Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›200-201›Objectives›Security Concepts
Objective 1.0

Security Concepts

200-201 Practice Questions

Use this page to practise Security Concepts questions for this certification. Focus on how the exam tests security concepts in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

200-201 Security Concepts — Key Topics

Security Concepts questions on this certification test your ability to deploy and manage security concepts concepts in scenario-based situations.

  • Core Security Concepts concepts and how they apply in real-world cloud scenarios.
  • How to deploy security concepts correctly and verify the outcome.
  • Troubleshooting security concepts issues by interpreting error output and system state.
  • Cloud best practices and Security Concepts design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Security Concepts

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

200-201 Security Concepts — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

An organization wants to classify data based on its sensitivity and impact if disclosed. Which security principle is being applied?

Question 3mediummultiple choice
Full question →

A SOC analyst notices repeated failed login attempts from a single IP address against multiple user accounts. Which type of attack is most likely occurring?

Question 4hardmultiple choice
Full question →

A security engineer is designing a network to prevent an attacker who gains access to a web server from easily pivoting to the internal database server. Which architecture best achieves this goal?

Question 5mediummulti select
Full question →

Which TWO security concepts are fundamental to the principle of least privilege? (Choose two.)

Question 6hardmulti select
Full question →

Which THREE are common indicators of a distributed denial-of-service (DDoS) attack? (Choose three.)

Question 7easymulti select
Full question →

Which TWO are goals of a security operations center (SOC)? (Choose two.)

Question 8mediummultiple choice
Full question →

Refer to the exhibit. A network analyst sees these firewall logs. What is the most likely interpretation?

Exhibit

Refer to the exhibit.
```
Mar  1 12:34:56.789: %ASA-5-111008: User 'admin' executed the 'configure terminal' command.
Mar  1 12:35:01.123: %ASA-4-106023: Deny tcp src outside:192.0.2.10/12345 dst inside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Mar  1 12:35:05.456: %ASA-4-106023: Deny tcp src outside:192.0.2.10/12346 dst inside:10.0.0.2/443 by access-group "OUTSIDE_IN" [0x0, 0x0]
```
Question 9hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. A security analyst reviews this ACL on a firewall between a DMZ (10.0.1.0/24) and internal network (10.0.2.0/24). What is the effect of this ACL?

Exhibit

Refer to the exhibit.
```
! Access-list for DMZ to Inside
access-list DMZ_TO_INSIDE extended permit tcp 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0 eq 3306
access-list DMZ_TO_INSIDE extended deny ip any any
```
Question 10easymultiple choice
Full question →

Refer to the exhibit. A Windows security log shows several events with Event ID 4625 (failed logon). What type of attack is indicated?

Exhibit

Refer to the exhibit.
```
Event Log:
Time: 10:00:01, Source: 192.168.1.100, Event ID: 4625, Account: Administrator
Time: 10:00:03, Source: 192.168.1.100, Event ID: 4625, Account: Admin
Time: 10:00:05, Source: 192.168.1.100, Event ID: 4625, Account: root
```
Question 11hardmultiple choice
Read the full wireless explanation →

You are a security analyst at a financial institution. The network consists of three segments: internal corporate network (10.0.0.0/24), DMZ (192.168.1.0/24) hosting a web server and an email server, and a guest wireless network (172.16.0.0/24). The firewall is configured with the following rules: (1) permit inbound HTTP/HTTPS to the web server from any; (2) permit inbound SMTP to the email server from any; (3) deny all other inbound traffic; (4) permit all outbound traffic from internal network; (5) deny all outbound traffic from guest network to internal and DMZ, but permit to internet. Recently, an employee reported that sensitive files on an internal file server (10.0.0.10) were accessed without authorization. Logs show that the access originated from an IP address in the guest network (172.16.0.50) at 3:00 AM. The guest network is open (no authentication required). The internal file server is not directly accessible from the guest network per rule (5). However, the attacker used the web server as a pivot: they compromised the web server via an unpatched vulnerability, then from the web server they connected to the internal file server. Which of the following actions would BEST prevent this type of attack in the future?

