Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications200-201DomainsSecurity Concepts
200-201Free — No Signup

Security Concepts

Practice 200-201 Security Concepts questions with full explanations on every answer.

99questions

Start practicing

Security Concepts — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

200-201 Domains

Security MonitoringNetwork Intrusion AnalysisSecurity Policies and ProceduresHost-Based AnalysisSecurity Concepts

Practice Security Concepts questions

10Q20Q30Q50Q

All 200-201 Security Concepts questions (99)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which element of the CIA triad is primarily concerned with preventing unauthorized access to data?

2

A security analyst discovers that a malicious actor is using a technique to gather information about employees by searching social media sites. Which type of attack is being performed?

3

Which of the following best describes a vulnerability?

4

An organization experiences a ransomware attack where files are encrypted and a ransom is demanded. Which element of the CIA triad is most directly impacted?

5

A security analyst is examining a log file and notices that the hash value of a configuration file does not match the expected value. Which security goal has been violated?

6

Which of the following is an example of a symmetric encryption algorithm?

7

A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The email contains a sense of urgency. Which type of attack is this?

8

An attacker intercepts communication between two parties and modifies the data before forwarding it. Which type of attack is this?

9

Which compliance framework specifically addresses the protection of cardholder data?

10

A security analyst needs to ensure that a message has not been tampered with during transit and that the sender cannot deny sending it. Which cryptographic method should be used?

11

During a security audit, it is discovered that an organization’s network is vulnerable to ARP spoofing attacks. Which type of attack could result from exploiting this vulnerability?

12

An organization wants to implement a security framework that includes functions such as Identify, Protect, Detect, Respond, and Recover. Which framework aligns with this structure?

13

A security analyst is investigating a potential data breach. Which two actions are examples of passive reconnaissance? (Choose two.)

14

An organization is implementing a security policy to protect sensitive data. Which three are considered compliance frameworks that could guide this effort? (Choose three.)

15

A security team is analyzing a malware infection. Which two characteristics are typical of a worm? (Choose two.)

16

Which element of the CIA triad is primarily compromised when an attacker successfully intercepts and reads encrypted network traffic without authorization?

17

A security analyst discovers that a server's configuration allows users to access files outside of their intended directory. In security terminology, what is this weakness called?

18

During a penetration test, a security engineer uses publicly available information from LinkedIn and Google to gather details about employees and organizational structure. Which type of reconnaissance is being performed?

19

An attacker sends an email posing as the company's IT department, asking employees to click a link and enter their credentials. Which type of social engineering attack is this?

20

Which type of malware is characterized by self-replication and spreading to other systems without user interaction, often causing network congestion?

21

An attacker intercepts communication between a client and a server, allowing the attacker to read, insert, and modify messages in both directions. Which type of network attack is this?

22

Which cryptographic method uses the same key for both encryption and decryption, and is typically faster than asymmetric encryption?

23

A security administrator needs to verify that a downloaded file has not been altered during transit. Which cryptographic technique should be used?

24

What is the primary purpose of a digital certificate in a Public Key Infrastructure (PKI)?

25

A company processes credit card payments and must comply with a framework that mandates specific security controls for protecting cardholder data. Which compliance framework applies?

26

Which phase of the NIST Cybersecurity Framework involves actions to limit the impact of a cybersecurity incident?

27

A security analyst observes repeated failed login attempts from a single external IP address, causing the authentication server to become unresponsive. Which type of attack is occurring?

28

A security engineer is analyzing a recent data breach. Which TWO are examples of active reconnaissance techniques? (Select two.)

29

An organization wants to ensure data integrity and non-repudiation for sensitive documents. Which THREE cryptographic mechanisms should be implemented? (Select three.)

30

Which TWO of the following are examples of malware that rely on user interaction to spread? (Select two.)

31

Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?

32

A security analyst discovers that an employee's computer is infected with malware that encrypts files and demands payment. What type of malware is this?

33

A network analyst notices a high volume of traffic from a single external IP address to multiple internal hosts on port 443. The traffic includes incomplete TCP handshakes. Which type of reconnaissance is being performed?

34

What is the primary difference between symmetric and asymmetric encryption?

35

A company's security policy requires that sensitive data be encrypted at rest using AES-256. Which type of encryption does AES-256 represent?

36

During a security assessment, an analyst uses the Shodan search engine to find exposed industrial control systems. Which phase of the attack lifecycle does this activity represent?

