Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCISSPDomainsCommunication and Network Security
CISSPFree — No Signup

Communication and Network Security

Practice CISSP Communication and Network Security questions with full explanations on every answer.

60questions

Start practicing

Communication and Network Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CISSP Domains

Security and Risk ManagementAsset SecuritySecurity OperationsSecurity Architecture and EngineeringCommunication and Network SecuritySecurity Assessment and TestingSoftware Development SecurityIdentity and Access Management

Practice Communication and Network Security questions

10Q20Q30Q50Q

All CISSP Communication and Network Security questions (60)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst observes a network attack where an attacker sends forged ARP messages to associate the attacker's MAC address with the IP address of the default gateway. This attack occurs at which layer of the OSI model?

2

An organization is deploying a VPN solution for remote employees. The security team requires a modern protocol with perfect forward secrecy, uses elliptic curve cryptography, and is known for its efficient, minimal codebase. Which VPN protocol should they choose?

3

A security engineer is configuring a firewall that makes decisions based on source/destination IP addresses and port numbers without tracking the state of connections. Which type of firewall is this?

4

During a security assessment, a penetration tester sends TCP SYN packets to various ports on a target server. Based on the responses, the tester determines which ports are open. This technique is commonly used at which OSI layer?

5

An organization wants to secure email communications by providing encryption and digital signatures. They require a solution that uses a web of trust model rather than a hierarchical PKI. Which protocol should they implement?

6

A network administrator is configuring SNMPv3 for monitoring network devices. The organization requires both authentication and encryption of SNMP traffic. Which combination of protocols should be used to meet this requirement?

7

Which wireless security protocol replaces the pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) to provide stronger security and forward secrecy?

8

A security analyst discovers an attack where an attacker sets up a rogue wireless access point with a legitimate SSID to trick users into connecting. Once connected, the attacker captures credentials. This type of attack is known as:

9

An organization is implementing network segmentation. They need to place publicly accessible servers (e.g., web and email) in a separate network that is isolated from the internal LAN but still allows controlled access from the internet. Which architecture should they use?

10

A company deploys DNSSEC to protect its DNS infrastructure. Which cryptographic operation does DNSSEC primarily use to ensure the authenticity and integrity of DNS data?

11

Which of the following is a key feature of TLS 1.3 that enhances security compared to earlier versions?

12

A security architect is designing a zero-trust network. Which principle is fundamental to a zero-trust architecture (ZTA) such as BeyondCorp?

13

A network engineer is configuring an IPsec VPN in tunnel mode. Which IPsec protocol provides both authentication and encryption of the entire IP packet?

14

Which type of firewall is capable of inspecting application-layer data, performing SSL decryption, and integrating intrusion prevention capabilities?

15

A company uses SSH for remote administration. To enhance security, they want to implement public-key authentication. Which statement about SSH public-key authentication is true?

16

A security team is reviewing network segmentation strategies. Which TWO of the following are benefits of using VLANs? (Select TWO.)

17

An organization is deploying a wireless network with WPA3-Enterprise. Which THREE of the following are features or improvements of WPA3 compared to WPA2? (Select THREE.)

18

A security administrator is evaluating secure file transfer protocols. Which THREE of the following protocols provide encryption for data in transit? (Select THREE.)

19

After a recent security audit, a network administrator discovers that an attacker has been intercepting traffic by associating with a legitimate access point's MAC address and broadcasting a stronger signal. Which type of attack has occurred?

20

An organization is implementing network segmentation to enhance security. They create a DMZ to host public-facing servers and want to ensure that if a server is compromised, the attacker cannot pivot to the internal network. Which firewall placement best achieves this?

21

A security engineer is evaluating VPN protocols for a remote access solution. The requirements are: strong encryption with perfect forward secrecy, support for mutual authentication, and no reliance on pre-shared keys that could be brute-forced. Which protocol best meets these requirements?

22

An attacker sends a flood of SYN packets to a server, consuming its resources and preventing legitimate connections. Which OSI layer is this attack targeting?

23

A company wants to secure email communications for its employees. They need to ensure message confidentiality and integrity, and also verify the sender's identity. Which protocol uses a hierarchical public key infrastructure (PKI) for email encryption and signing?

24

A security administrator is configuring SNMPv3 for network device monitoring. The requirement is to provide both authentication and encryption of SNMP traffic. Which combination of options should be used?

25

During a penetration test, the tester successfully performs a VLAN hopping attack by sending packets with a specific tag. Which mitigation technique is most effective at preventing double-tagging VLAN hopping?

26

Which of the following is a key feature of TLS 1.3 that enhances security compared to earlier versions?

27

A security team is implementing a zero trust architecture. Which component is essential to enforce access decisions based on user identity, device posture, and context before granting access to resources?

28

A network administrator is configuring DNSSEC to protect against DNS spoofing. Which record type is used to provide cryptographic verification of DNS data origins?

29

An organization is migrating from WPA2 to WPA3 for its wireless network. Which improvement does WPA3 provide over WPA2?

30

Which type of firewall operates at Layer 7 and can inspect application payloads, such as blocking specific SQL commands or HTTP methods?

