Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Network Security practice sets

ISC2 CC Network Security • Complete Question Bank

ISC2 CC Network Security — All Questions With Answers

Complete ISC2 CC Network Security question bank — all 0 questions with answers and detailed explanations.

120
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Network Security/All Questions
Question 1easymultiple choice
Review the full routing breakdown →

Which OSI layer is responsible for routing packets across networks using IP addresses?

Question 2easymultiple choice
Read the full Network Security explanation →

A security analyst notices unusual traffic from an internal workstation to an external IP address on port 25. Which protocol is most likely being used?

Question 3mediummultiple choice
Open the full VLAN trunking answer →

In the OSI model, which layer uses MAC addresses to forward frames and supports VLANs?

Question 4mediummultiple choice
Read the full Network Security explanation →

An attacker captures network traffic and forges the source IP address to impersonate a trusted host. Which type of network threat is this?

Question 5hardmultiple choice
Read the full Network Security explanation →

A security engineer is configuring a network security device that can block malicious HTTP requests based on application-layer inspection. Which device type is most suitable?

Question 6easymultiple choice
Read the full Network Security explanation →

Which TCP segment is sent to initiate the three-way handshake?

Question 7mediummultiple choice
Read the full DNS explanation →

An organization wants to place its public web server, email server, and DNS server in a network that is accessible from the internet but isolated from the internal corporate network. Which network design should be used?

Question 8mediummultiple choice
Read the full Network Security explanation →

Which firewall type inspects the entire packet, including application data, and can enforce rules based on user identity?

Question 9hardmultiple choice
Read the full Network Security explanation →

A security analyst detects an ARP spoofing attack on the local network. What is the primary goal of an ARP spoofing attack?

Question 10easymultiple choice
Read the full Network Security explanation →

Which protocol is considered insecure because it transmits data in cleartext, including passwords?

Question 11hardmultiple choice
Read the full Network Security explanation →

During a DDoS attack, a company's web server is overwhelmed with a high volume of SYN packets from spoofed IP addresses, never completing the TCP handshake. Which type of attack is this?

Question 12mediummultiple choice
Read the full Network Security explanation →

Which security control would best mitigate the risk of network sniffing on a wired LAN segment?

Question 13mediummulti select
Read the full DNS explanation →

A network administrator is designing a DMZ to host a web server, an email server, and a DNS server. Which TWO of the following principles should be applied to secure the DMZ? (Select TWO.)

Question 14hardmulti select
Read the full Network Security explanation →

An organization is selecting a network security solution to protect against advanced threats. Which THREE features are characteristic of a Next-Generation Firewall (NGFW)? (Select THREE.)

Question 15mediummulti select
Read the full Network Security explanation →

A security team is investigating a potential man-in-the-middle attack. Which TWO of the following are common techniques used in MITM attacks? (Select TWO.)

Question 16easymultiple choice
Read the full Network Security explanation →

A security analyst notices unusual traffic on the network and wants to capture packets for analysis without altering traffic. Which device should they use?

Question 17mediummultiple choice
Read the full Network Security explanation →

A company wants to isolate its public web server from internal networks to reduce risk. The server must be accessible from the internet. Which network architecture should be used?

Question 18hardmultiple choice
Read the full Network Security explanation →

An attacker sends forged ARP messages to associate their MAC address with the IP address of a legitimate server. This allows the attacker to intercept traffic intended for that server. What is this attack?

Question 19mediummultiple choice
Read the full Network Security explanation →

Which transport layer protocol is used by voice over IP (VoIP) applications that require low latency and can tolerate some packet loss?

Question 20easymultiple choice
Read the full Network Security explanation →

A firewall that filters traffic based solely on source and destination IP addresses and ports without considering the state of connections is known as a:

Question 21mediummultiple choice
Read the full Network Security explanation →

An organization wants to implement a network security device that can block malicious traffic in real-time and must be placed inline. Which device should be chosen?

Question 22hardmultiple choice
Read the full Network Security explanation →

Which of the following is a common mitigation technique for a SYN flood attack?

Question 23mediummultiple choice
Read the full Network Security explanation →

A technician is configuring a firewall to allow secure web traffic. Which port and protocol should be permitted?

Question 24easymultiple choice
Review the full routing breakdown →

Which layer of the OSI model is responsible for routing packets across networks?

