Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Network Security practice sets

ISC2 CC Network Security • Complete Question Bank

ISC2 CC Network Security — All Questions With Answers

Complete ISC2 CC Network Security question bank — all 0 questions with answers and detailed explanations.

70
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Network Security/All Questions
Question 1easymultiple choice
Read the full Network Security explanation →

A security analyst notices that an internal web server is receiving a high volume of TCP SYN packets from a single external IP address, but the server is not sending SYN-ACK replies. The server's CPU and memory usage are normal. What is the most likely cause?

Question 2mediummultiple choice
Read the full Network Security explanation →

A network administrator is designing a DMZ to host a public-facing web server and a database server that should only be accessible from the web server. Which of the following firewall rule sets best achieves this design?

Question 3hardmultiple choice
Read the full Network Security explanation →

A company's network uses 802.1X authentication with PEAP-MSCHAPv2 on wired ports. Users report that after a recent switch firmware update, some workstations fail to authenticate intermittently, while others work fine. The authentication server logs show 'Authentication failed: Unknown CA certificate' for affected workstations. What is the most likely cause?

Question 4easymultiple choice
Review the full subnetting walkthrough →

A security engineer is configuring a network intrusion detection system (NIDS) to monitor traffic on a critical subnet. To minimize false positives, which of the following should the engineer baseline first?

Question 5mediummultiple choice
Read the full VPN explanation →

A company's remote access VPN uses IPsec with pre-shared keys. Employees report that they cannot connect from home. The VPN server logs show 'IKE authentication failed.' The help desk confirms the pre-shared keys are correct. Which of the following is the most likely cause?

Question 6hardmultiple choice
Read the full Network Security explanation →

During a security audit, a penetration tester captures network traffic and finds that some packets have the IP ID field set to 0 and the DF (Don't Fragment) flag set. What is this technique attempting to do?

Question 7mediummulti select
Read the full wireless explanation →

Which TWO of the following are best practices for securing a wireless network? (Select exactly two.)

Question 8hardmulti select
Read the full Network Security explanation →

Which THREE of the following are characteristics of a stateful firewall? (Select exactly three.)

Question 9mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. An administrator configures the above ACLs on a router. The goal is to allow internal users (192.168.1.0/24) to browse the web, and to allow SSH management from the internet to a server at 10.0.0.10. However, users report that they cannot browse external websites. What is the most likely reason?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group OUTBOUND out
!
interface GigabitEthernet0/2
 ip address 10.0.0.1 255.255.255.0
 ip access-group INBOUND in
!
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any
!
access-list 110 permit tcp any host 10.0.0.10 eq 22
access-list 110 permit icmp any host 10.0.0.10 echo-reply
access-list 110 deny ip any any
Question 10hardmultiple choice
Read the full Network Security explanation →

Refer to the exhibit. An IDS generates this alert for traffic from an internal server (10.1.1.50) to an external IP on port 443. The security team investigates and finds that the server is a web application that normally uses TLS 1.2. What does this alert most likely indicate?

Exhibit

Refer to the exhibit.

[IDS Alert Log]
Timestamp: 2024-03-15 10:23:45
Signature: ET POLICY Outgoing SSLv3 Handshake (Possible SSL Stripping)
Source IP: 10.1.1.50
Destination IP: 203.0.113.10
Protocol: TCP
Port: 443
Payload: [Hex dump of ClientHello with version 3.0]
Question 11hardmultiple choice
Open the full VLAN trunking answer →

A medium-sized company uses a network with three VLANs: VLAN 10 (Users, 192.168.10.0/24), VLAN 20 (Servers, 192.168.20.0/24), and VLAN 30 (DMZ, 192.168.30.0/24). A Layer 3 switch with an ACL is used for inter-VLAN routing. The company has a web server in the DMZ that must be accessible from the internet (via a public IP mapped to 192.168.30.10). Users in VLAN 10 need to access the web server on its private IP (192.168.30.10) for internal testing. The ACL is applied inbound on the VLAN 10 SVI. The ACL currently has the following entries: permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255; deny ip any 192.168.20.0 0.0.0.255; permit ip any any. Recently, the security team noticed that users can access the web server on its private IP, but they cannot access the web server via the public IP (which goes through the firewall and then to the DMZ). The firewall logs show that traffic from the users to the public IP is allowed and reaches the DMZ web server, but the return traffic is blocked. The web server's default gateway is the Layer 3 switch (192.168.30.1). Which of the following is the most likely cause of the problem?

