Practice CISSP Communication and Network Security questions with full explanations on every answer.
Start practicing
Communication and Network Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security analyst observes a network attack where an attacker sends forged ARP messages to associate the attacker's MAC address with the IP address of the default gateway. This attack occurs at which layer of the OSI model?
2An organization is deploying a VPN solution for remote employees. The security team requires a modern protocol with perfect forward secrecy, uses elliptic curve cryptography, and is known for its efficient, minimal codebase. Which VPN protocol should they choose?
3A security engineer is configuring a firewall that makes decisions based on source/destination IP addresses and port numbers without tracking the state of connections. Which type of firewall is this?
4During a security assessment, a penetration tester sends TCP SYN packets to various ports on a target server. Based on the responses, the tester determines which ports are open. This technique is commonly used at which OSI layer?
5An organization wants to secure email communications by providing encryption and digital signatures. They require a solution that uses a web of trust model rather than a hierarchical PKI. Which protocol should they implement?
6A network administrator is configuring SNMPv3 for monitoring network devices. The organization requires both authentication and encryption of SNMP traffic. Which combination of protocols should be used to meet this requirement?
7Which wireless security protocol replaces the pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) to provide stronger security and forward secrecy?
8A security analyst discovers an attack where an attacker sets up a rogue wireless access point with a legitimate SSID to trick users into connecting. Once connected, the attacker captures credentials. This type of attack is known as:
9An organization is implementing network segmentation. They need to place publicly accessible servers (e.g., web and email) in a separate network that is isolated from the internal LAN but still allows controlled access from the internet. Which architecture should they use?
10A company deploys DNSSEC to protect its DNS infrastructure. Which cryptographic operation does DNSSEC primarily use to ensure the authenticity and integrity of DNS data?
11Which of the following is a key feature of TLS 1.3 that enhances security compared to earlier versions?
12A security architect is designing a zero-trust network. Which principle is fundamental to a zero-trust architecture (ZTA) such as BeyondCorp?
13A network engineer is configuring an IPsec VPN in tunnel mode. Which IPsec protocol provides both authentication and encryption of the entire IP packet?
14Which type of firewall is capable of inspecting application-layer data, performing SSL decryption, and integrating intrusion prevention capabilities?
15A company uses SSH for remote administration. To enhance security, they want to implement public-key authentication. Which statement about SSH public-key authentication is true?
16A security team is reviewing network segmentation strategies. Which TWO of the following are benefits of using VLANs? (Select TWO.)
17An organization is deploying a wireless network with WPA3-Enterprise. Which THREE of the following are features or improvements of WPA3 compared to WPA2? (Select THREE.)
18A security administrator is evaluating secure file transfer protocols. Which THREE of the following protocols provide encryption for data in transit? (Select THREE.)
19After a recent security audit, a network administrator discovers that an attacker has been intercepting traffic by associating with a legitimate access point's MAC address and broadcasting a stronger signal. Which type of attack has occurred?
20An organization is implementing network segmentation to enhance security. They create a DMZ to host public-facing servers and want to ensure that if a server is compromised, the attacker cannot pivot to the internal network. Which firewall placement best achieves this?
21A security engineer is evaluating VPN protocols for a remote access solution. The requirements are: strong encryption with perfect forward secrecy, support for mutual authentication, and no reliance on pre-shared keys that could be brute-forced. Which protocol best meets these requirements?
22An attacker sends a flood of SYN packets to a server, consuming its resources and preventing legitimate connections. Which OSI layer is this attack targeting?
23A company wants to secure email communications for its employees. They need to ensure message confidentiality and integrity, and also verify the sender's identity. Which protocol uses a hierarchical public key infrastructure (PKI) for email encryption and signing?
24A security administrator is configuring SNMPv3 for network device monitoring. The requirement is to provide both authentication and encryption of SNMP traffic. Which combination of options should be used?
25During a penetration test, the tester successfully performs a VLAN hopping attack by sending packets with a specific tag. Which mitigation technique is most effective at preventing double-tagging VLAN hopping?
26Which of the following is a key feature of TLS 1.3 that enhances security compared to earlier versions?
27A security team is implementing a zero trust architecture. Which component is essential to enforce access decisions based on user identity, device posture, and context before granting access to resources?
28A network administrator is configuring DNSSEC to protect against DNS spoofing. Which record type is used to provide cryptographic verification of DNS data origins?
29An organization is migrating from WPA2 to WPA3 for its wireless network. Which improvement does WPA3 provide over WPA2?
30Which type of firewall operates at Layer 7 and can inspect application payloads, such as blocking specific SQL commands or HTTP methods?
