Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

200-201 Cisco Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Cisco 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Cisco 200-201 Premium Access     Download Demo    
Page: 4 / 7
Total 409 questions

What is a scareware attack?

A.

using the spoofed email addresses to trick people into providing login credentials

B.

overwhelming a targeted website with fake traffic

C.

gaming access to your computer and encrypting data stored on it

D.

inserting malicious code that causes popup windows with flashing colors

Which HTTP header field is used in forensics to identify the type of browser used?

A.

referrer

B.

host

C.

user-agent

D.

accept-language

A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)

A.

Isolate affected endpoints and take disk images for analysis

B.

Provide security awareness training to HR managers and employees

C.

Block connection to this C&C server on the perimeter next-generation firewall

D.

Update antivirus signature databases on affected endpoints to block connections to C&C

E.

Detect the attack vector and analyze C&C connections

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?

A.

examination

B.

investigation

C.

collection

D.

reporting

What is the benefit of processing statistical data for security systems?

A.

detects suspicious behavior based on traffic baselining trends

B.

uses less CPU and RAM resources than metadata-based monitoring

C.

provides fewer false negative events than full packet capture

D.

provides full visibility based on capture of packet traffic data

What is a difference between signature-based and behavior-based detection?

A.

Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.

B.

Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.

C.

Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.

D.

Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Refer to the exhibit.

Which stakeholders must be involved when a company workstation is compromised?

A.

Employee 1 Employee 2, Employee 3, Employee 4, Employee 5, Employee 7

B.

Employee 1, Employee 2, Employee 4, Employee 5

C.

Employee 4, Employee 6, Employee 7

D.

Employee 2, Employee 3, Employee 4, Employee 5

Refer to the exhibit.

What is occurring?

A.

Identifying possible malware communications and botnet activity

B.

Monitoring of encrypted and unencrypted web sessions for diagnostics.

C.

Analysis of traffic flows during network capacity testing

D.

Review of session logs for performance optimization in a distributed application environment

Which risk approach eliminates activities posing a risk exposure?

A.

risk acknowledgment

B.

risk avoidance

C.

risk reduction

D.

risk retention

Which type of data collection requires the largest amount of storage space?

A.

alert data

B.

transaction data

C.

session data

D.

full packet capture

A security analyst reviews the firewall and observes the large number of frequent events. The analyst starts the packet capture with the Wireshark and identifies that TCP port reuse was detected incorrectly as a TCP split-handshake attack by the firewall. How must an impact from this event be categorized?

A.

false positive

B.

true positive

C.

true negative

D.

false negative

A suspicious user opened a connection from a compromised host inside an organization. Traffic was going through a router and the network administrator was able to identify this flow. The admin was following 5-tuple to collect needed data. Which information was gathered based on this approach?

A.

direct path

B.

user name

C.

protocol

D.

NAT

What describes the usage of a rootkit in endpoint based attacks?

A.

set of tools used by an attacker to maintain control of a compromised system while avoiding detection

B.

exploit that can be used to perform remote code execution

C.

set of vulnerabilities used by an attacker lo disable root access on the system

D.

remote code execution that causes a denial-of-service on the system

Refer to the exhibit. The figure shows an X 509 certificate. Which field represents the digital cryptographic algorithm used by the issuer to sign the certificate?

A.

Signature Algorithm

B.

Timestamp

C.

Fingerprints

D.

Log Operator

What is a description of "phishing" as a social engineering attack"?

A.

Someone without the proper authentication follows an authenticated employee into a restricted area The attacker might impersonate a delivery driver and wait outside a building to get things started

B.

A hacker masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message The recipient is then tricked into clicking a malicious link.

C.

The attacker focuses on creating a good pretext or a fabricated scenario that is used to try and steal victims' personal information

D.

Fake Social Security Administration personnel contact random individuals inform them that there has been a computer problem on their end and ask that those individuals confirm their Social Security Number, all for the purpose of committing identity theft.

Drag and drop the security concept from the left onto the example of that concept on the right.

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

A.

by most active source IP

B.

by most used ports

C.

based on the protocols used

D.

based on the most used applications

Refer to the exhibit.

What is occurring in this network?

A.

ARP cache poisoning

B.

DNS cache poisoning

C.

MAC address table overflow

D.

MAC flooding attack

What is the purpose of a ransomware attack?

A.

to make files inaccessible by encrypting the data

B.

to decrypt encrypted data and disks

C.

to send keystrokes to a threat actor

D.

to escalate privileges

A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?

A.

weaponization

B.

delivery

C.

exploitation

D.

reconnaissance

Cisco 200-201 Premium Access     Download Demo    
Page: 4 / 7
Total 409 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved