Back to Cisco CyberOps Associate 200-201 questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Cisco CyberOps Associate 200-201 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
200-201
exam code
Cisco
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related 200-201 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each security tool to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network scanning and discovery

Packet capture and analysis

Intrusion detection and prevention

Exploitation framework for penetration testing

Security information and event management (SIEM)

Question 2mediummatching
Full question →

Match each Cisco CyberOps concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Security Operations Center

Confidentiality, Integrity, Availability

Indicator of Compromise

Tactics, Techniques, and Procedures

Adversary, Capability, Infrastructure, Victim

Question 3mediummatching
Full question →

Match each Linux command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Search text using patterns

Capture and analyze network packets

Display network connections and statistics

Configure firewall rules

Change file permissions

Question 4mediummatching
Full question →

Match each network device to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Filters traffic based on security rules

Detects suspicious activity and alerts

Detects and blocks malicious traffic inline

Forwards packets between networks

Forwards frames within a LAN

Question 5mediummatching
Full question →

Match each network attack type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Social engineering via email to steal credentials

Overwhelming a target with traffic from multiple sources

Intercepting communications between two parties

Injecting malicious SQL queries into input fields

Associating attacker's MAC with victim's IP

Question 6mediummatching
Full question →

Match each network protocol to its well-known port number.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

22

443

53

25

3389

Question 7mediummatching
Full question →

Match each Windows event log type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Logs success/failure audit events

Logs operating system events

Logs events from applications

Logs installation events

Logs events forwarded from other computers

Match each log severity level to its description (syslog).

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

System is unusable

Immediate action required

Critical conditions

Error conditions

Warning conditions

Question 9mediummatching
Full question →

Match each cybersecurity framework/standard to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cybersecurity risk management framework

Information security management system standard

Payment card industry data security standard

Knowledge base of adversary tactics and techniques

Prioritized set of security best practices

Question 10mediummatching
Full question →

Match each analysis type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Examining file without executing it

Running file in a sandbox to observe behavior

Matching patterns against known threats

Detecting deviations from baseline behavior

Using rules to detect unknown threats

These 200-201 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 200-201 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.