Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›CC›Objectives›Network Security
Objective 4.0

Network Security

CC Practice Questions

Use this page to practise Network Security questions for this certification. Focus on how the exam tests network security in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

CC Network Security — Key Topics

Network Security questions on this certification test your ability to deploy and manage network security concepts in scenario-based situations.

  • Core Network Security concepts and how they apply in real-world cloud scenarios.
  • How to deploy network security correctly and verify the outcome.
  • Troubleshooting network security issues by interpreting error output and system state.
  • Cloud best practices and Network Security design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Network Security

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

CC Network Security — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

A security analyst notices that an internal web server is receiving a high volume of TCP SYN packets from a single external IP address, but the server is not sending SYN-ACK replies. The server's CPU and memory usage are normal. What is the most likely cause?

Question 3mediummultiple choice
Full question →

A network administrator is designing a DMZ to host a public-facing web server and a database server that should only be accessible from the web server. Which of the following firewall rule sets best achieves this design?

Question 4hardmultiple choice
Full question →

A company's network uses 802.1X authentication with PEAP-MSCHAPv2 on wired ports. Users report that after a recent switch firmware update, some workstations fail to authenticate intermittently, while others work fine. The authentication server logs show 'Authentication failed: Unknown CA certificate' for affected workstations. What is the most likely cause?

Question 5easymultiple choice
Review the full subnetting walkthrough →

A security engineer is configuring a network intrusion detection system (NIDS) to monitor traffic on a critical subnet. To minimize false positives, which of the following should the engineer baseline first?

Question 6mediummultiple choice
Read the full VPN explanation →

A company's remote access VPN uses IPsec with pre-shared keys. Employees report that they cannot connect from home. The VPN server logs show 'IKE authentication failed.' The help desk confirms the pre-shared keys are correct. Which of the following is the most likely cause?

Question 7hardmultiple choice
Full question →

During a security audit, a penetration tester captures network traffic and finds that some packets have the IP ID field set to 0 and the DF (Don't Fragment) flag set. What is this technique attempting to do?

Question 8mediummulti select
Read the full wireless explanation →

Which TWO of the following are best practices for securing a wireless network? (Select exactly two.)

Question 9hardmulti select
Full question →

Which THREE of the following are characteristics of a stateful firewall? (Select exactly three.)

Question 10mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. An administrator configures the above ACLs on a router. The goal is to allow internal users (192.168.1.0/24) to browse the web, and to allow SSH management from the internet to a server at 10.0.0.10. However, users report that they cannot browse external websites. What is the most likely reason?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group OUTBOUND out
!
interface GigabitEthernet0/2
 ip address 10.0.0.1 255.255.255.0
 ip access-group INBOUND in
!
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any
!
access-list 110 permit tcp any host 10.0.0.10 eq 22
access-list 110 permit icmp any host 10.0.0.10 echo-reply
access-list 110 deny ip any any
Question 11hardmultiple choice
Full question →

Refer to the exhibit. An IDS generates this alert for traffic from an internal server (10.1.1.50) to an external IP on port 443. The security team investigates and finds that the server is a web application that normally uses TLS 1.2. What does this alert most likely indicate?

Exhibit

Refer to the exhibit.

[IDS Alert Log]
Timestamp: 2024-03-15 10:23:45
Signature: ET POLICY Outgoing SSLv3 Handshake (Possible SSL Stripping)
Source IP: 10.1.1.50
Destination IP: 203.0.113.10
Protocol: TCP
Port: 443
Payload: [Hex dump of ClientHello with version 3.0]
Question 12hardmultiple choice
Open the full VLAN trunking answer →

A medium-sized company uses a network with three VLANs: VLAN 10 (Users, 192.168.10.0/24), VLAN 20 (Servers, 192.168.20.0/24), and VLAN 30 (DMZ, 192.168.30.0/24). A Layer 3 switch with an ACL is used for inter-VLAN routing. The company has a web server in the DMZ that must be accessible from the internet (via a public IP mapped to 192.168.30.10). Users in VLAN 10 need to access the web server on its private IP (192.168.30.10) for internal testing. The ACL is applied inbound on the VLAN 10 SVI. The ACL currently has the following entries: permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255; deny ip any 192.168.20.0 0.0.0.255; permit ip any any. Recently, the security team noticed that users can access the web server on its private IP, but they cannot access the web server via the public IP (which goes through the firewall and then to the DMZ). The firewall logs show that traffic from the users to the public IP is allowed and reaches the DMZ web server, but the return traffic is blocked. The web server's default gateway is the Layer 3 switch (192.168.30.1). Which of the following is the most likely cause of the problem?