Question 12easymulti select
Read the full Network Security explanation →

A network security team is implementing a defense-in-depth strategy. Which TWO of the following controls are examples of network segmentation? (Choose two.)

Question 13mediummultiple choice
Read the full Network Security explanation →

Based on the exhibit, what is the most likely result of the client's HTTP request?

Exhibit

Refer to the exhibit.

Router# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group BLOCK_HTTP in
!
ip access-list extended BLOCK_HTTP
 deny tcp any any eq 80
 permit ip any any

A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.
Question 14hardmultiple choice
Open the full VLAN trunking answer →

You are the network security lead for a medium-sized financial firm with 500 employees. The network consists of a core switch, distribution switches, and access switches. There are three main VLANs: VLAN 10 (Management - 192.168.10.0/24), VLAN 20 (Finance - 192.168.20.0/24), and VLAN 30 (Guest Wi-Fi - 192.168.30.0/24). The network uses a single firewall with three interfaces: inside (trusted), outside (untrusted), and DMZ. The firewall is configured with default-deny rules. Recently, the helpdesk reported that employees in the Finance VLAN cannot access a web-based accounting application hosted on a server at 10.0.0.5, which is in the DMZ. The server's default gateway is the firewall's DMZ interface (10.0.0.1). The accounting application runs on HTTPS (TCP 443). Employees in the Management VLAN can access the application without issue. You have verified that the Finance VLAN has connectivity to the firewall's inside interface (192.168.20.1). The firewall's inside interface has an IP of 192.168.20.1. There is no ACL on the inside interface. The firewall's DMZ interface has an ACL permitting TCP/443 from any to 10.0.0.5. The firewall's routing table shows a route to 10.0.0.0/24 via DMZ interface. What is the most likely cause of the issue?

Question 15mediumdrag order
Read the full Network Security explanation →

Drag and drop the steps for the incident response process according to NIST into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediumdrag order
Read the full Network Security explanation →

Drag and drop the steps to recover a system from a verified backup after a ransomware attack into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediummatching
Read the full Network Security explanation →

Match each network security concept to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Filters traffic based on rules

Segments public-facing servers

Maps private to public IPs

Encrypts data over public networks

Monitors for suspicious activity

Question 18mediummatching
Read the full Network Security explanation →

Match each risk management term to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Weakness in a system

Potential cause of harm

Likelihood and impact of a threat exploiting a vulnerability

Control to mitigate risk

Question 19easymultiple choice
Read the full Network Security explanation →

A network administrator notices unusual traffic from an internal workstation to an external IP address on port 443. The workstation has no business reason for such communication. Which action should the administrator take first?

Question 20mediummultiple choice
Read the full Network Security explanation →

A security engineer is designing a DMZ for a web server that must be accessible from the internet. The web server needs to query an internal database server. Which network security approach best limits exposure?

Question 21hardmultiple choice
Read the full Network Security explanation →

During a penetration test, an analyst discovers that a company's internal network has a switch configured with port security that allows only one MAC address per port. However, the analyst is able to plug a rogue device into a wall jack and successfully gain network access. What is the most likely weakness in this configuration?

Question 22easymultiple choice
Read the full Network Security explanation →

A company wants to allow remote employees to securely access internal resources over the internet. Which technology is most appropriate?

Question 23mediummultiple choice
Read the full Network Security explanation →

An organization has implemented a network-based intrusion prevention system (IPS) in inline mode. After deployment, users report that legitimate web traffic is being blocked. What is the most likely cause?

Question 24hardmultiple choice
Read the full Network Security explanation →

A security analyst reviews firewall logs and notices a large number of outbound connections from a single internal IP to a known malicious IP on port 445. The analyst quarantines the workstation and runs an antivirus scan, which finds no malware. What should the analyst do next?

Question 25easymultiple choice
Read the full Network Security explanation →

Which of the following is a primary benefit of implementing network segmentation?

