Cisco 200-201 Practice Exams
Last updated on Apr 01,2025- Exam Code: 200-201
- Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Certification Provider: Cisco
- Latest update: Apr 01,2025
An analyst is investigating an incident in a SOC environment.
Which method is used to identify a session from a group of logs?
- A . sequence numbers
- B . IP identifier
- C . 5-tuple
- D . timestamps
What specific type of analysis is assigning values to the scenario to see expected outcomes?
- A . deterministic
- B . exploratory
- C . probabilistic
- D . descriptive
What is the principle of defense-in-depth?
- A . Agentless and agent-based protection for security are used.
- B . Several distinct protective layers are involved.
- C . Access control models are involved.
- D . Authentication, authorization, and accounting mechanisms are used.
Which metric is used to capture the level of access needed to launch a successful attack?
- A . privileges required
- B . user interaction
- C . attack complexity
- D . attack vector
Which piece of information is needed for attribution in an investigation?
- A . proxy logs showing the source RFC 1918 IP addresses
- B . RDP allowed from the Internet
- C . known threat actor behavior
- D . 802.1x RADIUS authentication pass arid fail logs
What are two social engineering techniques? (Choose two.)
- A . privilege escalation
- B . DDoS attack
- C . phishing
- D . man-in-the-middle
- E . pharming
During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
- A . examination
- B . investigation
- C . collection
- D . reporting
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
- A . Untampered images are used in the security investigation process
- B . Tampered images are used in the security investigation process
- C . The image is tampered if the stored hash and the computed hash match
- D . Tampered images are used in the incident recovery process
- E . The image is untampered if the stored hash and the computed hash match
An analyst is exploring the functionality of different operating systems.
What is a feature of Windows Management Instrumentation that must be considered when deciding on an operating system?
- A . queries Linux devices that have Microsoft Services for Linux installed
- B . deploys Windows Operating Systems in an automated fashion
- C . is an efficient tool for working with Active Directory
- D . has a Common Information Model, which describes installed hardware and software
What is a difference between SOAR and SIEM?
- A . SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
- B . SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
- C . SOAR receives information from a single platform and delivers it to a SIEM
- D . SIEM receives information from a single platform and delivers it to a SOAR