200-201 · topic practice

Security Policies and Procedures practice questions

Practise Cisco CyberOps Associate 200-201 Security Policies and Procedures practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security Policies and Procedures

What the exam tests

What to know about Security Policies and Procedures

Security Policies and Procedures questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security Policies and Procedures exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security Policies and Procedures questions

20 questions · select your answer, then reveal the explanation

A security analyst discovers that an employee has been sharing login credentials with coworkers. Which policy violation is this?

A company wants to ensure that employees report security incidents immediately. Which policy element is most important to include?

An organization's security policy requires that all network traffic be inspected by an intrusion prevention system. However, encrypted traffic is bypassing inspection. Which change to the policy would best address this issue?

A security policy states that user activity logs must be retained for at least one year. What is the primary purpose of this requirement?

A security analyst notices that an employee is accessing the corporate network from an unauthorized device. According to the security policy, which action should the analyst take first?

A security policy requires that all changes to firewall rules be approved by two administrators. This is an example of which security principle?

An organization's security policy states that all external connections must be authenticated using multi-factor authentication. Which type of policy is this?

A company's security policy includes a clause that all software installed on company devices must be approved by the IT department. An employee installs an unapproved application that later causes a malware infection. Which policy was violated?

Which TWO of the following are typically included in a security policy's scope statement?

Which THREE of the following are common elements of an incident response policy?

Which TWO of the following are best practices for implementing a security policy?

A security analyst reviews the firewall log. What is the most likely reason for the denied connection?

Network Topology
Firewall log entry!End of log entryRefer to the exhibit.

A security auditor reviews the SNMP configuration. Which security concern should be reported?

Network Topology
!End of configurationRefer to the exhibit.snmp-server community public ROsnmp-server community private RWsnmp-server location Building_Asnmp-server contact admin@company.com

You are a security analyst at a financial services company. The company's security policy mandates that all sensitive data must be encrypted at rest and in transit. A recent internal audit reveals that a database containing customer personally identifiable information (PII) is stored on a server that uses unencrypted storage volumes. The database is accessed by internal applications via unencrypted connections. The policy also requires quarterly vulnerability scans, and the latest scan shows that the server has a critical vulnerability in the database software. Additionally, the server's firewall rules permit inbound traffic from the entire corporate network to the database port. The company's incident response policy requires that any violation of data protection policies be escalated within 24 hours. The IT manager asks you to prioritize actions. What should you do first?

You are a security operations analyst for a medium-sized enterprise. The company's security policy requires that all endpoint devices have antivirus software installed and updated. During a routine check, you find that a group of 50 laptops used by the sales team have not received antivirus updates for over three months. The policy also states that any non-compliant devices must be quarantined from the network until they are remediated. The sales team manager argues that quarantining the laptops will disrupt critical sales activities. The company's incident response policy has a clause that allows for temporary exceptions in business-critical situations, but requires approval from the CISO. What is the best course of action?

A company's security policy requires that all laptops accessing the corporate network must have full-disk encryption enabled. During a routine audit, an analyst discovers that a manager's laptop does not have encryption enabled. What is the most appropriate first step according to standard security incident response procedures?

Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A network administrator is implementing a new security policy that requires all employees to use multi-factor authentication (MFA) when accessing email from external networks. However, several employees report that they cannot receive SMS codes while traveling internationally. Which design change best balances security and usability?

A security analyst is reviewing a series of failed login attempts on a critical server. The logs show that the source IP addresses are from multiple geographic regions and the usernames tried are all valid employees. The attempts occur every 5 minutes for the past hour. According to the company's security policy, which type of attack is most likely occurring, and what is the best immediate response?

During a security audit, an analyst discovers that several employees have shared their login credentials with colleagues to expedite work. Which policy enforcement mechanism would be most effective in preventing this behavior?

Question 20mediummultiple choice
Read the full VPN explanation →

A company's security policy states that all remote access must be through a VPN. An employee complains that the VPN is too slow and asks for an exception to access a specific internal server directly over the internet. What should the security analyst recommend?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security Policies and Procedures sessions

Start a Security Policies and Procedures only practice session

Every question in these sessions is drawn from the Security Policies and Procedures domain — nothing else.

Related practice questions

Related 200-201 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 200-201 exam test about Security Policies and Procedures?
Security Policies and Procedures questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security Policies and Procedures questions in a focused session?
Yes — the session launcher on this page draws every question from the Security Policies and Procedures domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 200-201 topics?
Use the topic links above to move to related areas, or go back to the 200-201 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 200-201 exam covers. They are not copied from any real exam or dump site.