Free Cisco 200-201 Practice Questions 2026 | Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Which attack represents the evasion technique of resource exhaustion?

A.

SQL injection

B.

man-in-the-middle

C.

bluesnarfing

D.

denial-of-service

An engineer is addressing a connectivity issue between two servers where the remote server is unable to establish a successful session. Initial checks show that the remote server is not receiving an SYN-ACK while establishing a session by sending the first SYN. What is causing this issue?

A.

incorrect TCP handshake

B.

incorrect UDP handshake

C.

incorrect OSI configuration

D.

incorrect snaplen configuration

At a company party a guest asks Question about the company’s user account format and password complexity. How is this type of conversation classified?

A.

Phishing attack

B.

Password Revelation Strategy

C.

Piggybacking

D.

Social Engineering

What is an incident response plan?

A.

an organizational approach to events that could lead to asset loss or disruption of operations

B.

an organizational approach to security management to ensure a service lifecycle and continuous improvements

C.

an organizational approach to disaster recovery and timely restoration ot operational services

D.

an organizational approach to system backup and data archiving aligned to regulations

A developer is working on a project using a Linux tool that enables writing processes to obtain these required results:
If the process is unsuccessful, a negative value is returned.
If the process is successful, 0 value is returned to the child process, and the
process ID is sent to the parent process.
Which component results from this operation?

A.

parent directory name of a file pathname

B.

process spawn scheduled

C.

macros for managing CPU sets

D.

new process created by parent process

What is a difference between data obtained from Tap and SPAN ports?

A.

Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.

B.

SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.

C.

SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.

D.

Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination

An analyst received a ticket regarding a degraded processing capability for one of the HR
department's servers. On the same day, an engineer noticed a disabled antivirus software
and was not able to determine when or why it occurred. According to the NIST Incident
Handling Guide, what is the next phase of this investigation?

A.

Recovery

B.

Detection

C.

Eradication

D.

Analysis

Which event is a vishing attack?

A. obtaining disposed documents from an organization

B. using a vulnerability scanner on a corporate network

C. setting up a rogue access point near a public hotspot

D. impersonating a tech support agent during a phone call

Refer to the exhibit.

Which field contains DNS header information if the payload is a query or a response?

A. Z

B. ID

C. TC

D. QR

A security engineer must protect the company from known issues that trigger adware. Recently new incident has been raised that could harm the system. Which security concepts are present in this scenario?

A. exploit and patching

B. risk and evidence

C. analysis and remediation

D. vulnerability and threat