31

During a security assessment, a penetration tester successfully performs an ARP spoofing attack, redirecting traffic through their machine. This attack exploits which protocol vulnerability?

32

A company wants to securely transfer files between systems over SSH. Which protocol should they use to leverage the existing SSH infrastructure and provide both authentication and encryption?

33

In IPsec, which protocol provides both authentication and encryption for the packet payload, but does not encrypt the IP header?

34

A security architect is designing a network segmentation strategy for a financial institution. Which TWO techniques are best suited for implementing micro-segmentation in a data center environment? (Select two.)

35

An organization is reviewing its use of SSH for remote administration. Which TWO features of SSH should be disabled or carefully managed to reduce security risks? (Select two.)

36

A company is deploying a VPN solution for remote employees using SSL/TLS VPN. Which TWO security considerations are important when implementing this type of VPN? (Select two.)

37

An incident responder is analyzing a network compromise that involved ICMP attacks. Which THREE types of ICMP attacks could have been used to disrupt network operations? (Select three.)

38

Which TWO features are true of IPsec tunnel mode compared to transport mode? (Select two.)

39

A security analyst detects an attack where the attacker sends forged ARP messages to associate the attacker's MAC address with the IP address of the default gateway. Which OSI layer is primarily targeted by this attack?

40

A company is implementing TLS 1.3 to secure web communications. Which of the following features is unique to TLS 1.3 compared to earlier versions?

41

A security engineer is configuring SNMPv3 on network devices. The policy requires both authentication and encryption of SNMP messages. Which combination of protocols should be used to meet this requirement?

42

Which VPN technology operates at Layer 2 of the OSI model and is often used in combination with IPsec to provide encryption?

43

A network administrator is deploying a wireless network for a small business and wants to ensure strong security. Which of the following is the best choice for authentication in a WPA3 Personal network?

44

During a penetration test, an ethical hacker sets up a rogue access point with the same SSID as the corporate network and broadcasts a stronger signal. Users inadvertently connect to the rogue AP, allowing the hacker to capture credentials. What is this attack called?

45

Which of the following is a secure protocol for transferring files that uses SSH for authentication and encryption?

46

A company is designing a network segmentation strategy to isolate a public-facing web server from the internal corporate network. Which of the following is the most appropriate architecture?

47

Which type of firewall can inspect the contents of application-layer traffic, such as HTTP requests, and block malicious payloads?

48

An organization is implementing DNSSEC to protect its DNS infrastructure. Which of the following best describes the primary security benefit of DNSSEC?

49

Which IPsec protocol provides both authentication and encryption of the packet payload, but does not encrypt the IP header?

50

A security architect is designing a zero trust network. Which principle is fundamental to a zero trust architecture?

51

A network administrator is reviewing the security of the company's VPN solution. They discover that the current VPN uses PPTP. Which TWO of the following are significant security weaknesses associated with PPTP?

52

A company is migrating from WPA2 to WPA3 to improve wireless security. Which THREE of the following are features of WPA3 compared to WPA2?

53

A security analyst is evaluating secure email protocols. Which TWO of the following provide both encryption and digital signing of email messages?

54

A security analyst notices that an attacker is sending forged ARP messages onto a local area network, linking the attacker's MAC address with the IP address of the default gateway. This allows the attacker to intercept traffic destined for the gateway. Which OSI layer is directly targeted by this attack?

55

A network administrator is configuring a firewall that examines the source and destination IP addresses, port numbers, and protocol (TCP/UDP) of each packet without considering the state of the connection. Which type of firewall is being deployed?

56

A company is migrating from WPA2 to WPA3 to enhance wireless security. Which of the following cryptographic changes does WPA3 introduce compared to WPA2?

57

A security engineer is recommending a VPN protocol for remote access. The requirements are: strong encryption, perfect forward secrecy, use of elliptic curve cryptography, and minimal overhead. Which VPN protocol best meets these requirements?

58

An organization is implementing DNSSEC to protect against DNS spoofing attacks. Which of the following best describes the primary security function provided by DNSSEC?

59

During a security assessment, a consultant discovers that a legacy VPN solution uses MS-CHAPv2 for authentication and does not support IKE. The protocol is known to be vulnerable to dictionary attacks. Which VPN protocol is most likely being used?

60

A security analyst is configuring a firewall to allow HTTP traffic (TCP port 80) from the internet to a web server in the DMZ. The firewall should also allow return traffic from the server back to the internet. Which type of firewall is best suited to handle this traffic while maintaining security?

Practice all 60 Communication and Network Security questions

Other CISSP exam domains

Security and Risk ManagementAsset SecuritySecurity OperationsSecurity Architecture and EngineeringSecurity Assessment and TestingSoftware Development SecurityIdentity and Access Management

Frequently asked questions

What does the Communication and Network Security domain cover on the CISSP exam?

The Communication and Network Security domain covers the key concepts tested in this area of the CISSP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CISSP domains — no account required.

How many Communication and Network Security questions are in the CISSP question bank?

The Courseiva CISSP question bank contains 60 questions in the Communication and Network Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Communication and Network Security for CISSP?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Communication and Network Security questions for CISSP?

Yes — the session launcher on this page draws questions exclusively from the Communication and Network Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CISSP domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CCCCSPCAS-004CISM