Question 12mediummultiple choice
Full question →

You are a SOC analyst monitoring traffic on a corporate network. The network uses a next-generation firewall (NGFW) with intrusion prevention system (IPS). You receive an alert that the IPS detected a SQL injection attempt against the internal web application server (10.0.1.10) from an external IP (203.0.113.5). The IPS action was set to "alert" only, not "drop". Further investigation shows that the web server logs indicate the SQL injection succeeded and data was exfiltrated to 203.0.113.5. The web application is a custom application developed in-house. The database server (10.0.1.20) contains customer PII. Which of the following is the BEST immediate action to contain the incident?

Question 13mediummultiple choice
Full question →

A security analyst is investigating a potential data exfiltration incident. The analyst notices that a large amount of data has been sent to an external IP address over port 443 during non-business hours. The company uses a proxy server that logs all outbound connections. Which action should the analyst take first to validate the suspicion?

Question 14hardmultiple choice
Full question →

A network engineer is designing a segmented network to protect a sensitive database. The database must be accessible only from a specific application server. Which security concept best describes this design?

Question 15easymulti select
Full question →

Which TWO of the following are common indicators of a denial-of-service (DoS) attack?

Question 16mediummultiple choice
Study the full ACL explanation →

An analyst reviews the ACL applied to the outside interface of a router. The analyst notices that traffic from 192.168.1.0/24 to 10.10.10.10 on port 443 is permitted, but all other traffic is denied and logged. Which of the following is a potential security issue with this ACL?

Exhibit

Refer to the exhibit.

! Output from show access-list 101
! Extended IP access list 101
!    10 permit tcp 192.168.1.0 0.0.0.255 host 10.10.10.10 eq 443
!    20 deny ip any any log
!
Question 17hardmultiple choice
Review the full subnetting walkthrough →

You are a security analyst for a mid-sized company with a flat network topology. The company uses a single firewall for internet access and has no internal segmentation. Recently, the IT team deployed a new file server running Windows Server 2019. The server was configured with default settings and placed in the same subnet as all user workstations. Two weeks later, the helpdesk receives multiple complaints about slow network performance. Upon investigation, you notice the file server's network interface is sending a high volume of broadcast traffic. Additionally, you find that the server's firewall is disabled and it is running an outdated SMBv1 protocol. The CEO is concerned about potential data loss and asks for immediate remediation. Which of the following is the most effective and immediate course of action to address the most critical security vulnerability?

Question 18mediumdrag order
Full question →

Drag and drop the steps to configure SSH access on a Cisco IOS switch into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 19mediumdrag order
Review the full routing breakdown →

Drag and drop the steps to perform a password recovery on a Cisco IOS router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediummatching
Full question →

Match each security tool to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network scanning and discovery

Packet capture and analysis

Intrusion detection and prevention

Exploitation framework for penetration testing

Security information and event management (SIEM)

Question 21mediummatching
Full question →

Match each cybersecurity framework/standard to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cybersecurity risk management framework

Information security management system standard

Payment card industry data security standard

Knowledge base of adversary tactics and techniques

Prioritized set of security best practices

Question 22easymultiple choice
Full question →

A security analyst needs to ensure data integrity. Which control best achieves this?

Question 23mediummultiple choice
Full question →

During an incident, the analyst finds that an attacker modified system files. Which security principle was primarily violated?

Question 24hardmultiple choice
Study the full AAA explanation →

A company implements a policy where users must authenticate with a password and a one-time code from a token. Which AAA component is strengthened by this policy?

Question 25easymultiple choice
Full question →

An organization deploys a firewall to block unauthorized traffic. This is an example of which type of security control?

Question 26mediummultiple choice
Full question →

A security analyst reviews logs and finds multiple failed login attempts from a single IP. This is indicative of what type of attack?

Question 27hardmultiple choice
Full question →

To protect sensitive data at rest, a company uses AES-256 encryption. This primarily ensures which security goal?

Question 28easymultiple choice
Full question →

Which principle ensures that a user cannot deny having performed an action?

Question 29mediummultiple choice
Full question →

A help desk receives a phone call from someone claiming to be from IT and requesting a password reset. What type of attack is this?

Question 30hardmultiple choice
Full question →

In a risk management process, after identifying risks, the next step is to determine the potential impact and likelihood. This is known as:

Question 31easymulti select
Full question →

Which TWO are examples of technical security controls? (Select two.)

More Security Concepts questions available in the full practice test.

Continue Practising →

Next objective

Security Monitoring

→

All 200-201 Objectives

  • 1.Security Concepts
  • 2.Security Monitoring
  • 3.Host-Based Analysis
  • 4.Network Intrusion Analysis