DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Cisco 200-201 Exam Dumps | Real Exam Questions & Answers | SPOTO Practice Tests

Preparing for the Cisco 200-201 certification exam requires reliable study resources, including real exam questions and answers. Our carefully curated 200-201 exam preparation materials provide you with the tools needed to pass the exam confidently. With practice exams and 200-201 certification practice tests, you'll gain familiarity with the exam format. Whether you’re using 200-201 PDF exam dumps or 200-201 test questions and answers, you can build a solid understanding of key concepts. Our 200-201 exam braindumps also cover the latest topics, ensuring you're well-prepared. By practicing with Cisco CyberOps Associate dumps and taking advantage of 200-201 free practice tests, you’ll be ready to tackle the real exam questions with ease.
Take other online exams

Question #1
What do host-based firewalls protect workstations from?
A. ero-day vulnerabilities
B. alicious web scripts
C. nwanted traffic
D. iruse
View answer
Correct Answer: D
Question #2
Which element is included in an incident response plan as stated in NIST.SP800-61?
A. pproval of senior management
B. ecurity of sensitive information
C. ndividual approach to incident response
D. onsistent threat identificatio
View answer
Correct Answer: D
Question #3
What is a difference between inline traffic interrogation and traffic mirroring?
A. nline inspection acts on the original traffic data flow
B. raffic mirroring passes live traffic to a tool for blocking
C. raffic mirroring inspects live traffic for analysis and mitigation
D. nline traffic copies packets for analysis and securit
View answer
Correct Answer: A
Question #4
What should a security analyst consider when comparing inline traffic interrogation with traffic tapping to determine which approach to use in the network?
A. apping interrogation replicates signals to a separate port for analyzing traffic
B. apping interrogations detect and block malicious traffic
C. nline interrogation enables viewing a copy of traffic to ensure traffic is in compliance with security policies
D. nline interrogation detects malicious traffic but does not block the traffi
View answer
Correct Answer: A
Question #5
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
A. xamination
B. ollection
C. eporting
D. nvestigatio
View answer
Correct Answer: A
Question #6
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers. ASOC analyst checked the endpoints and discovered that they are infected and became part of the botnet. Endpoints are sending multiple DNS requests, but with spoofed IP addresses ofvalid external sources. What kind of attack are infected endpoints involved in?
A. NS flooding
B. NS hijacking
C. NS amplification
D. NS tunnelin
View answer
Correct Answer: C
Question #7
Which statement describes patch management?
A. canning servers and workstations for missing patches and vulnerabilities
B. rocess of appropriate distribution of system or software updates
C. anaging and keeping previous patches lists documented for audit purposes
D. orkflow of distributing mitigations of newly found vulnerabilitie
View answer
Correct Answer: A
Question #8
What is the difference between statistical detection and rule-based detection models?
A. ule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
B. tatistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
C. tatistical detection involves the evaluation of an object on its intended actions before it executes that behavior
D. ule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basi
View answer
Correct Answer: B
Question #9
What are the two differences between stateful and deep packet inspection?
A. tateful inspection is capable of packet data inspections, and deep packet inspection is not
B. eep packet inspection is capable of malware blocking, and stateful inspection is not
C. eep packet inspection operates on Layer 3 and 4, and stateful inspection operates on Layer 3 of the OSI model
D. tateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports
E. eep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP
View answer
Correct Answer: BE
Question #10
What is the difference between deep packet inspection and stateful inspection?
A. tateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention
B. eep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4
C. tateful inspection verifies data at the transport layer, and deep packet inspection verifies data at the application layer
D. eep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention
View answer
Correct Answer: B
Question #11
What is a difference between a threat and a risk?
A. risk is a flaw or hole in security, and a threat is what is being used against that flaw
B. threat is a sum of risks, and a risk itself represents a specific danger toward the asset
C. risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against
D. threat can be people, property, or information, and risk is a probability by which these threats may bring harm to the business
View answer
Correct Answer: C
Question #12
Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?
A. eplay
B. QL injection
C. ictionary
D. ross-site scriptin
View answer
Correct Answer: C
Question #13
Which option describes indicators of attack?
A. irus detection by the AV software
B. pam emails on an employee workstation
C. alware reinfection within a few minutes of removal
D. locked phishing attempt on a compan
View answer
Correct Answer: C
Question #14
Why should an engineer use a full packet capture to investigate a security breach?
