Cisco 200-201 Practice Exams
Last updated on Apr 14,2025- Exam Code: 200-201
- Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Certification Provider: Cisco
- Latest update: Apr 14,2025
Why is encryption challenging to security monitoring?
- A . Encryption analysis is used by attackers to monitor VPN tunnels.
- B . Encryption is used by threat actors as a method of evasion and obfuscation.
- C . Encryption introduces additional processing requirements by the CPU.
- D . Encryption introduces larger packet sizes to analyze and store.
What is the difference between statistical detection and rule-based detection models?
- A . Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
- B . Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
- C . Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior
- D . Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis
Refer to the exhibit.
Which kind of attack method is depicted in this string?
- A . cross-site scripting
- B . man-in-the-middle
- C . SQL injection
- D . denial of service
DRAG DROP
Drag and drop the security concept on the left onto the example of that concept on the right.
A security engineer has a video of a suspect entering a data center that was captured on the same day that files in the same data center were transferred to a competitor.
Which type of evidence is this?
- A . best evidence
- B . prima facie evidence
- C . indirect evidence
- D . physical evidence
At a company party a guest asks questions about the company’s user account format and password complexity.
How is this type of conversation classified?
- A . Phishing attack
- B . Password Revelation Strategy
- C . Piggybacking
- D . Social Engineering
Refer to the exhibit.
This request was sent to a web application server driven by a database.
Which type of web server attack is represented?
- A . parameter manipulation
- B . heap memory corruption
- C . command injection
- D . blind SQL injection
An engineer needs to have visibility on TCP bandwidth usage, response time, and latency, combined with deep packet inspection to identify unknown software by its network traffic flow.
Which two features of Cisco Application Visibility and Control should the engineer use to accomplish this goal? (Choose two.)
- A . management and reporting
- B . traffic filtering
- C . adaptive AVC
- D . metrics collection and exporting
- E . application recognition
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
- A . known-plaintext
- B . replay
- C . dictionary
- D . man-in-the-middle
What is the function of a command and control server?
- A . It enumerates open ports on a network device
- B . It drops secondary payload into malware
- C . It is used to regain control of the network after a compromise
- D . It sends instruction to a compromised system