Question 26mediummultiple choice
Read the full wireless explanation →

A network administrator is configuring a wireless network for a small office. Security requirements include strong encryption and pre-shared key authentication. Which protocol should be used?

Question 27hardmultiple choice
Read the full Network Security explanation →

A company uses a stateful firewall. A user reports that an application requiring multiple dynamic ports is not working. The firewall logs show that packets from the server are being dropped. What is the most likely cause?

Question 28mediummulti select
Read the full VPN explanation →

Which two of the following are common methods to secure a virtual private network (VPN) connection? (Choose two.)

Question 29hardmulti select
Read the full Network Security explanation →

A security team is investigating a potential ARP spoofing attack on the local network. Which two measures can effectively detect or prevent such attacks? (Choose two.)

Question 30mediummulti select
Read the full Network Security explanation →

Which three of the following are best practices for securing a network switch? (Choose three.)

Question 31easymultiple choice
Read the full Network Security explanation →

Refer to the exhibit. A network administrator configured the above on a switch port. After connecting a single workstation, the port goes into err-disabled state within minutes. What is the most likely cause?

Exhibit

interface GigabitEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 2
 switchport port-security violation shutdown
 switchport port-security mac-address sticky
Question 32mediummultiple choice
Read the full Network Security explanation →

Refer to the exhibit. A security engineer applies this S3 bucket policy to restrict access. Users outside the 10.0.0.0/16 network report being denied access, which is expected. However, users inside that network also report access denied. What is the likely issue?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::company-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/16"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": "10.0.0.0/16"
        }
      }
    }
  ]
}
Question 33hardmultiple choice
Read the full Network Security explanation →

Refer to the exhibit. A security analyst runs the above iptables command on a Linux server. The server is configured with a default policy of DROP on the INPUT chain. Users report they can SSH to the server but cannot ping it. What is the most likely reason?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/010 840 ACCEPT tcp5 300 ACCEPT tcp0 0 ACCEPT icmp50 3200 DROP alleth0 * 0.0.0.0/0iptables -L -n -v
Question 34mediummultiple choice
Read the full NAT/PAT explanation →

A company recently experienced a DoS attack targeting their web server. They want to implement a solution that can differentiate between legitimate traffic and attack traffic based on behavior patterns. Which technology should they deploy?

Question 35easymultiple choice
Read the full Network Security explanation →

A network administrator needs to provide secure remote access to internal resources for employees working from home. The solution must encrypt all traffic and authenticate users before granting access. Which protocol should be used?

Question 36easymultiple choice
Read the full Network Security explanation →

An organization has multiple network segments for accounting, HR, and engineering. They want to prevent unauthorized traffic between segments while allowing necessary communication. Which security control should be implemented?

Question 37easymultiple choice
Read the full VPN explanation →

A security analyst notices repeated failed login attempts from a single external IP address targeting the company's VPN concentrator. Which type of attack is most likely occurring?

Question 38easymultiple choice
Read the full Network Security explanation →

A network engineer is configuring a firewall rule to allow inbound HTTPS traffic to a web server. Which port must be opened?

Question 39mediummultiple choice
Read the full Network Security explanation →

An organization wants to detect and alert on potential network intrusions but does not want to risk blocking legitimate traffic. Which system should they deploy?

Question 40mediummultiple choice
Read the full wireless explanation →

A company's network uses 802.1X authentication for wired and wireless access. Which component authenticates the user credentials against an identity store?

Question 41mediummultiple choice
Read the full Network Security explanation →

A security administrator is concerned about MAC address spoofing on the network. Which technology can help mitigate this risk by associating a specific MAC address with a port?

Question 42mediummultiple choice
Read the full Network Security explanation →

During a security assessment, a penetration tester captures unencrypted credentials over the network. Which protocol is most likely being used?

Question 43mediummulti select
Read the full Network Security explanation →

A security administrator is reviewing network security controls. Which TWO of the following are examples of network segmentation technologies? (Select TWO)

Question 44easymulti select
Read the full wireless explanation →

Which TWO of the following are common methods to authenticate users on a wireless network? (Select TWO)

Question 45hardmulti select
Read the full Network Security explanation →

A network administrator is implementing a defense-in-depth strategy. Which THREE of the following are considered network security controls? (Select THREE)

Question 46mediummultiple choice
Read the full Network Security explanation →

Refer to the exhibit. Based on the exhibit, which traffic will be permitted?

