Cisco Exam 200-201 Topic 1 Question 108 Discussion

Actual exam question for Cisco's 200-201 exam

Question #: 108
Topic #: 1

What is the difference between an attack vector and attack surface?

AAn attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.

BAn attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.

CAn attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.

DAn attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Show Suggested Answer

Suggested Answer: B

An attack vector is the method or technique that an attacker uses to exploit a vulnerability in a system or network. An attack vector can be a software, hardware, or human component that can be manipulated to gain unauthorized access, execute malicious code, or cause damage. An attack surface is the sum of all the possible attack vectors that are exposed by a system or network. An attack surface can be reduced by applying security measures such as patching, hardening, firewalling, and encrypting.Reference:Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 1-4;200-201 CBROPS - Cisco, exam topic 1.1.c

by Stevie at Apr 08, 2025, 01:42 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Brock

1 months ago

Hmm, this is a tricky one. I'm leaning towards A) since it seems to capture the key difference between the two concepts more clearly.

upvoted 0 times

...

Marylou

1 months ago

I think C) is the way to go. The attack surface is where the vulnerabilities are, and the attack vector is how the attacker can leverage those weak spots.

upvoted 0 times

Dorcas

9 days ago

Exactly, the attack vector is the means to get to the vulnerabilities identified in the attack surface.

upvoted 0 times

...

Lorean

12 days ago

So, the attack vector is like the path the attacker takes to exploit those vulnerabilities, right?

upvoted 0 times

...

Shanice

24 days ago

I agree, C) makes sense. The attack surface is like the target area for the attack.

upvoted 0 times

...

Chuck

2 months ago

Haha, I bet the correct answer is D. An attack vector identifies the outcome, and the attack surface is like the launch pad. Just kidding, I know that's not right.

upvoted 0 times

Marge

9 days ago

C) An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.

upvoted 0 times

...

Jesusita

12 days ago

B) An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.

upvoted 0 times

...

Gail

16 days ago

A) An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.

upvoted 0 times

...

Ezekiel

2 months ago

B) makes the most sense to me. An attack vector is the path an attacker can take to exploit a vulnerability, while the attack surface is all the potential entry points they can target.

upvoted 0 times

Ty

26 days ago

B) makes the most sense to me. An attack vector is the path an attacker can take to exploit a vulnerability, while the attack surface is all the potential entry points they can target.

upvoted 0 times

...

Gerri

30 days ago

B) An attack vector identifies components that can be exploited, and an attack surface identifies the potential path an attack can take to penetrate the network.

upvoted 0 times

...