Question 25mediummultiple choice
Read the full Network Security explanation →

An attacker intercepts communications between a client and server by establishing independent connections with each. The client believes it is talking to the server, but the attacker relays messages. What is this attack?

Question 26hardmultiple choice
Read the full Network Security explanation →

Which of the following is a characteristic of a stateful firewall that distinguishes it from a stateless firewall?

Question 27easymultiple choice
Read the full Network Security explanation →

Which protocol is used to resolve IP addresses to MAC addresses on a local network?

Question 28mediummulti select
Read the full Network Security explanation →

A security analyst is investigating a potential DDoS attack on the company's web server. Which two symptoms are indicative of a SYN flood attack? (Select TWO.)

Question 29hardmulti select
Read the full Network Security explanation →

An organization wants to implement network segmentation to improve security. Which three methods are commonly used for network segmentation? (Select THREE.)

Question 30mediummulti select
Read the full Network Security explanation →

Which two of the following are best practices to mitigate man-in-the-middle attacks? (Select TWO.)

Question 31easymultiple choice
Review the full routing breakdown →

Which OSI layer is responsible for routing packets based on IP addresses?

Question 32mediummultiple choice
Read the full Network Security explanation →

An attacker captures network traffic using Wireshark and reads unencrypted emails. Which security goal is most directly compromised?

Question 33mediummultiple choice
Read the full Network Security explanation →

A network administrator wants to control traffic based on source and destination IP addresses and port numbers, while also tracking the state of connections. Which type of firewall should they choose?

Question 34hardmultiple choice
Read the full Network Security explanation →

A security analyst notices a high volume of ICMP Echo Reply packets from an external server to an internal host that never sent Echo Requests. Which type of attack is likely occurring?

Question 35easymultiple choice
Read the full Network Security explanation →

Which protocol is used to resolve IP addresses to MAC addresses on a local network?

Question 36mediummultiple choice
Read the full Network Security explanation →

A company places a web server and an email server in a separate network segment that is accessible from the internet but isolated from the internal LAN. What is this segment called?

Question 37hardmultiple choice
Read the full Network Security explanation →

An organization wants to prevent malicious HTTP requests targeting a web application. Which security device is specifically designed for this purpose?

Question 38easymultiple choice
Read the full Network Security explanation →

Which of the following is a connectionless, unreliable transport protocol?

Question 39mediummultiple choice
Read the full Network Security explanation →

An attacker intercepts communication between two parties by sending forged ARP messages. This is an example of which type of attack?

Question 40mediummultiple choice
Read the full Network Security explanation →

Which of the following ports is used by HTTPS for secure web traffic?

Question 41easymultiple choice
Read the full Network Security explanation →

What is the primary difference between an IDS and an IPS?

Question 42hardmultiple choice
Read the full Network Security explanation →

A network engineer wants to mitigate ARP spoofing attacks. Which of the following is the most effective technique?

Question 43mediummulti select
Read the full Network Security explanation →

A security analyst is investigating a potential DDoS attack. Which of the following are common indicators of a DDoS? (Choose TWO)

Question 44hardmulti select
Read the full Network Security explanation →

Which of the following are effective defenses against man-in-the-middle attacks? (Choose THREE)

Question 45mediummulti select
Read the full Network Security explanation →

A network administrator is planning to segment the network. Which of the following are valid segmentation methods? (Choose TWO)

Question 46easymultiple choice
Review the full routing breakdown →

A network administrator needs to allow secure remote management of a router. Which protocol and port should be used?

Question 47mediummultiple choice
Read the full Network Security explanation →

An organization wants to allow external users to securely access internal web applications. Which network security device is specifically designed to inspect HTTP/HTTPS traffic and block malicious requests?

Question 48hardmultiple choice
Read the full Network Security explanation →

During a penetration test, an analyst uses a tool to intercept and modify traffic between a client and server by exploiting the Address Resolution Protocol (ARP). This attack is an example of which type of threat?

Question 49easymultiple choice
Read the full Network Security explanation →

Which firewall type operates at Layer 3 and Layer 4, making decisions based solely on source/destination IP and port numbers?

Question 50mediummultiple choice
Read the full Network Security explanation →

A company's public web server is placed in a separate network segment that is accessible from the internet but isolated from the internal LAN. What is this network architecture called?

