Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Cisco 200-201 Practice Exam with Questions & Answers | Set: 7

Questions 61

A security engineer deploys an enterprise-wide host/endpoint technology for all of the company's corporate PCs. Management requests the engineer to block a selected set of applications on all PCs.

Which technology should be used to accomplish this task?

Options:
A.

application whitelisting/blacklisting

B.

network NGFW

C.

host-based IDS

D.

antivirus/antispyware software

Cisco 200-201 Premium Access
Questions 62

Which event is user interaction?

Options:
A.

gaining root access

B.

executing remote code

C.

reading and writing file permission

D.

opening a malicious file

Questions 63

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:
A.

reconnaissance

B.

delivery

C.

action on objectives

D.

weaponization

Questions 64

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

Options:
A.

known-plaintext

B.

replay

C.

dictionary

D.

man-in-the-middle

Questions 65

Drag and drop the definition from the left onto the phase on the right to classify intrusion events according to the Cyber Kill Chain model.

200-201 Question 65

Options:
Questions 66

What are the two characteristics of the full packet captures? (Choose two.)

Options:
A.

Identifying network loops and collision domains.

B.

Troubleshooting the cause of security and performance issues.

C.

Reassembling fragmented traffic from raw data.

D.

Detecting common hardware faults and identify faulty assets.

E.

Providing a historical record of a network transaction.

Questions 67

What is the function of a command and control server?

Options:
A.

It enumerates open ports on a network device

B.

It drops secondary payload into malware

C.

It is used to regain control of the network after a compromise

D.

It sends instruction to a compromised system

Questions 68

Which step in the incident response process researches an attacking host through logs in a SIEM?

Options:
A.

detection and analysis

B.

preparation

C.

eradication

D.

containment

Questions 69

A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?

Options:
A.

reconnaissance

B.

delivery

C.

action on objectives

D.

weaponization

Questions 70

Which type of evidence supports a theory or an assumption that results from initial evidence?

Options:
A.

probabilistic

B.

indirect

C.

best

D.

corroborative

Exam Code: 200-201
Certification Provider: Cisco
Exam Name: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Last Update: Jul 17, 2025
Questions: 375