Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Concepts practice sets

200-201 Security Concepts • Complete Question Bank

200-201 Security Concepts — All Questions With Answers

Complete 200-201 Security Concepts question bank — all 0 questions with answers and detailed explanations.

80
Questions
Free
No signup
Certifications/200-201/Practice Test/Security Concepts/All Questions
Question 1easymultiple choice
Read the full Security Concepts explanation →

An organization wants to classify data based on its sensitivity and impact if disclosed. Which security principle is being applied?

Question 2mediummultiple choice
Read the full Security Concepts explanation →

A SOC analyst notices repeated failed login attempts from a single IP address against multiple user accounts. Which type of attack is most likely occurring?

Question 3hardmultiple choice
Read the full Security Concepts explanation →

A security engineer is designing a network to prevent an attacker who gains access to a web server from easily pivoting to the internal database server. Which architecture best achieves this goal?

Question 4mediummulti select
Read the full Security Concepts explanation →

Which TWO security concepts are fundamental to the principle of least privilege? (Choose two.)

Question 5hardmulti select
Read the full Security Concepts explanation →

Which THREE are common indicators of a distributed denial-of-service (DDoS) attack? (Choose three.)

Question 6easymulti select
Read the full Security Concepts explanation →

Which TWO are goals of a security operations center (SOC)? (Choose two.)

Question 7mediummultiple choice
Read the full Security Concepts explanation →

Refer to the exhibit. A network analyst sees these firewall logs. What is the most likely interpretation?

Exhibit

Refer to the exhibit.
```
Mar  1 12:34:56.789: %ASA-5-111008: User 'admin' executed the 'configure terminal' command.
Mar  1 12:35:01.123: %ASA-4-106023: Deny tcp src outside:192.0.2.10/12345 dst inside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Mar  1 12:35:05.456: %ASA-4-106023: Deny tcp src outside:192.0.2.10/12346 dst inside:10.0.0.2/443 by access-group "OUTSIDE_IN" [0x0, 0x0]
```
Question 8hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. A security analyst reviews this ACL on a firewall between a DMZ (10.0.1.0/24) and internal network (10.0.2.0/24). What is the effect of this ACL?

Exhibit

Refer to the exhibit.
```
! Access-list for DMZ to Inside
access-list DMZ_TO_INSIDE extended permit tcp 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0 eq 3306
access-list DMZ_TO_INSIDE extended deny ip any any
```
Question 9easymultiple choice
Read the full Security Concepts explanation →

Refer to the exhibit. A Windows security log shows several events with Event ID 4625 (failed logon). What type of attack is indicated?

Exhibit

Refer to the exhibit.
```
Event Log:
Time: 10:00:01, Source: 192.168.1.100, Event ID: 4625, Account: Administrator
Time: 10:00:03, Source: 192.168.1.100, Event ID: 4625, Account: Admin
Time: 10:00:05, Source: 192.168.1.100, Event ID: 4625, Account: root
```
Question 10hardmultiple choice
Read the full wireless explanation →

You are a security analyst at a financial institution. The network consists of three segments: internal corporate network (10.0.0.0/24), DMZ (192.168.1.0/24) hosting a web server and an email server, and a guest wireless network (172.16.0.0/24). The firewall is configured with the following rules: (1) permit inbound HTTP/HTTPS to the web server from any; (2) permit inbound SMTP to the email server from any; (3) deny all other inbound traffic; (4) permit all outbound traffic from internal network; (5) deny all outbound traffic from guest network to internal and DMZ, but permit to internet. Recently, an employee reported that sensitive files on an internal file server (10.0.0.10) were accessed without authorization. Logs show that the access originated from an IP address in the guest network (172.16.0.50) at 3:00 AM. The guest network is open (no authentication required). The internal file server is not directly accessible from the guest network per rule (5). However, the attacker used the web server as a pivot: they compromised the web server via an unpatched vulnerability, then from the web server they connected to the internal file server. Which of the following actions would BEST prevent this type of attack in the future?

Question 11mediummultiple choice
Read the full Security Concepts explanation →

You are a SOC analyst monitoring traffic on a corporate network. The network uses a next-generation firewall (NGFW) with intrusion prevention system (IPS). You receive an alert that the IPS detected a SQL injection attempt against the internal web application server (10.0.1.10) from an external IP (203.0.113.5). The IPS action was set to "alert" only, not "drop". Further investigation shows that the web server logs indicate the SQL injection succeeded and data was exfiltrated to 203.0.113.5. The web application is a custom application developed in-house. The database server (10.0.1.20) contains customer PII. Which of the following is the BEST immediate action to contain the incident?