A. t reconstructs the event allowing the engineer to identify the root cause by seeing what took place during the breach
B. t provides the full TCP streams for the engineer to follow the metadata to identify the incoming threat
C. t captures the TCP flags set within each packet for the engineer to focus on suspicious packets to identify malicious activity
D. t collects metadata for the engineer to analyze, including IP traffic packet data that is sorted, parsed, and indexed
View answer
Correct Answer: A
Question #15
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints, via Cisco StealthWatch. What are the two next steps of the SOC team according to the NIST.SP800-61 incident handling process?
A. rovide security awareness training to HR managers and employees
B. lock connection to this C&C server on the perimeter next-generation firewall
C. solate affected endpoints and take disk images for analysis
D. pdate antivirus signature databases on affected endpoints to block connections to C&C
E. etect the attack vector and analyze C&C connections
View answer
Correct Answer: BC
Question #16
What matches the regular expression c(rgr)+e?
A. rgrrgre
B. (rgr)e
C. e
D. rgr+
View answer
Correct Answer: A
Question #17
Which action matches the weaponization step of the Cyber Kill Chain model?
A. onstruct the appropriate malware and deliver it to the victim
B. est and construct the appropriate malware to launch the attack
C. can a host to find open ports and vulnerabilities
D. esearch data on a specific vulnerability
View answer
Correct Answer: B
Question #18
Which technique is a low-bandwidth attack?
A. hishing
B. ocial engineering
C. ession hijacking
D. vasio
View answer
Correct Answer: D
Question #19
According to CVSS, what is a description of the attack vector score?
A. t depends on how many physical and logical manipulations are possible on a vulnerable component
B. he metric score will be larger when a remote attack is more likely
C. he metric score will be larger when it is easier to physically touch or manipulate the vulnerable component
D. t depends on how far away the attacker is located and the vulnerable component
View answer
Correct Answer: B
Question #20
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim that they cannot access company servers. According to NIST SP800-61, in which phase of the incident response process is the analyst?
A. reparation
B. ontainment, eradication, and recovery
C. ost-incident activity
D. etection and analysi
View answer
Correct Answer: D
Question #21
An engineer runs a suspicious file in a sandbox analysis tool to see the outcome. The analysis report shows that outbound callouts were made post infection. Which two pieces of information from the analysis report are needed to investigate the callouts?
A. ignatures
B. ost IP addresses
C. ile size
D. ropped files
E. omain name
View answer
Correct Answer: BE
Question #22
An engineer is investigating a case of the unauthorized usage of the "tcpdump" tool. The analysis revealed that a malicious insider attempted to sniff traffic on a specific interface. What type of information did the malicious insider attempt to obtain?
A. ll firewall alerts and resulting mitigations
B. agged protocols being used on the network
C. agged ports being used on the network
D. ll information and data within the datagra
View answer
Correct Answer: D
Question #23
Which are the two score metrics as defined in CVSS v3?
A. emporal Score Metrics
B. atural Score Metrics
C. ase Score Metrics
D. efinitive Score Metrics
E. isk Score Metric
View answer
Correct Answer: AC
Question #24
According to the September 2020 threat intelligence feeds, new malware called Egregor was introduced and used in many attacks. Distribution of Egregor is primarily through a Cobalt Strike that has been installed on victim's workstations using RDP exploits. Malware exfiltrates the victim's data to a command and control server. The data is used to force victims pay or lose it by publicly releasing it. Which type of attack is described?
A. ansomware attack
B. hale-phishing
C. alware attack
D. nsider threa
View answer
Correct Answer: A
Question #25
Which NIST IR category stakeholder is responsible for coordinating incident response among various business units, minimizing damage, and reporting to regulatory agencies?
A. SIRT
B. SIRT
C. ublic affairs
D. anagemen
View answer
Correct Answer: D
Question #26
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted.What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
A. nalyze the threat
B. ecover from the threat
C. educe the probability of similar threats
D. dentify lessons learned from the threat
View answer
Correct Answer: B
Question #27
Why is HTTPS traffic difficult to screen?
A. igital certificates secure the session, and the data is sent at random intervals
B. TTPS is used internally and screening traffic for external parties is hard due to isolation
C. he communication is encrypted and the data in transit is secured
D. raffic is tunneled to a specific destination and is inaccessible to others except for the receiver
View answer
Correct Answer: C
Question #28
Which type of verification consists of using tools to compute the message digest of the original and copied data, then comparing the similarity of the digests?
A. ata integrity
B. ata preservation
C. vidence collection order
D. olatile data collection
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: