Practice 200-201 Security Concepts questions with full explanations on every answer.
Start practicing
Security Concepts — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Which element of the CIA triad is primarily concerned with preventing unauthorized access to data?
2A security analyst discovers that a malicious actor is using a technique to gather information about employees by searching social media sites. Which type of attack is being performed?
3Which of the following best describes a vulnerability?
4An organization experiences a ransomware attack where files are encrypted and a ransom is demanded. Which element of the CIA triad is most directly impacted?
5A security analyst is examining a log file and notices that the hash value of a configuration file does not match the expected value. Which security goal has been violated?
6Which of the following is an example of a symmetric encryption algorithm?
7A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The email contains a sense of urgency. Which type of attack is this?
8An attacker intercepts communication between two parties and modifies the data before forwarding it. Which type of attack is this?
9Which compliance framework specifically addresses the protection of cardholder data?
10A security analyst needs to ensure that a message has not been tampered with during transit and that the sender cannot deny sending it. Which cryptographic method should be used?
11During a security audit, it is discovered that an organization’s network is vulnerable to ARP spoofing attacks. Which type of attack could result from exploiting this vulnerability?
12An organization wants to implement a security framework that includes functions such as Identify, Protect, Detect, Respond, and Recover. Which framework aligns with this structure?
13A security analyst is investigating a potential data breach. Which two actions are examples of passive reconnaissance? (Choose two.)
14An organization is implementing a security policy to protect sensitive data. Which three are considered compliance frameworks that could guide this effort? (Choose three.)
15A security team is analyzing a malware infection. Which two characteristics are typical of a worm? (Choose two.)
16Which element of the CIA triad is primarily compromised when an attacker successfully intercepts and reads encrypted network traffic without authorization?
17A security analyst discovers that a server's configuration allows users to access files outside of their intended directory. In security terminology, what is this weakness called?
18During a penetration test, a security engineer uses publicly available information from LinkedIn and Google to gather details about employees and organizational structure. Which type of reconnaissance is being performed?
19An attacker sends an email posing as the company's IT department, asking employees to click a link and enter their credentials. Which type of social engineering attack is this?
20Which type of malware is characterized by self-replication and spreading to other systems without user interaction, often causing network congestion?
21An attacker intercepts communication between a client and a server, allowing the attacker to read, insert, and modify messages in both directions. Which type of network attack is this?
22Which cryptographic method uses the same key for both encryption and decryption, and is typically faster than asymmetric encryption?
23A security administrator needs to verify that a downloaded file has not been altered during transit. Which cryptographic technique should be used?
24What is the primary purpose of a digital certificate in a Public Key Infrastructure (PKI)?
25A company processes credit card payments and must comply with a framework that mandates specific security controls for protecting cardholder data. Which compliance framework applies?
26Which phase of the NIST Cybersecurity Framework involves actions to limit the impact of a cybersecurity incident?
27A security analyst observes repeated failed login attempts from a single external IP address, causing the authentication server to become unresponsive. Which type of attack is occurring?
28A security engineer is analyzing a recent data breach. Which TWO are examples of active reconnaissance techniques? (Select two.)
29An organization wants to ensure data integrity and non-repudiation for sensitive documents. Which THREE cryptographic mechanisms should be implemented? (Select three.)
30Which TWO of the following are examples of malware that rely on user interaction to spread? (Select two.)
31Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?
32A security analyst discovers that an employee's computer is infected with malware that encrypts files and demands payment. What type of malware is this?
33A network analyst notices a high volume of traffic from a single external IP address to multiple internal hosts on port 443. The traffic includes incomplete TCP handshakes. Which type of reconnaissance is being performed?
34What is the primary difference between symmetric and asymmetric encryption?
35A company's security policy requires that sensitive data be encrypted at rest using AES-256. Which type of encryption does AES-256 represent?
36During a security assessment, an analyst uses the Shodan search engine to find exposed industrial control systems. Which phase of the attack lifecycle does this activity represent?
37An organization needs to ensure that a document has not been altered and to verify the sender's identity. Which combination of cryptographic techniques should be used?
