200-201 · topic practice

Security Concepts practice questions

Use this page to practise Security Concepts questions for this certification. Focus on how the exam tests security concepts in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security Concepts

What the exam tests

What to know about Security Concepts

Security Concepts questions on this certification test your ability to deploy and manage security concepts concepts in scenario-based situations.

Core Security Concepts concepts and how they apply in real-world cloud scenarios.

How to deploy security concepts correctly and verify the outcome.

Troubleshooting security concepts issues by interpreting error output and system state.

Cloud best practices and Security Concepts design trade-offs tested by this certification.

Watch out for

Common Security Concepts exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Security Concepts questions

20 questions · select your answer, then reveal the explanation

An organization wants to classify data based on its sensitivity and impact if disclosed. Which security principle is being applied?

A SOC analyst notices repeated failed login attempts from a single IP address against multiple user accounts. Which type of attack is most likely occurring?

A security engineer is designing a network to prevent an attacker who gains access to a web server from easily pivoting to the internal database server. Which architecture best achieves this goal?

Which TWO security concepts are fundamental to the principle of least privilege? (Choose two.)

Which THREE are common indicators of a distributed denial-of-service (DDoS) attack? (Choose three.)

Which TWO are goals of a security operations center (SOC)? (Choose two.)

Refer to the exhibit. A network analyst sees these firewall logs. What is the most likely interpretation?

Exhibit

Refer to the exhibit.
```
Mar  1 12:34:56.789: %ASA-5-111008: User 'admin' executed the 'configure terminal' command.
Mar  1 12:35:01.123: %ASA-4-106023: Deny tcp src outside:192.0.2.10/12345 dst inside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Mar  1 12:35:05.456: %ASA-4-106023: Deny tcp src outside:192.0.2.10/12346 dst inside:10.0.0.2/443 by access-group "OUTSIDE_IN" [0x0, 0x0]
```
Question 8hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. A security analyst reviews this ACL on a firewall between a DMZ (10.0.1.0/24) and internal network (10.0.2.0/24). What is the effect of this ACL?

Exhibit

Refer to the exhibit.
```
! Access-list for DMZ to Inside
access-list DMZ_TO_INSIDE extended permit tcp 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0 eq 3306
access-list DMZ_TO_INSIDE extended deny ip any any
```

Refer to the exhibit. A Windows security log shows several events with Event ID 4625 (failed logon). What type of attack is indicated?

Exhibit

Refer to the exhibit.
```
Event Log:
Time: 10:00:01, Source: 192.168.1.100, Event ID: 4625, Account: Administrator
Time: 10:00:03, Source: 192.168.1.100, Event ID: 4625, Account: Admin
Time: 10:00:05, Source: 192.168.1.100, Event ID: 4625, Account: root
```
Question 10hardmultiple choice
Read the full wireless explanation →

You are a security analyst at a financial institution. The network consists of three segments: internal corporate network (10.0.0.0/24), DMZ (192.168.1.0/24) hosting a web server and an email server, and a guest wireless network (172.16.0.0/24). The firewall is configured with the following rules: (1) permit inbound HTTP/HTTPS to the web server from any; (2) permit inbound SMTP to the email server from any; (3) deny all other inbound traffic; (4) permit all outbound traffic from internal network; (5) deny all outbound traffic from guest network to internal and DMZ, but permit to internet. Recently, an employee reported that sensitive files on an internal file server (10.0.0.10) were accessed without authorization. Logs show that the access originated from an IP address in the guest network (172.16.0.50) at 3:00 AM. The guest network is open (no authentication required). The internal file server is not directly accessible from the guest network per rule (5). However, the attacker used the web server as a pivot: they compromised the web server via an unpatched vulnerability, then from the web server they connected to the internal file server. Which of the following actions would BEST prevent this type of attack in the future?

Question 11mediummultiple choice
Read the full Security Concepts explanation →

You are a SOC analyst monitoring traffic on a corporate network. The network uses a next-generation firewall (NGFW) with intrusion prevention system (IPS). You receive an alert that the IPS detected a SQL injection attempt against the internal web application server (10.0.1.10) from an external IP (203.0.113.5). The IPS action was set to "alert" only, not "drop". Further investigation shows that the web server logs indicate the SQL injection succeeded and data was exfiltrated to 203.0.113.5. The web application is a custom application developed in-house. The database server (10.0.1.20) contains customer PII. Which of the following is the BEST immediate action to contain the incident?

Question 12mediummultiple choice
Read the full Security Concepts explanation →

A security analyst is investigating a potential data exfiltration incident. The analyst notices that a large amount of data has been sent to an external IP address over port 443 during non-business hours. The company uses a proxy server that logs all outbound connections. Which action should the analyst take first to validate the suspicion?

A network engineer is designing a segmented network to protect a sensitive database. The database must be accessible only from a specific application server. Which security concept best describes this design?

Which TWO of the following are common indicators of a denial-of-service (DoS) attack?

Question 15mediummultiple choice
Study the full ACL explanation →

An analyst reviews the ACL applied to the outside interface of a router. The analyst notices that traffic from 192.168.1.0/24 to 10.10.10.10 on port 443 is permitted, but all other traffic is denied and logged. Which of the following is a potential security issue with this ACL?

Exhibit

Refer to the exhibit.

! Output from show access-list 101
! Extended IP access list 101
!    10 permit tcp 192.168.1.0 0.0.0.255 host 10.10.10.10 eq 443
!    20 deny ip any any log
!
Question 16hardmultiple choice
Review the full subnetting walkthrough →

You are a security analyst for a mid-sized company with a flat network topology. The company uses a single firewall for internet access and has no internal segmentation. Recently, the IT team deployed a new file server running Windows Server 2019. The server was configured with default settings and placed in the same subnet as all user workstations. Two weeks later, the helpdesk receives multiple complaints about slow network performance. Upon investigation, you notice the file server's network interface is sending a high volume of broadcast traffic. Additionally, you find that the server's firewall is disabled and it is running an outdated SMBv1 protocol. The CEO is concerned about potential data loss and asks for immediate remediation. Which of the following is the most effective and immediate course of action to address the most critical security vulnerability?

Drag and drop the steps to configure SSH access on a Cisco IOS switch into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediumdrag order
Review the full routing breakdown →

Drag and drop the steps to perform a password recovery on a Cisco IOS router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each security tool to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network scanning and discovery

Packet capture and analysis

Intrusion detection and prevention

Exploitation framework for penetration testing

Security information and event management (SIEM)

Match each cybersecurity framework/standard to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cybersecurity risk management framework

Information security management system standard

Payment card industry data security standard

Knowledge base of adversary tactics and techniques

Prioritized set of security best practices

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security Concepts sessions

Start a Security Concepts only practice session

Every question in these sessions is drawn from the Security Concepts domain — nothing else.

Related practice questions

Related 200-201 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 200-201 exam test about Security Concepts?
Security Concepts questions on this certification test your ability to deploy and manage security concepts concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security Concepts questions in a focused session?
Yes — the session launcher on this page draws every question from the Security Concepts domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 200-201 topics?
Use the topic links above to move to related areas, or go back to the 200-201 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 200-201 exam covers. They are not copied from any real exam or dump site.