Free 200-201 CBROPS Practice Test

Prepare smarter for your 200-201 exam with our free, accurate, and 2025-updated questions.

At Cert Empire, we are committed to providing the best and the latest exam questions to the aspiring students who are preparing for CISCO 200-201 Exam. To help the students prepare better, we have made sections of our 200-201 exam preparation resources free for all. You can practice as much as you can with Free 200-201 Practice Test.

Get 200-201 Exam Dumps

CISCO 200-201 Free Exam Questions

Disclaimer

Please keep a note that the demo questions are not frequently updated. You may as well find them in open communities around the web. However, this demo is only to depict what sort of questions you may find in our original files.

Nonetheless, the premium exam dumps files are frequently updated and are based on the latest exam syllabus and real exam questions.

1 / 60

Which open-sourced packet capture tool uses Linux and Mac OS X operating systems?

Netsh

Tcpdump

NetScout

SolarWinds

2 / 60

What is the relationship between a vulnerability and a threat?

A vulnerability exploits a threat

A threat exploits a vulnerability

A threat is a calculation of the potential loss caused by a vulnerability

A vulnerability is a calculation of the potential loss caused by a threat

3 / 60

Which security principle is violated by running all processes as root or administrator?

Separation of duties

Trusted computing base

Principle of least privilege

Role-based access control

4 / 60

An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?

Best evidence

Indirect evidence

Forensic evidence

Corroborative evidence

5 / 60

Refer to the exhibit. Which event is occurring?

A binary is being submitted to run on VM cuckoo1

A binary on VM cuckoo1 is being submitted for evaluation

A URL is being evaluated to see if it has a malicious binary

A binary named "submit" is running on VM cuckoo1

6 / 60

When an event is investigated, which type of data provides the investigate capability to determine if data exfiltration has occurred?

Firewall logs

NetFlow data

Session data

Full packet capture

7 / 60

What does the Zero Trust security model signify?

Zero Trust security means that no one is trusted by default from inside or outside the network

Zero Trust states that no users should be given enough privileges to misuse the system on their own

Zero Trust states that unless a subject is given explicit access to an object, it should be denied access to that object

Zero Trust addresses access control and states that an individual should have only the minimum access privileges necessary to perform specific tasks

8 / 60

An engineer needs to discover alive hosts within the 192.168.1.0/24 range without triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish this goal?

nmap ג€"sP 192.168.1.0/24

nmap -sL 192.168.1.0/24

nmap -sV 192.168.1.0/24

nmap --top-ports 192.168.1.0/24

9 / 60

At a company party a guest asks questions about the company's user account format and password complexity. How is this type of conversation classified?

Piggybacking

Phishing attack

Social Engineering

Password Revelation Strategy

10 / 60

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

Replay

Dictionary

Known-plaintext

Man-in-the-middle

11 / 60

Refer to the exhibit. What is occurring in this network?

DNS cache poisoning

ARP cache poisoning

MAC flooding attack

MAC address table overflow

12 / 60

Which type of data consists of connection level, application-specific records generated from network traffic?

Alert data

Location data

Statistical data

Transaction data

13 / 60

What is the difference between the ACK flag and the RST flag in the NetFlow log session?

The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection

The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete

The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection

The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete

14 / 60

What is vulnerability management?

A process to identify and remediate existing weaknesses

A security practice focused on clarifying and narrowing intrusion points

A security practice of performing actions rather than acknowledging the threats

A process to recover from service interruptions and restore business-critical applications

15 / 60

How does a certificate authority impact security?

It validates the domain identity of the SSL certificate

It validates client identity when communicating with the server

It authenticates client identity when requesting an SSL certificate

It authenticates domain identity when requesting an SSL certificate

16 / 60

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within
48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

Victims of the attack

Perpetrators of the attack

Customer assets that are threatened

Company assets that are threatened

17 / 60

What specific type of analysis is assigning values to the scenario to see expected outcomes?

Exploratory

Descriptive

Deterministic

Probabilistic

18 / 60

Which metric in CVSS indicates an attack that takes a destination bank account number and replaces it with a different bank account number?