38Which security concept describes the potential for a threat to exploit a vulnerability, and is often expressed as a combination of likelihood and impact?
39An attacker sends an email that appears to come from the company's IT department, asking the recipient to click a link and reset their password due to a security breach. Which type of social engineering is this?
40Which compliance framework is specifically designed to protect the privacy and security of electronic health information in the United States?
41A security engineer discovers that an attacker has inserted fake entries into a DNS resolver's cache, redirecting users to a malicious website. Which attack has occurred?
42In a PKI, what is the role of a Certificate Authority (CA)?
43A security analyst is reviewing network logs and identifies several failed login attempts followed by a successful login from an unusual geographic location. Which TWO security concepts are most directly related to this scenario? (Choose two.)
44A company is implementing a new security policy to protect customer payment information. Which TWO compliance frameworks are most relevant to this requirement? (Choose two.)
45An analyst is investigating a security incident where an attacker gained access to a server by exploiting a known vulnerability. The attacker then moved laterally and exfiltrated data. Which THREE phases of the Cyber Kill Chain are evident in this scenario? (Choose three.)
46Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?
47A security analyst discovers that an attacker is using a vulnerability scanning tool to identify open ports on the company's network. Which type of attack is being performed?
48A user receives an email that appears to be from the company's IT department asking for their password to perform a security check. The email contains a link to a fake login page. Which type of social engineering attack is this?
49Which cryptographic technique uses a public and private key pair to provide non-repudiation?
50An organization is required to protect cardholder data. Which compliance framework applies to this requirement?
51Which term describes a weakness in a system that could be exploited by a threat?
52An attacker intercepts communication between a client and server and modifies the data being transmitted. The client and server are unaware of the modification. Which type of attack is being performed?
53Which type of malware is designed to replicate itself and spread to other systems without user intervention?
54A company's web server is overwhelmed by traffic from multiple compromised systems, causing it to become unresponsive to legitimate users. Which type of attack is this?
55An organization wants to ensure that data sent over the internet cannot be read if intercepted. Which cryptographic method should be used?
56A security analyst is evaluating risks and calculates that a threat has a likelihood of 0.5 and an impact of $200,000. What is the risk value?
57Which NIST Cybersecurity Framework function involves developing and implementing appropriate safeguards to ensure delivery of critical infrastructure services?
58A security analyst is investigating a network breach. Which TWO activities are examples of passive reconnaissance? (Choose two.)
59Which THREE components are part of a Public Key Infrastructure (PKI)? (Choose three.)
60A healthcare organization must comply with HIPAA. Which THREE security measures are typically required under HIPAA? (Choose three.)
61An organization implements encryption for all sensitive data at rest and in transit to prevent unauthorized access. Which element of the CIA triad is being primarily addressed?
62A security analyst discovers that an attacker used a publicly available tool to scan a company's network for open ports and services. What type of attack is this?
63Which of the following best describes the relationship between a vulnerability, threat, and risk in cybersecurity?
64A security engineer is analyzing a recent breach. The attacker gained access by sending an email that appeared to be from the CEO, requesting the recipient to transfer funds. What type of social engineering attack is this?
65An organization wants to ensure that a message has not been altered during transmission. Which cryptographic technique should be used?
66A company's web server is overwhelmed with traffic from many compromised devices, causing legitimate users to be unable to access the site. What type of attack is this?
67A security analyst is reviewing logs and notices that an attacker has intercepted and modified communications between two devices on the same network. Which attack technique is being used?
68An attacker uses a tool to capture keystrokes on a compromised system. What type of malware is most likely in use?
69A security analyst needs to verify the authenticity and integrity of a software update. The update is signed with a digital signature. Which key is used to verify the signature?
70A security analyst is investigating an incident where an attacker successfully altered DNS records to redirect users to a fake website. Which attack occurred?
71An organization must comply with a regulation that requires protecting the privacy of EU citizens' personal data. Which compliance framework applies?