Exhibit

access-list 100 deny ip 10.0.1.0 0.0.0.255 any log
access-list 100 permit tcp any host 192.168.1.100 eq 80
access-list 100 deny ip any any
Question 47easymultiple choice
Read the full Network Security explanation →

Refer to the exhibit. Based on the exhibit, why was the packet denied?

Exhibit

Mar 15 14:23:45 192.168.1.1 %FW-3-DENY: deny tcp 10.0.0.10:12345 -> 203.0.113.5:80 due to access-group INTERNET_IN
Question 48hardmultiple choice
Read the full Network Security explanation →

Refer to the exhibit. Based on the exhibit, which statement best describes the effect of this policy?

Exhibit

{
  "Effect": "Allow",
  "Action": "ec2:DescribeInstances",
  "Resource": "*",
  "Condition": {
    "IpAddress": {
      "aws:SourceIp": "10.0.0.0/16"
    }
  }
}
Question 49easymultiple choice
Read the full Network Security explanation →

A company wants to segment its network into separate broadcast domains to improve performance and security. Which device should be used to achieve this?

Question 50easymultiple choice
Read the full Network Security explanation →

A helpdesk technician receives a report that a user in the finance department cannot access a shared folder on the server. The same server is accessible from other departments. What is the most likely cause?

Question 51easymultiple choice
Read the full Network Security explanation →

Which of the following protocols provides secure remote administration of a network device over an untrusted network?

Question 52mediummultiple choice
Read the full Network Security explanation →

A network administrator is configuring a DMZ for a company's web and email servers. Which firewall rule is most appropriate for traffic from the internet to the DMZ?

Question 53mediummultiple choice
Read the full wireless explanation →

A company uses WPA2-Enterprise for wireless authentication. What additional security measure should be implemented to protect against rogue access points?

Question 54mediummultiple choice
Read the full VPN explanation →

A network administrator needs to allow secure remote access for teleworkers. Which VPN protocol provides the best confidentiality and integrity while using a single UDP port?

Question 55hardmultiple choice
Open the full VLAN trunking answer →

A security auditor discovers that during a VLAN hopping attack, a threat actor was able to send frames from a workstation on VLAN 10 to a target on VLAN 20. Which configuration flaw is most likely responsible?

Question 56hardmultiple choice
Read the full Network Security explanation →

A company's network uses a perimeter firewall and an internal firewall. The DMZ sits between them. A new application server needs to be accessible from the internet on TCP port 8443 and must be able to make outbound HTTPS connections to an external license server. Which firewall rules should be implemented? (Assume default deny)

Question 57hardmultiple choice
Read the full Network Security explanation →

A security engineer is reviewing logs and notices that an internal server is receiving excessive SYN packets from an external IP, but never completing the three-way handshake. What type of attack is likely occurring?

Question 58easymulti select
Read the full Network Security explanation →

An organization wants to protect against man-in-the-middle attacks on a switched network. Which TWO measures should be implemented? (Choose two.)

Question 59mediummulti select
Read the full Network Security explanation →

Which TWO technologies provide network segmentation? (Choose two.)

Question 60hardmulti select
Read the full Network Security explanation →

Which THREE security mechanisms should be implemented to secure a network against ARP spoofing attacks? (Choose three.)

Question 61mediummultiple choice
Read the full Network Security explanation →

Refer to the exhibit. A network administrator configured the following firewall rules. After implementation, users from the internal network cannot browse the internet. Which element is causing the issue?

Exhibit

rule id=10 action=deny source=any destination=any service=http,https
rule id=20 action=allow source=internal_network destination=any service=http,https
rule id=30 action=allow source=any destination=dmz service=http
Question 62hardmultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. The network administrator configured NAT as shown. Internal hosts can access the internet, but no external hosts can access the company's web server (192.168.1.10). What is the issue?

