Cisco 200-201 Exam Actual Questions –
Exam 2025 With 100% Correct Answers
What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously - correct answers ✔✔B
Which principle is being followed when an analyst gathers information relevant to a security incident to
determine the appropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence - correct answers ✔✔A
What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. SOAR receives information from a single platform and delivers it to a SIEM
D. SIEM receives information from a single platform and delivers it to a SOAR - correct answers ✔✔A
,What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
B. MAC is the strictest of all levels of control and DAC is object-based access
C. DAC is controlled by the operating system and MAC is controlled by an administrator
D. DAC is the strictest of all levels of control and MAC is object-based access - correct answers ✔✔B
Which security principle is violated by running all processes as root or administrator?
A. principle of least privilege
B. role-based access control
C. separation of duties
D. trusted computing base - correct answers ✔✔A
What is the difference between a threat and a risk?
A. Threat represents a potential danger that could take advantage of a weakness, while the risk is the
likelihood of a compromise or damage of an asset.
B. Risk represents the known and identified loss or danger in the system, while threat is a non-identified
impact of possible risks.
C. Risk is the unintentional possibility of damages or harm to infrastructure, while the threats are certain
and intentional.
D. Threat is a state of being exposed to an attack or a compromise, while risk is the calculation of
damage or potential loss affecting the organization from an exposure. - correct answers ✔✔A
, risk is the likelihood ./threat potential danger
A network engineer discovers that a foreign government hacked one of the defense contractors in their
home country and stole intellectual property. What is the threat agent in this situation?
A. the intellectual property that was stolen
B. the defense contractor who stored the intellectual property
C. the method used to conduct the attack
D. the foreign government that conducted the attack - correct answers ✔✔D
Threat agent and Threat actor are the same
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The
agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the
webserver. Which event category is described?
A. reconnaissance
B. action on objectives
C. installation
D. exploitation - correct answers ✔✔D
What is the relationship between a vulnerability and a threat?
A. A threat exploits a vulnerability
B. A vulnerability is a calculation of the potential loss caused by a threat
C. A vulnerability exploits a threat
Exam 2025 With 100% Correct Answers
What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously - correct answers ✔✔B
Which principle is being followed when an analyst gathers information relevant to a security incident to
determine the appropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence - correct answers ✔✔A
What is a difference between SOAR and SIEM?
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
C. SOAR receives information from a single platform and delivers it to a SIEM
D. SIEM receives information from a single platform and delivers it to a SOAR - correct answers ✔✔A
,What is the difference between mandatory access control (MAC) and discretionary access control (DAC)?
A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator
B. MAC is the strictest of all levels of control and DAC is object-based access
C. DAC is controlled by the operating system and MAC is controlled by an administrator
D. DAC is the strictest of all levels of control and MAC is object-based access - correct answers ✔✔B
Which security principle is violated by running all processes as root or administrator?
A. principle of least privilege
B. role-based access control
C. separation of duties
D. trusted computing base - correct answers ✔✔A
What is the difference between a threat and a risk?
A. Threat represents a potential danger that could take advantage of a weakness, while the risk is the
likelihood of a compromise or damage of an asset.
B. Risk represents the known and identified loss or danger in the system, while threat is a non-identified
impact of possible risks.
C. Risk is the unintentional possibility of damages or harm to infrastructure, while the threats are certain
and intentional.
D. Threat is a state of being exposed to an attack or a compromise, while risk is the calculation of
damage or potential loss affecting the organization from an exposure. - correct answers ✔✔A
, risk is the likelihood ./threat potential danger
A network engineer discovers that a foreign government hacked one of the defense contractors in their
home country and stole intellectual property. What is the threat agent in this situation?
A. the intellectual property that was stolen
B. the defense contractor who stored the intellectual property
C. the method used to conduct the attack
D. the foreign government that conducted the attack - correct answers ✔✔D
Threat agent and Threat actor are the same
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The
agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the
webserver. Which event category is described?
A. reconnaissance
B. action on objectives
C. installation
D. exploitation - correct answers ✔✔D
What is the relationship between a vulnerability and a threat?
A. A threat exploits a vulnerability
B. A vulnerability is a calculation of the potential loss caused by a threat
C. A vulnerability exploits a threat