Question 13easymulti select
Full question →

A network security team is implementing a defense-in-depth strategy. Which TWO of the following controls are examples of network segmentation? (Choose two.)

Question 14mediummultiple choice
Full question →

Based on the exhibit, what is the most likely result of the client's HTTP request?

Exhibit

Refer to the exhibit.

Router# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group BLOCK_HTTP in
!
ip access-list extended BLOCK_HTTP
 deny tcp any any eq 80
 permit ip any any

A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.
Question 15hardmultiple choice
Open the full VLAN trunking answer →

You are the network security lead for a medium-sized financial firm with 500 employees. The network consists of a core switch, distribution switches, and access switches. There are three main VLANs: VLAN 10 (Management - 192.168.10.0/24), VLAN 20 (Finance - 192.168.20.0/24), and VLAN 30 (Guest Wi-Fi - 192.168.30.0/24). The network uses a single firewall with three interfaces: inside (trusted), outside (untrusted), and DMZ. The firewall is configured with default-deny rules. Recently, the helpdesk reported that employees in the Finance VLAN cannot access a web-based accounting application hosted on a server at 10.0.0.5, which is in the DMZ. The server's default gateway is the firewall's DMZ interface (10.0.0.1). The accounting application runs on HTTPS (TCP 443). Employees in the Management VLAN can access the application without issue. You have verified that the Finance VLAN has connectivity to the firewall's inside interface (192.168.20.1). The firewall's inside interface has an IP of 192.168.20.1. There is no ACL on the inside interface. The firewall's DMZ interface has an ACL permitting TCP/443 from any to 10.0.0.5. The firewall's routing table shows a route to 10.0.0.0/24 via DMZ interface. What is the most likely cause of the issue?

Question 16mediumdrag order
Full question →

Drag and drop the steps for the incident response process according to NIST into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediumdrag order
Full question →

Drag and drop the steps to recover a system from a verified backup after a ransomware attack into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediummatching
Full question →

Match each network security concept to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Filters traffic based on rules

Segments public-facing servers

Maps private to public IPs

Encrypts data over public networks

Monitors for suspicious activity

Question 19mediummatching
Full question →

Match each risk management term to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Weakness in a system

Potential cause of harm

Likelihood and impact of a threat exploiting a vulnerability

Control to mitigate risk

Question 20easymultiple choice
Full question →

A network administrator notices unusual traffic from an internal workstation to an external IP address on port 443. The workstation has no business reason for such communication. Which action should the administrator take first?

Question 21mediummultiple choice
Full question →

A security engineer is designing a DMZ for a web server that must be accessible from the internet. The web server needs to query an internal database server. Which network security approach best limits exposure?

Question 22hardmultiple choice
Full question →

During a penetration test, an analyst discovers that a company's internal network has a switch configured with port security that allows only one MAC address per port. However, the analyst is able to plug a rogue device into a wall jack and successfully gain network access. What is the most likely weakness in this configuration?

Question 23easymultiple choice
Full question →

A company wants to allow remote employees to securely access internal resources over the internet. Which technology is most appropriate?

Question 24mediummultiple choice
Full question →

An organization has implemented a network-based intrusion prevention system (IPS) in inline mode. After deployment, users report that legitimate web traffic is being blocked. What is the most likely cause?

Question 25hardmultiple choice
Full question →

A security analyst reviews firewall logs and notices a large number of outbound connections from a single internal IP to a known malicious IP on port 445. The analyst quarantines the workstation and runs an antivirus scan, which finds no malware. What should the analyst do next?

Question 26easymultiple choice
Full question →

Which of the following is a primary benefit of implementing network segmentation?

Question 27mediummultiple choice
Read the full wireless explanation →

A network administrator is configuring a wireless network for a small office. Security requirements include strong encryption and pre-shared key authentication. Which protocol should be used?

Question 28hardmultiple choice
Full question →

A company uses a stateful firewall. A user reports that an application requiring multiple dynamic ports is not working. The firewall logs show that packets from the server are being dropped. What is the most likely cause?

Question 29mediummulti select
Read the full VPN explanation →

Which two of the following are common methods to secure a virtual private network (VPN) connection? (Choose two.)

Question 30hardmulti select
Full question →

A security team is investigating a potential ARP spoofing attack on the local network. Which two measures can effectively detect or prevent such attacks? (Choose two.)

Question 31mediummulti select
Full question →

Which three of the following are best practices for securing a network switch? (Choose three.)

More Network Security questions available in the full practice test.

Continue Practising →
←

Previous objective

Security Principles

Next objective

Security Operations

→

All CC Objectives

  • 1.Security Principles
  • 4.Network Security
  • 5.Security Operations