1. Home
  2. Cisco
  3. 200-201

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Exam Details

  • Exam Code
    :200-201
  • Exam Name
    :Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
  • Certification
    :CyberOps Associate
  • Vendor
    :Cisco
  • Total Questions
    :406 Q&As
  • Last Updated
    :Apr 07, 2025

Cisco CyberOps Associate 200-201 Questions & Answers

  • Question 131:

    According to the September 2020 threat intelligence feeds a new malware called Egregor was introduced and used in many attacks. Distnbution of Egregor is pnmanly through a Cobalt Strike that has been installed on victim's workstations using RDP exploits Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?

    A. malware attack

    B. ransomware attack

    C. whale-phishing

    D. insider threat

  • Question 132:

    Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same key?

    A. forgery attack

    B. plaintext-only attack

    C. ciphertext-only attack

    D. meet-in-the-middle attack

  • Question 133:

    Refer to the exhibit.

    What is the potential threat identified in this Stealthwatch dashboard?

    A. A policy violation is active for host 10.10.101.24.

    B. A host on the network is sending a DDoS attack to another inside host.

    C. There are two active data exfiltration alerts.

    D. A policy violation is active for host 10.201.3.149.

  • Question 134:

    Refer to the exhibit.

    What must be interpreted from this packet capture?

    A. IP address 192.168.88 12 is communicating with 192 168 88 149 with a source port 74 to destination port 49098 using TCP protocol

    B. IP address 192.168.88.12 is communicating with 192 168 88 149 with a source port 49098 to destination port 80 using TCP protocol.

    C. IP address 192.168.88.149 is communicating with 192.168 88.12 with a source port 80 to destination port 49098 using TCP protocol.

    D. IP address 192.168.88.149 is communicating with 192.168.88.12 with a source port 49098 to destination port 80 using TCP protocol.

  • Question 135:

    Refer to the exhibit.

    Which component is identifiable in this exhibit?

    A. Trusted Root Certificate store on the local machine

    B. Windows PowerShell verb

    C. Windows Registry hive

    D. local service in the Windows Services Manager

  • Question 136:

    When communicating via TLS, the client initiates the handshake to the server and the server responds back with its certificate for identification.

    Which information is available on the server certificate?

    A. server name, trusted subordinate CA, and private key

    B. trusted subordinate CA, public key, and cipher suites

    C. trusted CA name, cipher suites, and private key

    D. server name, trusted CA, and public key

  • Question 137:

    Which regular expression is needed to capture the IP address 192.168.20.232?

    A. ^ (?:[0-9]{1,3}\.){3}[0-9]{1,3}

    B. ^ (?:[0-9]f1,3}\.){1,4}

    C. ^ (?:[0-9]{1,3}\.)'

    D. ^ ([0-9]-{3})

  • Question 138:

    Refer to the exhibit.

    Which packet contains a file that is extractable within Wireshark?

    A. 2317

    B. 1986

    C. 2318

    D. 2542

  • Question 139:

    An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection.

    Which two pieces of information from the analysis report are needed to investigate the callouts? (Choose two.)

    A. signatures

    B. host IP addresses

    C. file size

    D. dropped files

    E. domain names

  • Question 140:

    Refer to the exhibit.

    What should be interpreted from this packet capture?

    A. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.

    B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.

    C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.

    D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP UDP protocol.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 200-201 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.