Exhibit

ip nat inside source static tcp 192.168.1.10 80 200.100.50.1 80
ip nat pool POOL 200.100.50.1 200.100.50.10 netmask 255.255.255.0
ip nat inside source list 1 pool POOL overload
access-list 1 permit 192.168.1.0 0.0.0.255
interface GigabitEthernet0/0
 ip address 200.100.50.1 255.255.255.0
 ip nat outside
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
Question 63easymultiple choice
Review the full routing breakdown →

A small company has a single flat network with no segmentation. They recently experienced a malware outbreak that spread quickly across all devices. The IT manager wants to implement network segmentation to contain future outbreaks with minimal cost and complexity. The company currently has a single switch and a router/firewall appliance. The network consists of three departments: Sales, HR, and Engineering. After analyzing the requirements, what is the best course of action?

Question 64easymultiple choice
Read the full Network Security explanation →

A network administrator is troubleshooting a connectivity issue between two segments separated by a firewall. The firewall rule allows traffic from 10.1.1.0/24 to 10.2.2.0/24 on TCP 443. Users in 10.1.1.0/24 can access the web server at 10.2.2.10, but users in 10.2.2.0/24 cannot access a web server in 10.1.1.0/24. What is the most likely cause?

Question 65mediummultiple choice
Read the full wireless explanation →

A security engineer is designing a network for a small business that needs to segregate guest Wi-Fi from the internal corporate network. The guest network should have internet access only, with no access to internal resources. Which of the following is the BEST design approach?

Question 66hardmulti select
Read the full Network Security explanation →

Which TWO of the following are recognized as benefits of network segmentation?

Question 67mediummultiple choice
Open the full VLAN trunking answer →

A small company with 50 employees uses a flat network with no VLANs. They recently experienced a ransomware attack that spread from an infected workstation to a file server. The IT manager wants to implement network segmentation to prevent future lateral movement. The company uses a single /24 subnet (192.168.1.0/24) with a single switch and a router/firewall. They have three departments: Sales, HR, and IT. Each department has about 15-20 computers. The file server is in the IT department. The company has a limited budget and cannot purchase new hardware. Which of the following is the MOST effective and practical approach to segment the network given these constraints?

Question 68hardmultiple choice
Read the full Network Security explanation →

A medium-sized enterprise uses a Cisco ASA firewall configured with multiple security zones (Inside, Outside, DMZ). The DMZ hosts a web server that must be accessible from the Internet on TCP 443. The Inside network (10.0.0.0/24) hosts internal clients. The web server has IP 172.16.0.10. The firewall's current rules: allow any from Outside to DMZ on TCP 443; allow any from Inside to Outside; deny all else. Recently, the security team noticed that an attacker compromised the web server and used it to launch an attack against an internal database server at 10.0.0.50. The attack was successful because the firewall allowed traffic from the DMZ to the Inside. The firewall's default behavior is to deny traffic from lower security zones to higher security zones (DMZ is lower than Inside). What is the MOST likely reason this traffic was allowed?

Question 69easymultiple choice
Read the full VPN explanation →

A network technician is setting up a remote access VPN for employees using IPsec. The company's firewall is configured to allow IPsec traffic. Employees report that they can successfully establish the VPN connection (tunnel appears up), but they cannot ping or access any internal resources (e.g., file servers). The firewall logs show that packets from the VPN client IP addresses are being dropped at the firewall interface. Which of the following is the MOST likely cause of this issue?

Question 70mediummultiple choice
Read the full Network Security explanation →

A company uses a proxy server for internet access. Employees can browse websites (HTTP/HTTPS), but they cannot connect to external FTP servers using FTP client software (e.g., FileZilla). The proxy is configured to allow HTTP and HTTPS only. The security team wants to allow FTP while maintaining security (e.g., logging and filtering). The FTP traffic is used for occasional file transfers with partners. Which of the following is the BEST solution to meet both requirements?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 10 Questions→ISC2 CC Practice Test 2 — 10 Questions→ISC2 CC Practice Test 3 — 10 Questions→ISC2 CC Practice Test 4 — 10 Questions→ISC2 CC Practice Test 5 — 10 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Access Controls ConceptsBusiness Continuity, DR & Incident ResponseSecurity PrinciplesNetwork SecuritySecurity Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Network Security setsAll Network Security questionsISC2 CC Practice Hub