Scope

Integrity

Availability

Confidentiality

19 / 60

What is the practice of giving an employee access to only the resources needed to accomplish their job?

Separation of duties

Principle of least privilege

Organizational separation

Need to know principle

20 / 60

What is the virtual address space for a Windows process?

Physical location of an object in memory

Set of pages that reside in the physical memory

Set of virtual memory addresses that can be used

System-level memory protection feature built into the operating system

21 / 60

What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?

MAC is the strictest of all levels of control and DAC is object-based access

DAC is the strictest of all levels of control and MAC is object-based access

DAC is controlled by the operating system and MAC is controlled by an administrator

MAC is controlled by the discretion of the owner and DAC is controlled by an administrator

22 / 60

Which event is user interaction?

Gaining root access

Executing remote code

Opening a malicious file

Reading and writing file permission

23 / 60

Which security principle requires more than one person is required to perform a critical task?

Need to know

Due diligence

Least privilege

Separation of duties

24 / 60

Refer to the exhibit. In which Linux log file is this output found?

var/log/var.log

/var/log/dmesg

/var/log/auth.log

/var/log/authorization.log

25 / 60

An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network.
Which testing method did the intruder use?

Tailgating

Piggybacking

Eavesdropping

Social engineering

26 / 60

An engineer is investigating a case of the unauthorized usage of the `Tcpdump` tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?

Tagged ports being used on the network

All firewall alerts and resulting mitigations

All information and data within the datagram

Tagged protocols being used on the network

27 / 60

Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?

NetFlow

Syslog messages

Firewall event logs

Full packet capture

28 / 60

Which list identifies the information that the client sends to the server in the negotiation phase of the TLS handshake?

ClientStart, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

ClientHello, TLS versions it supports, cipher-suites it supports, and suggested compression methods

ClientHello, ClientKeyExchange, cipher-suites it supports, and suggested compression methods

ClientStart, TLS versions it supports, cipher-suites it supports, and suggested compression methods

29 / 60

Which data type is necessary to get information about source/destination ports?

Alert data

Session data

Statistical data

Connectivity data

30 / 60

An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?

The threat actor gained access to the system by known credentials

The threat actor used the teardrop technique to confuse and crash login services

The threat actor used a dictionary-based password attack to obtain credentials

The threat actor used an unknown vulnerability of the operating system that went undetected

31 / 60

What is a purpose of a vulnerability management framework?

Manages a list of reported vulnerabilities

Identifies, removes, and mitigates system vulnerabilities

Conducts vulnerability scans on the network

Detects and removes vulnerabilities in source code

32 / 60

What is a difference between SOAR and SIEM?

SIEM receives information from a single platform and delivers it to a SOAR

SOAR receives information from a single platform and delivers it to a SIEM

SIEM applications are used for threat and vulnerability management, but SOAR platforms are not

SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

33 / 60

What is a benefit of agent-based protection when compared to agentless protection?

It lowers maintenance costs

It provides a centralized platform

It collects and detects all traffic locally

It manages numerous devices simultaneously

34 / 60

What causes events on a Windows system to show Event Code 4625 in the log messages?

The system detected an XSS attack

Another device is gaining root access to the system

Someone is trying a brute force attack on the network

A privileged user successfully logged into the system

35 / 60

A SOC analyst is investigating an incident that involves a Linux system that is identifying specific sessions.
Which identifier tracks an active program?

Process identification number

Runtime identification number

Application identification number

Active process identification number

36 / 60

What is an attack surface as compared to a vulnerability?

Any potential danger to an asset

The individuals who perform an attack Question

An exploitable weakness in a system or its design

The sum of all paths for data into and out of the environment

37 / 60

Refer to the exhibit. What does the output indicate about the server with the IP address 172.18.104.139?

Open ports of a web server

Open port of an FTP server

Open ports of an email server

Running processes of the server

38 / 60

What is indicated by an increase in IPv4 traffic carrying protocol 41?

Unauthorized peer-to-peer traffic

Additional PPTP traffic due to Windows clients

Attempts to tunnel IPv6 traffic through an IPv4 network

Deployment of a GRE network on top of an existing Layer 3 network

39 / 60

Refer to the exhibit. What is occurring in this network traffic?

