PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free CCNA Cybersecurity (200-201 CCNACBR) Practice Questions

Pass your CCNA Cybersecurity: Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CCNACBR) v1.2 exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Cisco does not publicly report pass rates Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

Which security concept involves proactively searching for threats that have evaded existing security controls?

A
B
C
D
to track
Same family resources

Explore More Cisco Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

CCNA

Practice QuestionsStudy GuideCheat SheetFlashcards4 videos4 blogs

Cisco CCST Networking

Practice QuestionsStudy GuideCheat SheetFlashcards2 videos2 blogs

CyberOps Associate

Practice Questions1 video1 blog

Cisco CCST Cybersecurity

Practice Questions1 video1 blog

CCIE Enterprise

Practice Questions

CCNP Collaboration

Practice Questions

More From This Family

Videos and articles for deeper review.

VideoBest Cable Testers for Network Technicians in 2026: Klein VDV526-200 vs Fluke vs TRENDnetVideoCCNA 200-301 Exam Topics and Lab Blueprint (2026)VideoCCNA 200-301 Study Plan: Pass in 3-5 Months (2026)VideoCCNA vs CompTIA Network+ 2026: Which to Take FirstArticleFREE Cisco CCST Cybersecurity (100-160) Exam Guide 2026: Pass First Try20 min readArticleCCNA vs CompTIA Network+ 2026: Which to Take First13 min readArticleCCNA 200-301 Exam Topics and Lab Blueprint (2026)12 min readArticleCCNA 200-301 Study Plan: Pass in 3-5 Months (2026)15 min read
2026 Statistics

Key Facts: CCNA Cybersecurity (200-201 CCNACBR) Exam

~100

Approximate Question Count

Cisco CCNACBR v1.2 exam description

120 min

Time Limit

Cisco CCNACBR v1.2 exam description

$300

Exam Fee (USD)

Cisco / Pearson VUE pricing

5 domains

Exam Blueprint

Security Concepts / Monitoring / Host Analysis / Network Intrusion / Policies & Procedures

3 yrs

Certification Validity

CCNA Cybersecurity associate-level certification

Pearson VUE

Test Delivery

In-person or online proctored

CCNA Cybersecurity (200-201 CCNACBR v1.2) is a 120-minute, ~100-question associate-level exam costing $300 USD through Pearson VUE. The blueprint covers five equally-weighted domains — Security Concepts, Security Monitoring, Host-Based Analysis, Network Intrusion Analysis, and Security Policies & Procedures — each at 20%. Formerly known as CBROPS and Cisco CyberOps Associate, it was rebranded to CCNA Cybersecurity in February 2026. Passing earns the CCNA Cybersecurity certification valid for 3 years.