37

An organization needs to ensure that a document has not been altered and to verify the sender's identity. Which combination of cryptographic techniques should be used?

38

Which security concept describes the potential for a threat to exploit a vulnerability, and is often expressed as a combination of likelihood and impact?

39

An attacker sends an email that appears to come from the company's IT department, asking the recipient to click a link and reset their password due to a security breach. Which type of social engineering is this?

40

Which compliance framework is specifically designed to protect the privacy and security of electronic health information in the United States?

41

A security engineer discovers that an attacker has inserted fake entries into a DNS resolver's cache, redirecting users to a malicious website. Which attack has occurred?

42

In a PKI, what is the role of a Certificate Authority (CA)?

43

A security analyst is reviewing network logs and identifies several failed login attempts followed by a successful login from an unusual geographic location. Which TWO security concepts are most directly related to this scenario? (Choose two.)

44

A company is implementing a new security policy to protect customer payment information. Which TWO compliance frameworks are most relevant to this requirement? (Choose two.)

45

An analyst is investigating a security incident where an attacker gained access to a server by exploiting a known vulnerability. The attacker then moved laterally and exfiltrated data. Which THREE phases of the Cyber Kill Chain are evident in this scenario? (Choose three.)

46

Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?

47

A security analyst discovers that an attacker is using a vulnerability scanning tool to identify open ports on the company's network. Which type of attack is being performed?

48

A user receives an email that appears to be from the company's IT department asking for their password to perform a security check. The email contains a link to a fake login page. Which type of social engineering attack is this?

49

Which cryptographic technique uses a public and private key pair to provide non-repudiation?

50

An organization is required to protect cardholder data. Which compliance framework applies to this requirement?

51

Which term describes a weakness in a system that could be exploited by a threat?

52

An attacker intercepts communication between a client and server and modifies the data being transmitted. The client and server are unaware of the modification. Which type of attack is being performed?

53

Which type of malware is designed to replicate itself and spread to other systems without user intervention?

54

A company's web server is overwhelmed by traffic from multiple compromised systems, causing it to become unresponsive to legitimate users. Which type of attack is this?

55

An organization wants to ensure that data sent over the internet cannot be read if intercepted. Which cryptographic method should be used?

56

A security analyst is evaluating risks and calculates that a threat has a likelihood of 0.5 and an impact of $200,000. What is the risk value?

57

Which NIST Cybersecurity Framework function involves developing and implementing appropriate safeguards to ensure delivery of critical infrastructure services?

58

A security analyst is investigating a network breach. Which TWO activities are examples of passive reconnaissance? (Choose two.)

59

Which THREE components are part of a Public Key Infrastructure (PKI)? (Choose three.)

60

A healthcare organization must comply with HIPAA. Which THREE security measures are typically required under HIPAA? (Choose three.)

61

An organization implements encryption for all sensitive data at rest and in transit to prevent unauthorized access. Which element of the CIA triad is being primarily addressed?

62

A security analyst discovers that an attacker used a publicly available tool to scan a company's network for open ports and services. What type of attack is this?

63

Which of the following best describes the relationship between a vulnerability, threat, and risk in cybersecurity?

64

A security engineer is analyzing a recent breach. The attacker gained access by sending an email that appeared to be from the CEO, requesting the recipient to transfer funds. What type of social engineering attack is this?

65

An organization wants to ensure that a message has not been altered during transmission. Which cryptographic technique should be used?

66

A company's web server is overwhelmed with traffic from many compromised devices, causing legitimate users to be unable to access the site. What type of attack is this?

67

A security analyst is reviewing logs and notices that an attacker has intercepted and modified communications between two devices on the same network. Which attack technique is being used?

68

An attacker uses a tool to capture keystrokes on a compromised system. What type of malware is most likely in use?

69

A security analyst needs to verify the authenticity and integrity of a software update. The update is signed with a digital signature. Which key is used to verify the signature?

70

A security analyst is investigating an incident where an attacker successfully altered DNS records to redirect users to a fake website. Which attack occurred?

71

An organization must comply with a regulation that requires protecting the privacy of EU citizens' personal data. Which compliance framework applies?

72

A security analyst is selecting a symmetric encryption algorithm for encrypting data at rest. Which of the following is a suitable symmetric algorithm?

73

A security analyst is identifying potential vulnerabilities in the network. Which TWO of the following are examples of passive reconnaissance?