Question 12mediummultiple choice
Read the full Security Concepts explanation →

A security analyst is investigating a potential data exfiltration incident. The analyst notices that a large amount of data has been sent to an external IP address over port 443 during non-business hours. The company uses a proxy server that logs all outbound connections. Which action should the analyst take first to validate the suspicion?

Question 13hardmultiple choice
Read the full Security Concepts explanation →

A network engineer is designing a segmented network to protect a sensitive database. The database must be accessible only from a specific application server. Which security concept best describes this design?

Question 14easymulti select
Read the full Security Concepts explanation →

Which TWO of the following are common indicators of a denial-of-service (DoS) attack?

Question 15mediummultiple choice
Study the full ACL explanation →

An analyst reviews the ACL applied to the outside interface of a router. The analyst notices that traffic from 192.168.1.0/24 to 10.10.10.10 on port 443 is permitted, but all other traffic is denied and logged. Which of the following is a potential security issue with this ACL?

Exhibit

Refer to the exhibit.

! Output from show access-list 101
! Extended IP access list 101
!    10 permit tcp 192.168.1.0 0.0.0.255 host 10.10.10.10 eq 443
!    20 deny ip any any log
!
Question 16hardmultiple choice
Review the full subnetting walkthrough →

You are a security analyst for a mid-sized company with a flat network topology. The company uses a single firewall for internet access and has no internal segmentation. Recently, the IT team deployed a new file server running Windows Server 2019. The server was configured with default settings and placed in the same subnet as all user workstations. Two weeks later, the helpdesk receives multiple complaints about slow network performance. Upon investigation, you notice the file server's network interface is sending a high volume of broadcast traffic. Additionally, you find that the server's firewall is disabled and it is running an outdated SMBv1 protocol. The CEO is concerned about potential data loss and asks for immediate remediation. Which of the following is the most effective and immediate course of action to address the most critical security vulnerability?

Question 17mediumdrag order
Read the full Security Concepts explanation →

Drag and drop the steps to configure SSH access on a Cisco IOS switch into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediumdrag order
Review the full routing breakdown →

Drag and drop the steps to perform a password recovery on a Cisco IOS router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 19mediummatching
Read the full Security Concepts explanation →

Match each security tool to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network scanning and discovery

Packet capture and analysis

Intrusion detection and prevention

Exploitation framework for penetration testing

Security information and event management (SIEM)

Question 20mediummatching
Read the full Security Concepts explanation →

Match each cybersecurity framework/standard to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cybersecurity risk management framework

Information security management system standard

Payment card industry data security standard

Knowledge base of adversary tactics and techniques

Prioritized set of security best practices

Question 21easymultiple choice
Read the full Security Concepts explanation →

A security analyst needs to ensure data integrity. Which control best achieves this?

Question 22mediummultiple choice
Read the full Security Concepts explanation →

During an incident, the analyst finds that an attacker modified system files. Which security principle was primarily violated?

Question 23hardmultiple choice
Study the full AAA explanation →

A company implements a policy where users must authenticate with a password and a one-time code from a token. Which AAA component is strengthened by this policy?

Question 24easymultiple choice
Read the full Security Concepts explanation →

An organization deploys a firewall to block unauthorized traffic. This is an example of which type of security control?

Question 25mediummultiple choice
Read the full Security Concepts explanation →

A security analyst reviews logs and finds multiple failed login attempts from a single IP. This is indicative of what type of attack?

Question 26hardmultiple choice
Read the full Security Concepts explanation →

To protect sensitive data at rest, a company uses AES-256 encryption. This primarily ensures which security goal?

Question 27easymultiple choice
Read the full Security Concepts explanation →

Which principle ensures that a user cannot deny having performed an action?

Question 28mediummultiple choice
Read the full Security Concepts explanation →

A help desk receives a phone call from someone claiming to be from IT and requesting a password reset. What type of attack is this?

Question 29hardmultiple choice
Read the full Security Concepts explanation →

In a risk management process, after identifying risks, the next step is to determine the potential impact and likelihood. This is known as:

Question 30easymulti select
Read the full Security Concepts explanation →

Which TWO are examples of technical security controls? (Select two.)

Question 31mediummulti select
Read the full Security Concepts explanation →

Which TWO are common indicators of a phishing email? (Select two.)

Question 32hardmulti select
Read the full Security Concepts explanation →

Which THREE are principles of the CIA triad? (Select three.)

Question 33mediummultiple choice
Review the full routing breakdown →

Refer to the exhibit. What traffic is the router permitting?