Question 51mediummultiple choice
Read the full Network Security explanation →

A security analyst detects a large number of incomplete TCP connection requests (SYN segments) directed at a server. This is indicative of which type of attack?

Question 52hardmultiple choice
Read the full Network Security explanation →

An organization decides to implement an Intrusion Prevention System (IPS) to protect its network. Which statement about an IPS compared to an IDS is correct?

Question 53easymultiple choice
Read the full Network Security explanation →

Which protocol operates at the Transport layer of the OSI model and is connectionless and unreliable?

Question 54mediummultiple choice
Read the full Network Security explanation →

A network administrator is configuring a switch to logically separate the Accounting and HR departments on the same physical switch. Which technology should be used?

Question 55mediummultiple choice
Read the full Network Security explanation →

An attacker sends an email to an employee that appears to come from the CEO, asking for sensitive data. This is an example of which type of threat?

Question 56hardmultiple choice
Read the full Network Security explanation →

A security engineer is evaluating different firewall architectures. Which firewall type can decrypt SSL/TLS traffic, inspect the contents, and then re-encrypt it?

Question 57easymultiple choice
Review the full routing breakdown →

Which OSI layer is responsible for logical addressing and routing?

Question 58mediummulti select
Read the full Network Security explanation →

A security analyst is deploying network security devices. Which TWO of the following are characteristics of an Intrusion Detection System (IDS)?

Question 59mediummulti select
Read the full Network Security explanation →

Which THREE of the following are common mitigation techniques against Denial of Service (DoS) attacks?

Question 60hardmulti select
Open the full VLAN trunking answer →

A security team is analyzing network segmentation strategies. Which THREE of the following are benefits of using VLANs for network segmentation?

Question 61easymultiple choice
Read the full Network Security explanation →

A network administrator is troubleshooting connectivity issues and suspects a problem at the Data Link layer. Which of the following addresses would be most relevant to examine?

Question 62easymultiple choice
Read the full Network Security explanation →

Which of the following protocols operates at the Transport layer and provides reliable, connection-oriented communication?

Question 63mediummultiple choice
Read the full Network Security explanation →

An organization wants to securely manage network devices from remote locations. Which of the following protocols should be used for command-line access?

Question 64mediummultiple choice
Read the full Network Security explanation →

A security analyst detects a large number of half-open TCP connections targeting a web server. This is most likely indicative of what type of attack?

Question 65mediummultiple choice
Read the full Network Security explanation →

Which firewall type is capable of inspecting the contents of application-layer traffic, such as HTTP requests, to detect malicious patterns?

Question 66mediummultiple choice
Read the full Network Security explanation →

A company wants to host a public-facing web server and an email server while protecting the internal network. Which network architecture is best suited for this purpose?

Question 67hardmultiple choice
Read the full Network Security explanation →

An organization experiences intermittent network outages. The security team notices that the ARP cache on several switches has entries pointing to an unknown MAC address for the default gateway. Which attack is most likely occurring?

Question 68easymultiple choice
Read the full Network Security explanation →

Which of the following ports is commonly used for secure web traffic (HTTPS)?

Question 69mediummultiple choice
Read the full Network Security explanation →

A security analyst wants to detect malicious traffic on the network without affecting performance. Which type of device should be deployed?

Question 70hardmultiple choice
Read the full Network Security explanation →

During a security assessment, a penetration tester captures network traffic and notices that the source IP address in packets appears to be from a different network. Which technique is the attacker likely using?

Question 71hardmultiple choice
Read the full Network Security explanation →

A company deploys a device that inspects HTTP and HTTPS traffic to block SQL injection and cross-site scripting attacks. This device is best described as a:

Question 72easymultiple choice
Open the full VLAN trunking answer →

Which of the following is a benefit of using VLANs in a network?

Question 73mediummulti select
Read the full Network Security explanation →

A security analyst is reviewing network traffic and needs to identify which of the following protocols are inherently insecure because they transmit data in cleartext. (Select TWO.)

Question 74mediummulti select
Read the full Network Security explanation →

An organization wants to ensure that only authorized devices can connect to the wired network. Which TWO methods can be used to enforce this?