74

Which THREE of the following are common types of malware?

75

A security engineer is implementing controls to meet compliance requirements. Which TWO of the following frameworks are specifically designed for protecting personal data?

76

Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?

77

A security analyst is notified that an employee's laptop was stolen. The laptop contains sensitive customer data. Which type of threat does this incident represent?

78

An attacker sends a fraudulent email that appears to come from the company's IT department, requesting that the recipient click a link and enter their login credentials. Which type of social engineering attack is this?

79

Which type of malware is designed to encrypt files on a victim's system and demand payment for the decryption key?

80

A security analyst is reviewing logs and notices that an attacker has intercepted and modified communications between two devices without their knowledge. Which type of attack is this?

81

Which encryption method uses a single key for both encryption and decryption of data?

82

An organization wants to ensure that a received email genuinely came from the claimed sender and has not been altered. Which cryptographic mechanism provides both authentication and integrity?

83

Which compliance standard specifically applies to organizations that handle credit card information?

84

A security analyst needs to verify that a downloaded software update has not been tampered with. The update's publisher provides a file containing a hash value. Which process should the analyst use to verify integrity?

85

An attacker uses a tool to scan all IP addresses in a range to identify which hosts are online and what services are running. Which type of reconnaissance is this?

86

An organization wants to ensure that a user cannot deny having sent an email. Which security goal does this address?

87

Which component of the NIST Cybersecurity Framework involves taking action to stop an ongoing attack?

88

A security analyst is investigating a potential data breach. The analyst identifies that the attacker used a technique to impersonate a legitimate user by spoofing the MAC address and IP address. Which TWO types of network attacks could involve these techniques? (Choose two.)

89

An organization wants to protect sensitive data at rest and in transit. Which THREE cryptographic methods can provide confidentiality? (Choose three.)

90

A company is implementing a security policy to reduce risk. Which THREE activities are examples of risk mitigation? (Choose three.)

91

A security analyst discovers that an attacker has captured network traffic and used it to impersonate a legitimate user in a subsequent session. Which element of the CIA triad is most directly compromised in this scenario?

92

A security analyst is investigating an incident where an employee received an email that appeared to be from the company's IT department, requesting the employee to verify their account by clicking a link and entering their credentials. The employee complied, and later the attacker used those credentials to access the corporate VPN. Which combination of attack types best describes this incident?

93

A security analyst is reviewing logs from a web server and notices a high volume of HTTP requests from a single IP address targeting the same login page within a short time frame. The analyst suspects a brute force attack. Which TWO actions are most appropriate to mitigate this type of attack? (Choose two.)

94

An organization wants to ensure the integrity of software updates downloaded from its vendor's website. The vendor provides a hash value for each update. Which TWO properties of hashing algorithms make them suitable for integrity verification? (Choose two.)

95

A security analyst is assessing the risks to a company's data. The analyst identifies a vulnerability in the web application that could allow SQL injection. Which TWO terms correctly describe the elements of this risk scenario? (Choose two.)

96

A security analyst is configuring a firewall to block common reconnaissance techniques. Which THREE types of reconnaissance traffic should be blocked to prevent active reconnaissance? (Choose three.)

97

A security team is implementing a Public Key Infrastructure (PKI) to support digital signatures for email. Which THREE components are essential to the PKI framework? (Choose three.)

98

A company needs to comply with regulations that protect personal data of EU citizens. Which TWO compliance frameworks are directly relevant to this requirement? (Choose two.)

99

An analyst is investigating a malware infection on a workstation. The malware appears to be a trojan that downloads additional payloads and allows remote control. The analyst needs to classify the malware based on its behavior. Which THREE characteristics match this description? (Choose three.)

Practice all 99 Security Concepts questions

Other 200-201 exam domains

Security MonitoringNetwork Intrusion AnalysisSecurity Policies and ProceduresHost-Based Analysis

Frequently asked questions

What does the Security Concepts domain cover on the 200-201 exam?

The Security Concepts domain covers the key concepts tested in this area of the 200-201 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 200-201 domains — no account required.

How many Security Concepts questions are in the 200-201 question bank?

The Courseiva 200-201 question bank contains 99 questions in the Security Concepts domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security Concepts for 200-201?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security Concepts questions for 200-201?

Yes — the session launcher on this page draws questions exclusively from the Security Concepts domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 200-201 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

200-301SY0-701CS0-003CEH