Exhibit

access-list 100 permit tcp any any eq 22
access-list 100 deny ip any any
Question 34hardmultiple choice
Read the full Security Concepts explanation →

Refer to the exhibit. What does this log entry indicate?

Exhibit

Mar 1 2025 12:35:00: %SEC-5-IPACCESSLOG: list 101 permitted icmp 10.0.0.1 -> 192.168.1.1
Question 35easymultiple choice
Read the full Security Concepts explanation →

Refer to the exhibit. Which security protocol is being configured?

Exhibit

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
Question 36easymultiple choice
Read the full Security Concepts explanation →

A security analyst notices that a user's account has been used to access sensitive data outside of normal working hours. Which security concept is being violated?

Question 37mediummultiple choice
Read the full Security Concepts explanation →

Refer to the exhibit. An analyst examines the port security status on a switch interface. What action should the analyst take to restore connectivity to the device connected to this port?

Exhibit

Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address        : 0011.2233.4455
Last Violation Time        : 01:23:45
Security Violation Count   : 1
Question 38hardmultiple choice
Read the full Security Concepts explanation →

Refer to the exhibit. A security analyst is reviewing the ASA configuration. Which traffic will be permitted from the outside interface?

Exhibit

access-list OUT extended permit tcp any host 10.1.1.1 eq 80
access-list OUT extended deny ip any any
access-group OUT in interface outside
Question 39mediummultiple choice
Read the full Security Concepts explanation →

A company implements a policy requiring all employees to use a hardware token for remote access. This is an example of which type of security control?

Question 40easymultiple choice
Read the full Security Concepts explanation →

What is the primary goal of the 'integrity' pillar of the CIA triad?

Question 41hardmultiple choice
Read the full network assurance explanation →

Refer to the exhibit. A security analyst sees this syslog message repeatedly. Which change should the analyst make to reduce the log volume while still detecting the activity?

Exhibit

%ASA-4-106023: Deny tcp src outside:10.0.0.2/1234 dst inside:192.168.1.1/80 by access-group "OUT".
Question 42easymultiple choice
Read the full Security Concepts explanation →

Which type of malware is designed to spread automatically across networks without user interaction?

Question 43mediummultiple choice
Read the full Security Concepts explanation →

A security analyst is asked to assess the risk of a new web application. The analyst calculates the likelihood of a SQL injection as 0.3 and the impact as $100,000. What is the annualized loss expectancy (ALE) if the asset value is $500,000 and the exposure factor is 0.2?

Question 44hardmultiple choice
Read the full Security Concepts explanation →

During a forensic investigation, an analyst acquires a hard drive image using dd. What must be done to ensure the evidence is admissible in court?

Question 45easymulti select
Read the full Security Concepts explanation →

A security analyst is implementing multifactor authentication. Which TWO are considered factors? (Select two.)

Question 46mediummulti select
Read the full Security Concepts explanation →

Which THREE are examples of social engineering attacks? (Select three.)

Question 47hardmulti select
Read the full DNS explanation →

A security analyst discovers that an attacker exfiltrated data using DNS tunneling. Which TWO controls should be implemented to detect or prevent this? (Select two.)

Question 48easymultiple choice
Read the full Security Concepts explanation →

What is the purpose of a security baseline?

Question 49mediummultiple choice
Read the full Security Concepts explanation →

Which security principle ensures that a user cannot deny having performed an action?

Question 50hardmultiple choice
Read the full Security Concepts explanation →

A company's security policy requires that all remote access connections be authenticated using a certificate. Which type of control is this?

Question 51easymultiple choice
Read the full Security Concepts explanation →

A security administrator needs to ensure that data transmitted between a web browser and a web server is encrypted. Which technology should be implemented?

Question 52mediummultiple choice
Read the full Security Concepts explanation →

A user reports receiving an email with an urgent request to click a link and reset a password. The email appears to come from the company's IT department but has slight spelling errors. Which type of attack is this?

Question 53hardmultiple choice
Read the full Security Concepts explanation →

A security analyst reviews system logs and notices multiple failed login attempts from a single IP address to different user accounts over a short period. The analyst then sees a successful login for one account. Which type of attack is most likely occurring?

Question 54easymultiple choice
Read the full Security Concepts explanation →

A company wants to protect its internal network from external threats. Which security principle involves deploying multiple layers of security controls?

Question 55mediummultiple choice
Read the full Security Concepts explanation →

A system administrator needs to grant access to a database for a new employee. According to the principle of least privilege, what should be done?

Question 56hardmultiple choice
Read the full Security Concepts explanation →

During a vulnerability assessment, a security team discovers that a web application allows users to upload files without proper validation. An attacker could upload a malicious file and execute it on the server. Which type of vulnerability is this?