31During a security assessment, a penetration tester successfully performs an ARP spoofing attack, redirecting traffic through their machine. This attack exploits which protocol vulnerability?
32A company wants to securely transfer files between systems over SSH. Which protocol should they use to leverage the existing SSH infrastructure and provide both authentication and encryption?
33In IPsec, which protocol provides both authentication and encryption for the packet payload, but does not encrypt the IP header?
34A security architect is designing a network segmentation strategy for a financial institution. Which TWO techniques are best suited for implementing micro-segmentation in a data center environment? (Select two.)
35An organization is reviewing its use of SSH for remote administration. Which TWO features of SSH should be disabled or carefully managed to reduce security risks? (Select two.)
36A company is deploying a VPN solution for remote employees using SSL/TLS VPN. Which TWO security considerations are important when implementing this type of VPN? (Select two.)
37An incident responder is analyzing a network compromise that involved ICMP attacks. Which THREE types of ICMP attacks could have been used to disrupt network operations? (Select three.)
38Which TWO features are true of IPsec tunnel mode compared to transport mode? (Select two.)
39A security analyst detects an attack where the attacker sends forged ARP messages to associate the attacker's MAC address with the IP address of the default gateway. Which OSI layer is primarily targeted by this attack?
40A company is implementing TLS 1.3 to secure web communications. Which of the following features is unique to TLS 1.3 compared to earlier versions?
41A security engineer is configuring SNMPv3 on network devices. The policy requires both authentication and encryption of SNMP messages. Which combination of protocols should be used to meet this requirement?
42Which VPN technology operates at Layer 2 of the OSI model and is often used in combination with IPsec to provide encryption?
43A network administrator is deploying a wireless network for a small business and wants to ensure strong security. Which of the following is the best choice for authentication in a WPA3 Personal network?
44During a penetration test, an ethical hacker sets up a rogue access point with the same SSID as the corporate network and broadcasts a stronger signal. Users inadvertently connect to the rogue AP, allowing the hacker to capture credentials. What is this attack called?
45Which of the following is a secure protocol for transferring files that uses SSH for authentication and encryption?
46A company is designing a network segmentation strategy to isolate a public-facing web server from the internal corporate network. Which of the following is the most appropriate architecture?
47Which type of firewall can inspect the contents of application-layer traffic, such as HTTP requests, and block malicious payloads?
48An organization is implementing DNSSEC to protect its DNS infrastructure. Which of the following best describes the primary security benefit of DNSSEC?
49Which IPsec protocol provides both authentication and encryption of the packet payload, but does not encrypt the IP header?
50A security architect is designing a zero trust network. Which principle is fundamental to a zero trust architecture?
51A network administrator is reviewing the security of the company's VPN solution. They discover that the current VPN uses PPTP. Which TWO of the following are significant security weaknesses associated with PPTP?
52A company is migrating from WPA2 to WPA3 to improve wireless security. Which THREE of the following are features of WPA3 compared to WPA2?
53A security analyst is evaluating secure email protocols. Which TWO of the following provide both encryption and digital signing of email messages?
54A security analyst notices that an attacker is sending forged ARP messages onto a local area network, linking the attacker's MAC address with the IP address of the default gateway. This allows the attacker to intercept traffic destined for the gateway. Which OSI layer is directly targeted by this attack?
55A network administrator is configuring a firewall that examines the source and destination IP addresses, port numbers, and protocol (TCP/UDP) of each packet without considering the state of the connection. Which type of firewall is being deployed?
56A company is migrating from WPA2 to WPA3 to enhance wireless security. Which of the following cryptographic changes does WPA3 introduce compared to WPA2?
57A security engineer is recommending a VPN protocol for remote access. The requirements are: strong encryption, perfect forward secrecy, use of elliptic curve cryptography, and minimal overhead. Which VPN protocol best meets these requirements?
58An organization is implementing DNSSEC to protect against DNS spoofing attacks. Which of the following best describes the primary security function provided by DNSSEC?
59During a security assessment, a consultant discovers that a legacy VPN solution uses MS-CHAPv2 for authentication and does not support IKE. The protocol is known to be vulnerable to dictionary attacks. Which VPN protocol is most likely being used?
60A security analyst is configuring a firewall to allow HTTP traffic (TCP port 80) from the internet to a web server in the DMZ. The firewall should also allow return traffic from the server back to the internet. Which type of firewall is best suited to handle this traffic while maintaining security?
The Communication and Network Security domain covers the key concepts tested in this area of the CISSP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CISSP domains — no account required.
The Courseiva CISSP question bank contains 60 questions in the Communication and Network Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Communication and Network Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included