Question 1mediummultiple choice
Full question →200-301 · topic practice
Security Fundamentals practice questions
Use this page to practise 200-301 Security Fundamentals practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Security Fundamentals
Security Fundamentals questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Security Fundamentals questions
20 questions · select your answer, then reveal the explanation
Question 2hardmultiple choice
Full question →Which switch security feature uses DHCP snooping bindings to validate ARP packets and help stop ARP spoofing?
Question 3mediummulti select
Full question →Which two features commonly strengthen access-switch security for user-facing ports? (Choose two.)
Question 4hardmultiple choice
Full question →A switch port is configured with port security using these commands:
switchport port-security switchport port-security maximum 2 switchport port-security violation restrict switchport port-security mac-address sticky
A user unplugs a company laptop and connects a different unauthorized device. The interface stays up/up, but the new device has no connectivity.
Which statement best explains what happened?
Question 5mediummatching
Full question →Match each wireless concept to its description.
Answer choices are not available in this preview. Open the full question page for the complete review.
Question 6mediummatching
Full question →Match the security feature to its main purpose.
Answer choices are not available in this preview. Open the full question page for the complete review.
Question 7mediummulti select
Full question →A switch port was configured for sticky MAC learning. Which two statements accurately describe how the feature behaves?
Question 8mediummatching
Full question →Match each security concept to its most accurate purpose.
Answer choices are not available in this preview. Open the full question page for the complete review.
Question 9easymultiple choice
Full question →What does the second 'A' in AAA stand for?
Question 10hardmultiple choice
Full question →Clients in VLAN 30 are not receiving addresses from the DHCP server located in VLAN 99. Which configuration change should be made on the Layer 3 interface for VLAN 30?
Question 11mediummultiple choice
Full question →Which statement best describes an API token in a network automation workflow?
Question 12mediummultiple choice
Full question →Which security concept is most closely associated with ensuring data has not been altered in an unauthorized way?
Question 13hardmulti select
Full question →Which two statements accurately describe REST-based APIs in a network automation context?
Question 14mediummatching
Full question →Match each security term to its most accurate meaning.
Answer choices are not available in this preview. Open the full question page for the complete review.
Question 15mediummultiple choice
Full question →Which statement best explains why SSH is preferred over Telnet for remote administration?
Question 16hardmultiple choice
Full question →In a controller-based design, which statement best describes a northbound API?
Question 17mediummultiple choice
Full question →A switchport should automatically disable itself if too many MAC addresses are learned beyond the configured secure limit. Which port-security violation mode causes that behavior?
Question 18mediummulti select
Full question →Which two statements accurately describe basic WLAN security at the CCNA level?
Question 19hardmultiple choice
Full question →A device allows remote access, but the administrator wants stronger protection than plain usernames and passwords alone. Which statement best reflects that goal at a conceptual level?
Question 20mediummultiple choice
Full question →Which statement best describes why disabling unused switch ports is considered a hardening measure?
Watch out for
Common Security Fundamentals exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Security Fundamentals sessions
Start a Security Fundamentals only practice session
Every question in these sessions is drawn from the Security Fundamentals domain — nothing else.
Related practice questions
Related 200-301 topic practice pages
Move into related areas when this topic feels solid.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
Frequently asked questions
- What does the 200-301 exam test about Security Fundamentals?
- Security Fundamentals questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Security Fundamentals questions in a focused session?
- Yes — the session launcher on this page draws every question from the Security Fundamentals domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other 200-301 topics?
- Use the topic links above to move to related areas, or go back to the 200-301 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the 200-301 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.