Free Cisco 200-201 Practice Questions 2026 | Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

An engineer needs to configure network systems to detect command and control communications by decrypting ingress and egress perimeter traffic and allowing network security devices to detect malicious outbound communications. Which technology should be used to accomplish the task?

A.

digital certificates

B.

static IP addresses

C.

signatures

D.

cipher suite

An engineer needs to discover alive hosts within the 192.168.1.0/24 range without
triggering intrusive portscan alerts on the IDS device using Nmap. Which command will accomplish this goal?

A.

nmap --top-ports 192.168.1.0/24

B.

nmap –sP 192.168.1.0/24

C.

nmap -sL 192.168.1.0/24

D.

nmap -sV 192.168.1.0/24

An organization's security team has detected network spikes coming from the internal network. An investigation has concluded that the spike in traffic was from intensive network scanning How should the analyst collect the traffic to isolate the suspicious host?

A.

by most active source IP

B.

by most used ports

C.

based on the protocols used

D.

based on the most used applications

A company is using several network applications that require high availability and
responsiveness, such that milliseconds of latency on network traffic is not acceptable. An engineer needs to analyze the network and identify ways to improve traffic movement to minimize delays. Which information must the
engineer obtain for this analysis?

A.

total throughput on the interface of the router and NetFlow records

B.

output of routing protocol authentication failures and ports used

C.

running processes on the applications and their total network usage

D.

deep packet captures of each application flow and duration

What is a difference between signature-based and behavior-based detection?

A.

Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.

B.

Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.

C.

Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.

D.

Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within 48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?

A.

company assets that are threatened

B.

customer assets that are threatened

C.

perpetrators of the attack

D.

victims of the attack

How is NetFlow different from traffic mirroring?

A.

NetFlow collects metadata and traffic mirroring clones data.

B.

Traffic mirroring impacts switch performance and NetFlow does not.

C.

Traffic mirroring costs less to operate than NetFlow.

D.

NetFlow generates more data than traffic mirroring.

What is a difference between SIEM and SOAR?

A.

SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.

B.

SlEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.

C.

SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.

D.

SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.

What is the relationship between a vulnerability and a threat?

A.

A threat exploits a vulnerability

B.

A vulnerability is a calculation of the potential loss caused by a threat

C.

A vulnerability exploits a threat

D.

A threat is a calculation of the potential loss caused by a vulnerability

 

Which data type is necessary to get information about source/destination ports?

A.

statistical data

B.

session data

C.

connectivity data

D.

alert data