Sample CCNA Cybersecurity (200-201 CCNACBR) Practice Questions

Try these sample questions to test your CCNA Cybersecurity (200-201 CCNACBR) exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which security principle ensures that data has not been altered in transit?
A.Confidentiality
B.Integrity
C.Availability
D.Non-repudiation
Explanation: Integrity ensures that data has not been modified, deleted, or corrupted during storage or transmission. Hashing algorithms like SHA-256 are commonly used to verify data integrity by comparing checksums before and after transfer.
2Which type of encryption uses a single shared key for both encryption and decryption?
A.Asymmetric encryption
B.Symmetric encryption
C.Hashing
D.Digital signatures
Explanation: Symmetric encryption uses a single shared key for both encrypting and decrypting data. Examples include AES, DES, and 3DES. It is faster than asymmetric encryption but requires a secure method to exchange the shared key.
3In the STRIDE threat model, what does the 'T' represent?
A.Tampering
B.Trojan
C.Targeting
D.Tracking
Explanation: In the STRIDE threat model, the 'T' stands for Tampering, which refers to unauthorized modification of data. STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.
4What is the primary function of a SIEM system in a security operations center?
A.Blocking malicious traffic at the network perimeter
B.Collecting, aggregating, and correlating log data from multiple sources
C.Encrypting data in transit between endpoints
D.Scanning endpoints for known malware signatures
Explanation: A SIEM (Security Information and Event Management) system collects, aggregates, and correlates log and event data from diverse sources such as firewalls, IDS/IPS, servers, and applications. It enables centralized monitoring, alerting, and compliance reporting across the entire infrastructure.
5Which access control model assigns permissions based on the user's job function within an organization?
A.Discretionary access control (DAC)
B.Mandatory access control (MAC)
C.Role-based access control (RBAC)
D.Attribute-based access control (ABAC)
Explanation: Role-based access control (RBAC) assigns permissions based on the user's role or job function within the organization. Users are assigned to roles, and each role has a defined set of permissions, simplifying access management in large environments.
6What does the CVSS metric 'Attack Vector' describe?
A.The complexity of the attack required to exploit the vulnerability
B.The level of privileges an attacker needs to exploit the vulnerability
C.The context by which vulnerability exploitation is possible
D.The impact of the vulnerability on system availability
Explanation: The CVSS Attack Vector (AV) metric describes the context by which vulnerability exploitation is possible, such as network, adjacent, local, or physical. It indicates how an attacker can reach the vulnerable component.
7Which security framework provides a voluntary set of standards and best practices for managing cybersecurity risk?
A.ITIL
B.NIST Cybersecurity Framework
C.PCI DSS
D.ISO 27002
Explanation: The NIST Cybersecurity Framework (CSF) provides a voluntary set of standards, guidelines, and best practices for managing cybersecurity risk. It is organized around five core functions: Identify, Protect, Detect, Respond, and Recover.
8What is the primary difference between a vulnerability and a threat?
A.A vulnerability is a potential danger, while a threat is a weakness in a system
B.A vulnerability is a weakness that could be exploited, while a threat is any potential danger that could exploit it
C.A vulnerability only exists in software, while a threat only exists in hardware
D.There is no difference; the terms are interchangeable
Explanation: A vulnerability is a weakness or flaw in a system that could be exploited, such as unpatched software or misconfigurations. A threat is any potential danger that could exploit a vulnerability, such as a hacker, malware, or natural disaster. Understanding both is essential for effective risk management.
9Which defense-in-depth layer is designed to detect and respond to threats that have already bypassed perimeter defenses?
A.Firewall
B.IDS/IPS
C.Encryption
D.Access control lists
Explanation: Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) operate as internal detection and response layers that identify and mitigate threats that have bypassed perimeter defenses like firewalls. They monitor network traffic or host activity for malicious patterns.
10What is the purpose of the AAA framework in network security?
A.To authenticate users, authorize access, and maintain accounting records of user activities
B.To analyze attacks, alert administrators, and automate responses
C.To assess assets, assign classifications, and audit compliance
D.To authorize applications, authenticate APIs, and audit access logs
Explanation: The AAA framework stands for Authentication (verifying identity), Authorization (determining access rights), and Accounting (tracking user activities and resource usage). It is fundamental to controlling and monitoring access in network environments, commonly implemented via RADIUS or TACACS+.

About the CCNA Cybersecurity (200-201 CCNACBR) Exam

The CCNA Cybersecurity (200-201 CCNACBR, formerly CBROPS/CyberOps Associate) is a 120-minute associate-level exam that validates foundational knowledge of cybersecurity operations. Candidates demonstrate competence across security concepts (CIA triad, threat models, cryptography), security monitoring (SIEM, log analysis, NetFlow), host-based analysis (endpoint security, HIDS, file integrity), network intrusion analysis (packet analysis, IDS/IPS, protocol analysis), and security policies and procedures (incident response, risk management, compliance). Passing earns the CCNA Cybersecurity certification, valid for 3 years.

Assessment

Approximately 100 multiple-choice and multiple-response questions covering Security Concepts (20%), Security Monitoring (20%), Host-Based Analysis (20%), Network Intrusion Analysis (20%), and Security Policies and Procedures (20%)

Time Limit

120 minutes

Passing Score

Variable cut score on 300-1000 scale (commonly cited ~750-825); Cisco does not publish the exact value

Exam Fee

$300 USD (Cisco / Pearson VUE)

CCNA Cybersecurity (200-201 CCNACBR) Exam Content Outline

20%

Security Concepts

CIA triad principles; threat models (STRIDE, Diamond Model); attack types (phishing, DDoS, MITM, social engineering); vulnerability assessment; security frameworks (NIST CSF, ISO 27001); cryptography basics (symmetric/asymmetric encryption, hashing, PKI, digital signatures); common security technologies (firewalls, IPS, VPN, NAC)