Flood of SYN packets coming from a single source IP to a single destination IP

Flood of ACK packets coming from a single source IP to multiple destination IPs

High rate of SYN packets being sent from a multiple source towards a single destination IP

High rate of ACK packets being sent from a single source IP towards multiple destination IPs

40 / 60

Which security technology guarantees the integrity and authenticity of all messages transferred to and from a web application?

VPN

Tunneling

SSL Certificate

Hypertext Transfer Protocol

41 / 60

Which security monitoring data type requires the largest storage space?

Full packet capture

Session data

Statistical data

Transaction data

42 / 60

Refer to the exhibit. Which kind of attack method is depicted in this string?

SQL injection

Denial of service

Man-in-the-middle

Cross-site scripting

43 / 60

What is an example of social engineering attacks?

Receiving an invitation to the department's weekly WebEx meeting

Sending a verbal request to an administrator who knows how to change an account password

Receiving an email from human resources requesting a visit to their secure website to update contact information

Receiving an unexpected email from an unknown person with an attachment from someone in the same company

44 / 60

Refer to the exhibit. What should be interpreted from this packet capture?

81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP protocol

81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol

192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol

192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol

45 / 60

Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?

The file has an embedded non-Windows executable but no suspicious features are identified

The file has an embedded executable and was matched by PEiD threat signatures for further analysis

The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis

The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date

46 / 60

Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

Forgery attack

Plaintext-only attack

Ciphertext-only attack

Meet-in-the-middle attack

47 / 60

Refer to the exhibit. Which type of log is displayed?

Sys

IDS

Proxy

NetFlow

48 / 60

Refer to the exhibit. Which type of log is displayed?

Sys

IDS

Proxy

NetFlow

49 / 60

What makes HTTPS traffic difficult to monitor?

Encryption

SSL interception

Packet header size

Signature detection time

50 / 60

A security incident occurred with the potential of impacting business services. Who performs the attack?

Malware author

Bug bounty hunter

Threat actor

Direct competitor

51 / 60

Which event is a vishing attack?

Using a vulnerability scanner on a corporate network

Impersonating a tech support agent during a phone call

Setting up a rogue access point near a public hotspot

Obtaining disposed documents from an organization

52 / 60

When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.
Which information is available on the server certificate?

Server name, trusted CA, and public key

Trusted CA name, cipher suites, and private key

Trusted subordinate CA, public key, and cipher suites

Server name, trusted subordinate CA, and private key

53 / 60

Why is encryption challenging to security monitoring?

Encryption introduces larger packet sizes to analyze and store

Encryption analysis is used by attackers to monitor VPN tunnels

Encryption introduces additional processing requirements by the CPU

Encryption is used by threat actors as a method of evasion and obfuscation

54 / 60

What is the principle of defense-in-depth?

Access control models are involved

Several distinct protective layers are involved

Agentless and agent-based protection for security are used

Authentication, authorization, and accounting mechanisms are used

55 / 60

What does an attacker use to determine which network ports are listening on a potential target device?

Ping sweep

Port scanning

SQL injection

Man-in-the-middle

56 / 60

What is the difference between an attack vector and an attack surface?

An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network

An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions

An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities

An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities

57 / 60

What is the practice of giving employees only those permissions necessary to perform their specific role within an organization?

Need to know

Due diligence

Least privilege

Integrity validation

58 / 60

Which evasion technique is a function of ransomware?

Encoding

Encryption

Resource exhaustion

Extended sleep calls

59 / 60

What is rule-based detection when compared to statistical detection?

proof of a user's action

proof of a user's identity

Likelihood of user's action

Falsification of a user's identity

60 / 60

Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?

Data mining

Rapid response

Due diligence

Decision making

Your score is

The average score is 78%

By Wordpress Quiz plugin

Free 200-201 CBROPS Practice Test – 2025 Updated

Prepare smarter for your 200-201 exam with our free, accurate, and 2025-updated questions.

Disclaimer

[email protected]

Helpful links

top Vendors

Contact Us

[email protected]

FLASH OFFER

avail $6 DISCOUNT on YOUR PURCHASE