers
-
Question 461:
The SOC team detected an ongoing port scan. After investigation, the team concluded that the scan was targeting the company servers.
According to the Cyber Kill Chain model, which step must be assigned to this type of event?
A. delivery
B. exploitation
C. reconnaissance
D. actions on objectives -
Question 462:
How is SQL injection prevented?
A. sanitize user input
B. address space layout randomization
C. run the web server as a nonprivileged user
D. host profiling -
Question 463:
Which piece of information is needed for attribution in an investigation?
A. proxy logs showing the source RFC 1918 IP addresses
B. RDP allowed from the Internet
C. known threat actor behavior
D. 802.1x RADIUS authentication pass arid fail logs -
Question 464:
What are two categories of DDoS attacks? (Choose two.)
A. direct
B. reflected
C. split brain
D. scanning
E. phishing -
Question 465:
What describes the defense-m-depth principle?
A. defining precise guidelines for new workstation installations
B. categorizing critical assets within the organization
C. isolating guest Wi-Fi from the focal network
D. implementing alerts for unexpected asset malfunctions -
Question 466:
Refer to the exhibit.
Which type of data filtering is provided?
A. Web
B. Firewall
C. Mail
D. Application -
Question 467:
Refer to the exhibit.
An analyst was given a PCAP file, which is associated with a recent intrusion event in the company FTP server
Which display filters should the analyst use to filter the FTP traffic?
A. dstport == FTP
B. tcp.port==21
C. tcpport = FTP
D. dstport = 21 -
Question 468:
What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously -
Question 469:
What is the difference between indicator of attack (loA) and indicators of compromise (loC)?
A. loA is the evidence that a security breach has occurred, and loC allows organizations to act before the vulnerability can be exploited.
B. loA refers to the individual responsible for the security breach, and loC refers to the resulting loss.
C. loC is the evidence that a security breach has occurred, and loA allows organizations to act before the vulnerability can be exploited.
D. loC refers to the individual responsible for the security breach, and loA refers to the resulting loss. -
Question 470:
A security engineer notices confidential data being exfiltrated to a domain "Ranso4134- mware31-895" address that is attributed to a known advanced persistent threat group.
The engineer discovers that the activity is part of a real attack and not a network misconfiguration.
Which category does this event fall under as defined in the Cyber Kill Chain?
A. reconnaissance
B. delivery
C. action on objectives
D. weaponization
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 200-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.