Practice Mock Exam
Timed · Randomised · Graded⚡ Mock Exam — CyberOps 200-201
45 questions · 60 minutes · 350+ question pool · randomised selection & answer order · category & type breakdown including matching questions.
Start Mock Exam →Exam Domains
Official 200-201 Weights1. Security Concepts
CIA triad, access control models, security terminology, risk concepts, and cryptographic foundations.
2. Security Monitoring
Network protocols, packet analysis, log sources, SIEM, NetFlow, IDS/IPS alerts, and event correlation.
3. Host-Based Analysis
Operating system components, endpoint security tools, malware analysis, file integrity monitoring, and Windows/Linux artifacts.
4. Network Intrusion Analysis
Attack vectors, network attacks, web application attacks, social engineering, and intrusion investigation workflows.
5. Security Policies & Procedures
Incident response procedures, CSIRT, forensics, compliance frameworks, vulnerability management, and data classification.
Key Topics to Study
High-frequency exam areas- MITRE ATT&CK framework — tactics, techniques, and procedures (TTPs)
- Network protocols: TCP/IP, DNS, HTTP/S, SMTP, DHCP, FTP, and their security implications
- Intrusion detection: signature-based vs. anomaly-based detection
- Windows internals: registry, processes, event logs, and common artifacts
- Linux internals: file system hierarchy, processes, syslog, and shell artifacts
- Packet capture and analysis with Wireshark / tcpdump
- NetFlow and its role in network traffic analysis
- SIEM log correlation and alert triage
- Malware categories: viruses, worms, trojans, RATs, ransomware, rootkits
- Incident response phases: preparation, detection, containment, eradication, recovery
- Chain of custody and forensic evidence handling
- Common web attacks: SQLi, XSS, CSRF, directory traversal
- Network attacks: DoS/DDoS, ARP poisoning, DNS spoofing, MITM
- Vulnerability scoring: CVSS base, temporal, and environmental metrics
- Data loss prevention (DLP) and classification frameworks