Question 75hardmulti select
Read the full Network Security explanation →

A company is experiencing a distributed denial-of-service (DDoS) attack that is overwhelming the network bandwidth. Which THREE mitigation techniques are most effective?

Question 76mediummultiple choice
Read the full Network Security explanation →

A network administrator is troubleshooting connectivity issues and notices that frames are being dropped due to excessive collisions. Which OSI layer is most directly associated with this issue?

Question 77easymultiple choice
Read the full Network Security explanation →

Which protocol is used to resolve IP addresses to MAC addresses on a local network?

Question 78hardmultiple choice
Read the full Network Security explanation →

A security analyst detects a large volume of small ICMP echo request packets from multiple external sources targeting a single internal server, causing the server to become unresponsive. Which type of attack is this?

Question 79mediummultiple choice
Read the full Network Security explanation →

Which firewall type reads packet headers and also tracks the state of active connections to make filtering decisions?

Question 80easymultiple choice
Read the full Network Security explanation →

An organization wants to segment its network so that public-facing servers are isolated from internal users. Which network design component should be used?

Question 81mediummultiple choice
Read the full Network Security explanation →

Which of the following is a security concern associated with the Telnet protocol?

Question 82hardmultiple choice
Read the full Network Security explanation →

An attacker sends a forged ARP response to a switch, associating the attacker's MAC address with the IP address of the default gateway. The switch updates its ARP cache accordingly. This is an example of which attack?

Question 83mediummultiple choice
Read the full Network Security explanation →

An IT administrator wants to inspect HTTP traffic for malicious payloads such as SQL injection. Which network security device is most appropriate?

Question 84easymultiple choice
Read the full Network Security explanation →

Which protocol operates at the Transport layer and provides reliable, connection-oriented data delivery?

Question 85mediummultiple choice
Read the full Network Security explanation →

A company deploys a network security device that can block malicious traffic in real-time by inspecting packet payloads and application data. However, the device occasionally blocks legitimate traffic. Which device is described?

Question 86hardmultiple choice
Read the full Network Security explanation →

An organization uses a network segmentation strategy that creates separate broadcast domains on a single switch. Which technology is being used?

Question 87easymultiple choice
Read the full Network Security explanation →

Which of the following ports is used by HTTPS?

Question 88mediummulti select
Read the full Network Security explanation →

A security analyst is reviewing network traffic and notices that some devices are using a protocol that does not guarantee delivery and has no error recovery. Which TWO transport layer protocols fit this description? (Select TWO)

Question 89mediummulti select
Read the full Network Security explanation →

An organization wants to protect its internal network from unsolicited inbound traffic while allowing responses to outbound connections. Which TWO firewall features or types are best suited for this? (Select TWO)

Question 90hardmulti select
Read the full Network Security explanation →

A network administrator is implementing a DMZ to host a web server and an email server. Which THREE security best practices should be followed? (Select THREE)

Question 91easymultiple choice
Read the full Network Security explanation →

A security analyst notices unusual traffic on the network. Using Wireshark, they capture packets and see that an attacker is reading all unencrypted data from the network segment. Which type of attack is most likely being performed?

Question 92mediummultiple choice
Review the full routing breakdown →

Which OSI layer is responsible for logical addressing, routing, and forwarding of packets, and where does an IP address operate?

Question 93hardmultiple choice
Read the full Network Security explanation →

A company deploys a firewall that inspects packet headers and maintains a state table to track active connections. It drops any incoming packets that do not match an established connection. What type of firewall is this?

Question 94easymultiple choice
Read the full Network Security explanation →

An organization wants to separate its internal network from a publicly accessible web server. Which network segmentation technique should be used to isolate the web server while allowing controlled access?

Question 95mediummultiple choice
Read the full Network Security explanation →

A security administrator is configuring a network device that monitors traffic and generates alerts when suspicious patterns are detected. The device does not block traffic. Which type of system is being deployed?

Question 96mediummultiple choice
Read the full Network Security explanation →

An attacker sends a flood of SYN packets to a server, never completing the three-way handshake, exhausting the server's resources and causing it to become unresponsive. What type of attack is this?

Question 97hardmultiple choice
Read the full Network Security explanation →

A company is deploying a security device that inspects HTTP and HTTPS traffic, applies OWASP rules, and can block malicious requests before they reach the web server. Which device best fits this description?