20%

Security Monitoring

SIEM architecture and operations; log collection, normalization, and parsing; event correlation rules; alert tuning and severity classification; NetFlow and network telemetry; packet capture analysis; security data sources (syslog, SNMP, WMI); Cisco SecureX and XDR overview; dashboard interpretation

20%

Host-Based Analysis

Endpoint detection and response (EDR) concepts; host-based intrusion detection systems (HIDS); file integrity monitoring (FIM); OS security fundamentals (Windows Event Logs, Linux syslog/journald); process monitoring and analysis; registry and file system monitoring; basic malware identification and behavioral indicators

20%

Network Intrusion Analysis

Packet analysis with Wireshark and tcpdump; TCP/IP protocol analysis for security (TCP handshake, DNS, HTTP/HTTPS); IDS/IPS concepts and rule interpretation (Snort, Suricata); network security monitoring; common network attack signatures (port scans, SQL injection, XSS); protocol anomalies; intrusion event classification

20%

Security Policies and Procedures

NIST incident response lifecycle (preparation, detection, analysis, containment, eradication, recovery, post-incident); security policy types (acceptable use, access control, data protection); risk assessment methodologies; compliance frameworks (PCI DSS, HIPAA, GDPR); SOC team roles and responsibilities (Tier 1/2/3 analysts); playbook-driven response

How to Pass the CCNA Cybersecurity (200-201 CCNACBR) Exam

What You Need to Know

  • Passing score: Variable cut score on 300-1000 scale (commonly cited ~750-825); Cisco does not publish the exact value
  • Assessment: Approximately 100 multiple-choice and multiple-response questions covering Security Concepts (20%), Security Monitoring (20%), Host-Based Analysis (20%), Network Intrusion Analysis (20%), and Security Policies and Procedures (20%)
  • Time limit: 120 minutes
  • Exam fee: $300 USD

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CCNA Cybersecurity (200-201 CCNACBR) Study Tips from Top Performers

1Master the NIST incident response lifecycle phases — exam questions frequently test the correct phase for a given action
2Practice reading Snort/Suricata rules and identifying which rule component matches which traffic pattern
3Know your TCP/IP fundamentals cold — three-way handshake, flags, common ports, and how attackers exploit each protocol
4Learn the difference between NetFlow (summarized metadata) and full packet capture — and when each is useful
5Understand Windows Event Log IDs (4624 login success, 4625 login failure, 4688 process creation) for host-based analysis questions
6Study the CIA triad in context — know which security control addresses which leg (confidentiality, integrity, or availability)

Frequently Asked Questions

What is the CCNA Cybersecurity (200-201 CCNACBR) exam?

The CCNA Cybersecurity exam (200-201 CCNACBR v1.2, formerly CBROPS) is a 120-minute associate-level exam that validates foundational cybersecurity operations knowledge. It covers security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies & procedures. Passing earns the CCNA Cybersecurity certification.

How much does the CCNA Cybersecurity exam cost?

The 200-201 CCNACBR exam costs $300 USD per attempt at Pearson VUE testing centers or via online proctoring. Optional instructor-led training from Cisco Learning Partners typically runs $2,000-$3,500.

What is the passing score for CCNA Cybersecurity?

Cisco does not publish an exact passing score. Like most Cisco exams, the score is reported on a 300-1000 scale, with the cut commonly cited between 750 and 825 depending on the exam form.

Is CCNA Cybersecurity the same as the old CyberOps Associate?

Yes. The exam was originally called CBROPS (Understanding Cisco Cybersecurity Operations Fundamentals) under the Cisco CyberOps Associate certification. It was rebranded first to Cisco Certified Cybersecurity Associate in January 2025, then to CCNA Cybersecurity in February 2026. The exam code changed from CBROPS to CCNACBR but the 200-201 number and core content remain the same at v1.2.

How should I prepare for the CCNA Cybersecurity exam?

Combine Cisco's official CBROPS/CCNACBR course (or self-study), hands-on labs with Wireshark and a SIEM (Splunk, Cisco SecureX), and timed practice questions. Focus on packet analysis, IDS/IPS rule interpretation, incident response lifecycle, and log correlation.