Question 57easymultiple choice
Read the full Security Concepts explanation →

Which of the following is a primary goal of the CIA triad?

Question 58mediummultiple choice
Read the full Security Concepts explanation →

An organization has implemented a security policy requiring all employees to change their passwords every 90 days. Which security goal does this policy primarily support?

Question 59hardmultiple choice
Read the full NAT/PAT explanation →

A SOC analyst examines an alert generated by an IDS. The alert indicates a potential SQL injection attempt. However, the analyst finds that the source IP is a known internal web server that performs legitimate database queries. What is the most likely explanation?

Question 60easymultiple choice
Read the full network assurance explanation →

What is the meaning of this syslog message?

Exhibit

Refer to the exhibit.
%ASA-4-106023: Deny tcp src outside:192.168.1.10/12345 dst inside:10.0.0.10/80 by access-group "outside_access_in"
Question 61mediummultiple choice
Read the full Security Concepts explanation →

What is the effect of this configuration on a Cisco device?

Exhibit

Refer to the exhibit.
!
aaa new-model
aaa authentication login default local
aaa authorization exec default local
!
username admin password cisco
!
Question 62hardmultiple choice
Read the full network assurance explanation →

Which type of traffic is most prominent in this NetFlow data?

Exhibit

Refer to the exhibit.
SrcAddr       DstAddr       SrcPort  DstPort  Proto  Packets  Bytes
10.0.0.1      10.0.0.2      12345    80       TCP    100      5000
10.0.0.1      10.0.0.3      54321    22       TCP    50       3000
Question 63easymulti select
Read the full Security Concepts explanation →

Which TWO of the following are symmetric encryption algorithms? (Choose two.)

Question 64mediummulti select
Read the full Security Concepts explanation →

Which TWO of the following are common network security protocols? (Choose two.)

Question 65hardmulti select
Read the full Security Concepts explanation →

Which THREE of the following are key principles of zero trust security? (Choose three.)

Question 66easymultiple choice
Read the full Security Concepts explanation →

A small business uses a cloud-based email service. The IT administrator wants to protect against phishing attacks that target employees. Which security control should be implemented first?

Question 67mediummultiple choice
Read the full Security Concepts explanation →

A security analyst is investigating a potential data exfiltration incident. The analyst notices that a server is sending encrypted data to an external IP address during non-business hours. The server is supposed to only communicate with internal systems. What is the best immediate action?

Question 68hardmultiple choice
Read the full Security Concepts explanation →

An organization has implemented a security information and event management (SIEM) system. The SOC analyst receives an alert indicating a high number of failed login attempts from a single IP address targeting a critical server. The analyst checks the server logs and finds that the server is configured to lock the account after 5 failed attempts. However, the alert shows thousands of attempts. Which of the following explains this discrepancy?

Question 69mediummultiple choice
Read the full Security Concepts explanation →

A company is deploying a new web application and wants to ensure it is secure against common web attacks. Which of the following is the most effective approach to validate the security of the application before going live?

Question 70easymulti select
Read the full Security Concepts explanation →

Which TWO of the following are characteristics of an advanced persistent threat (APT)?

Question 71mediummulti select
Read the full Security Concepts explanation →

Which THREE of the following are common security controls used to defend against ransomware?

Question 72easymultiple choice
Open the full VLAN trunking answer →

A hospital's network security team has received reports from nurses that the patient record system has become unresponsive. Upon investigation, the IT administrator finds that the database server is experiencing extremely high disk I/O and the system logs show repeated failed login attempts from an internal IP address that belongs to a medical imaging device. The imaging device is known to run an outdated embedded OS that cannot be patched. The device is isolated on its own VLAN, but the VLAN is allowed to communicate with the database server on TCP port 1433 for legitimate purposes. The attack logs show that the database server is being targeted with a dictionary attack using the default 'sa' account. What should the security analyst do first to contain the incident without disrupting critical medical operations?

Question 73easymultiple choice
Read the full Security Concepts explanation →

A small retail company uses a cloud-based point-of-sale (POS) system. The IT manager receives an alert from the cloud provider that the POS application is generating an unusually high number of outbound connections to an IP address in a foreign country. The POS application is only supposed to communicate with the cloud provider's servers in the United States. The IT manager checks the POS terminal logs and finds that a new user account was created locally on the terminal with administrative privileges two days ago. The terminal does not have antivirus installed. What should the IT manager do first to contain the incident and prevent data loss?