72A security analyst is selecting a symmetric encryption algorithm for encrypting data at rest. Which of the following is a suitable symmetric algorithm?
73A security analyst is identifying potential vulnerabilities in the network. Which TWO of the following are examples of passive reconnaissance?
74Which THREE of the following are common types of malware?
75A security engineer is implementing controls to meet compliance requirements. Which TWO of the following frameworks are specifically designed for protecting personal data?
76Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?
77A security analyst is notified that an employee's laptop was stolen. The laptop contains sensitive customer data. Which type of threat does this incident represent?
78An attacker sends a fraudulent email that appears to come from the company's IT department, requesting that the recipient click a link and enter their login credentials. Which type of social engineering attack is this?
79Which type of malware is designed to encrypt files on a victim's system and demand payment for the decryption key?
80A security analyst is reviewing logs and notices that an attacker has intercepted and modified communications between two devices without their knowledge. Which type of attack is this?
81Which encryption method uses a single key for both encryption and decryption of data?
82An organization wants to ensure that a received email genuinely came from the claimed sender and has not been altered. Which cryptographic mechanism provides both authentication and integrity?
83Which compliance standard specifically applies to organizations that handle credit card information?
84A security analyst needs to verify that a downloaded software update has not been tampered with. The update's publisher provides a file containing a hash value. Which process should the analyst use to verify integrity?
85An attacker uses a tool to scan all IP addresses in a range to identify which hosts are online and what services are running. Which type of reconnaissance is this?
86An organization wants to ensure that a user cannot deny having sent an email. Which security goal does this address?
87Which component of the NIST Cybersecurity Framework involves taking action to stop an ongoing attack?
88A security analyst is investigating a potential data breach. The analyst identifies that the attacker used a technique to impersonate a legitimate user by spoofing the MAC address and IP address. Which TWO types of network attacks could involve these techniques? (Choose two.)
89An organization wants to protect sensitive data at rest and in transit. Which THREE cryptographic methods can provide confidentiality? (Choose three.)
90A company is implementing a security policy to reduce risk. Which THREE activities are examples of risk mitigation? (Choose three.)
91A security analyst discovers that an attacker has captured network traffic and used it to impersonate a legitimate user in a subsequent session. Which element of the CIA triad is most directly compromised in this scenario?
92A security analyst is investigating an incident where an employee received an email that appeared to be from the company's IT department, requesting the employee to verify their account by clicking a link and entering their credentials. The employee complied, and later the attacker used those credentials to access the corporate VPN. Which combination of attack types best describes this incident?
93A security analyst is reviewing logs from a web server and notices a high volume of HTTP requests from a single IP address targeting the same login page within a short time frame. The analyst suspects a brute force attack. Which TWO actions are most appropriate to mitigate this type of attack? (Choose two.)
94An organization wants to ensure the integrity of software updates downloaded from its vendor's website. The vendor provides a hash value for each update. Which TWO properties of hashing algorithms make them suitable for integrity verification? (Choose two.)
95A security analyst is assessing the risks to a company's data. The analyst identifies a vulnerability in the web application that could allow SQL injection. Which TWO terms correctly describe the elements of this risk scenario? (Choose two.)
96A security analyst is configuring a firewall to block common reconnaissance techniques. Which THREE types of reconnaissance traffic should be blocked to prevent active reconnaissance? (Choose three.)
97A security team is implementing a Public Key Infrastructure (PKI) to support digital signatures for email. Which THREE components are essential to the PKI framework? (Choose three.)
98A company needs to comply with regulations that protect personal data of EU citizens. Which TWO compliance frameworks are directly relevant to this requirement? (Choose two.)
99An analyst is investigating a malware infection on a workstation. The malware appears to be a trojan that downloads additional payloads and allows remote control. The analyst needs to classify the malware based on its behavior. Which THREE characteristics match this description? (Choose three.)
The Security Concepts domain covers the key concepts tested in this area of the 200-201 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 200-201 domains — no account required.
The Courseiva 200-201 question bank contains 99 questions in the Security Concepts domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Security Concepts domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included