Question 98mediummultiple choice
Read the full Network Security explanation →

An organization decides to implement a security control that can detect and block attacks in real-time by sitting inline in the network. Which of the following should be chosen to meet these requirements?

Question 99easymultiple choice
Read the full Network Security explanation →

Which protocol is considered insecure because it transmits data, including passwords, in cleartext, and its use should be avoided in favor of more secure alternatives?

Question 100mediummultiple choice
Read the full DNS explanation →

Which common port is used by DNS and which transport layer protocol does it primarily use?

Question 101hardmultiple choice
Open the full VLAN trunking answer →

A company's network has multiple VLANs. An attacker on VLAN 10 sends a frame with a forged source MAC address to a switch, hoping to intercept traffic intended for the default gateway. Which attack is being executed?

Question 102easymultiple choice
Read the full Network Security explanation →

Which port number is associated with HTTPS, and what protocol encrypts the communication?

Question 103mediummulti select
Read the full Network Security explanation →

A security analyst is investigating a potential man-in-the-middle attack. Which two techniques are commonly used by attackers to perform MITM attacks? (Choose two.)

Question 104mediummulti select
Open the full VLAN trunking answer →

Which three of the following are benefits of using VLANs in a network? (Choose three.)

Question 105hardmulti select
Read the full Network Security explanation →

An organization is planning to deploy a DMZ to host web and email servers accessible from the internet. Which three security best practices should be implemented for the DMZ? (Choose three.)

Question 106easymultiple choice
Review the full routing breakdown →

Which layer of the OSI model is responsible for routing packets based on IP addresses?

Question 107mediummultiple choice
Read the full Network Security explanation →

A security analyst notices an unusually high number of incomplete TCP connection requests. Which type of attack is most likely occurring?

Question 108hardmultiple choice
Read the full Network Security explanation →

An organization deploys a network security device that inspects application-layer payloads, can block malicious HTTP requests, and uses OWASP rules. Which type of device is this?

Question 109mediummultiple choice
Read the full Network Security explanation →

A network administrator needs to segment traffic between departments without additional hardware. Which technology allows this logical separation on a Layer 2 switch?

Question 110mediummultiple choice
Read the full Network Security explanation →

Which protocol is considered insecure because it transmits data, including credentials, in cleartext?

Question 111hardmultiple choice
Read the full Network Security explanation →

A security team deploys a passive device that monitors network traffic and generates alerts when it detects suspicious patterns, but it does not take any action. This device is best described as a:

Question 112mediummulti select
Read the full Network Security explanation →

A company wants to protect its internal web server from common web application attacks. Which two security measures are most appropriate? (Choose TWO.)

Question 113easymulti select
Read the full Network Security explanation →

Which two protocols operate at the Transport layer of the OSI model? (Choose TWO.)

Question 114mediummulti select
Read the full Network Security explanation →

A network engineer is designing a DMZ. Which three servers should typically be placed in the DMZ? (Choose THREE.)

Question 115hardmulti select
Read the full Network Security explanation →

An organization is experiencing network attacks where the attacker forges the source IP address. Which two types of attacks commonly use IP spoofing? (Choose TWO.)

Question 116easymulti select
Read the full Network Security explanation →

Which two of the following are characteristics of a stateful firewall? (Choose TWO.)

Question 117mediummulti select
Read the full Network Security explanation →

A security analyst wants to detect and analyze attacker behavior by deploying a decoy system. Which three characteristics apply to a honeypot? (Choose THREE.)

Question 118hardmulti select
Read the full Network Security explanation →

A company wants to mitigate the risk of a man-in-the-middle (MITM) attack. Which three measures are effective? (Choose THREE.)

Question 119mediummulti select
Read the full Network Security explanation →

Which three ports are commonly used by secure protocols? (Choose THREE.)

Question 120mediummulti select
Read the full Network Security explanation →

A network administrator needs to segment traffic and isolate sensitive systems. Which two technologies can achieve this? (Choose TWO.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 25 Questions→ISC2 CC Practice Test 2 — 25 Questions→ISC2 CC Practice Test 3 — 25 Questions→ISC2 CC Practice Test 4 — 25 Questions→ISC2 CC Practice Test 5 — 25 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Network Security setsAll Network Security questionsISC2 CC Practice Hub