Question 74mediummultiple choice
Read the full Security Concepts explanation →

A manufacturing company's ICS network was infected with ransomware that encrypted files on the file server. The company has offline backups and restores the files. However, during the investigation, the security analyst finds that the ransomware entered through an RDP connection from an infected workstation on the corporate network. The corporate network and ICS network are separated by a firewall that allows RDP from specific corporate IPs to the ICS file server. The analyst wants to prevent a recurrence. Which of the following is the most effective long-term control?

Question 75mediummultiple choice
Read the full Security Concepts explanation →

A SOC analyst is monitoring network traffic and notices a large amount of data being transferred from the HR file server to an external IP address during off-hours. The server is supposed to be used only during business hours. The analyst checks the server logs and sees that a user account named 'backup_service' has been active and copying files. The 'backup_service' account is a service account that is normally used for automated backups, but the backup schedule is set to run at midnight, and the current time is 3 AM. The analyst suspects credential theft. Which of the following should the analyst do first?

Question 76hardmultiple choice
Read the full Security Concepts explanation →

A cybersecurity firm is conducting a red team exercise for a client. The red team successfully gained access to the client's internal network through a phishing email and escalated privileges to domain administrator. During the exercise, the red team uses a tool to dump password hashes from the domain controller. The client's security team detects the hash dump activity and sends an alert to the SOC. The SOC analyst reviews the alert and sees that the source IP of the hash dump is from a server that is part of the red team's scope. However, the red team is not scheduled to perform hash dumping until the next phase. The analyst also notes that the activity uses a known red team tool. Which of the following actions is most appropriate?

Question 77hardmultiple choice
Read the full NAT/PAT explanation →

A large e-commerce company experiences a data breach where customer credit card numbers are stolen. The investigation reveals that an attacker exploited a SQL injection vulnerability in the web application to extract the data from the database. The company's web development team claims they use parameterized queries and prepared statements. However, the forensic analysis shows that the injection occurred through a search functionality that concatenates user input directly into the SQL query. The application logs indicate that the search function was developed by a third-party vendor and integrated into the application six months ago. The company wants to prevent such incidents in the future. Which of the following is the most effective long-term solution?

Question 78easymulti select
Read the full NAT/PAT explanation →

A healthcare organization uses an online patient portal where patients can view their medical records. Recently, it was discovered that patient records were being modified by an unauthorized insider, and the system suffered a ransomware attack that encrypted the database, making it inaccessible for three days. Which TWO security principles were primarily violated? (Choose two.)

Question 79mediummultiple choice
Read the full network assurance explanation →

An analyst reviews the Cisco ASA syslog message shown in the exhibit. What does this entry indicate?

Exhibit

Refer to the exhibit.
%ASA-4-106023: Deny tcp src outside:203.0.113.45/56789 dst inside:10.1.1.100/80 by access-group "outside_in"
Question 80hardmultiple choice
Read the full Security Concepts explanation →

A mid-sized financial firm has a segmented network with a DMZ hosting a web server, an internal network with a database server, and an employee LAN. The security infrastructure includes a next-generation firewall (NGFW) with IPS, an endpoint detection and response (EDR) solution, and a SIEM. Over the past week, the SIEM has generated alerts for unusual outbound connections from the database server to an external IP address 198.51.100.33 on TCP port 443 during non-business hours. The EDR shows no malware on the database server, but a process named 'sqlsrv.exe' (the legitimate SQL Server process) is making these connections. The server's file integrity monitoring indicates that the sqlsrv.exe file has not been modified, but a memory dump reveals injected code that appears to be a reverse shell. The firewall logs show that the outbound connections are allowed because they match an existing rule permitting the database server to reach external update servers. The IP 198.51.100.33 is not on any threat intelligence feed as malicious, but it is geolocated to a country with known cybercrime activity. Which action should the security analyst take FIRST?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

200-201 Practice Test 1 — 10 Questions→200-201 Practice Test 2 — 10 Questions→200-201 Practice Test 3 — 10 Questions→200-201 Practice Test 4 — 10 Questions→200-201 Practice Test 5 — 10 Questions→200-201 Practice Exam 1 — 20 Questions→200-201 Practice Exam 2 — 20 Questions→200-201 Practice Exam 3 — 20 Questions→200-201 Practice Exam 4 — 20 Questions→Free 200-201 Practice Test 1 — 30 Questions→Free 200-201 Practice Test 2 — 30 Questions→Free 200-201 Practice Test 3 — 30 Questions→200-201 Practice Questions 1 — 50 Questions→200-201 Practice Questions 2 — 50 Questions→200-201 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security Policies and ProceduresSecurity ConceptsSecurity MonitoringHost-Based AnalysisNetwork Intrusion Analysis

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Concepts setsAll Security Concepts questions200-201 Practice Hub