Practice CISSP Communication and Network Security questions with full explanations on every answer.
Start practicing
Communication and Network Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security engineer is troubleshooting a network where internal users can access internet websites but cannot reach the company's external VPN server (IP 203.0.113.50, UDP port 500). The firewall rule for VPN traffic is correctly configured. What is the most likely cause?
2A network architect is designing a secure connection between two data centers across an untrusted WAN. The requirement is to encrypt all traffic and authenticate both endpoints. Which protocol should be used?
3A network administrator notices that users in the accounting department can access the internet but are unable to access the internal payroll server (10.10.10.50). The firewall rule allows traffic from the accounting subnet (10.10.20.0/24) to the payroll server. What is the most likely issue?
4A company uses WPA2-Enterprise with EAP-TLS for wireless access. An employee reports that a new laptop cannot connect to the wireless network, while older laptops work fine. The employee has installed the correct client certificate. What is the most likely cause?
5A network engineer is configuring a firewall to allow HTTP traffic from the internet to a web server (10.0.0.10). The firewall has three interfaces: outside (ISP), DMZ (10.0.0.0/24), and inside (192.168.1.0/24). The web server is in the DMZ. Which rule is correct?
6An organization wants to ensure that employees can securely access internal applications from home. They deploy a VPN solution. Which VPN type provides the strongest encryption and is most commonly used for remote access?
7A security analyst is reviewing network logs and sees repeated failed connection attempts from an external IP to the company's SSH server (port 22). The firewall has a rule allowing SSH from anywhere. What is the best immediate action to reduce risk?
8Which TWO security controls are most effective in preventing VLAN hopping attacks?
9Which THREE of the following are best practices for securing a wireless network?
10Which TWO of the following are valid reasons to implement network segmentation?
11Refer to the exhibit. The ACL is applied inbound on the DMZ interface. What is the effect of this configuration?
12Refer to the exhibit. The VPN tunnel is not coming up. What is the most likely configuration error?
13You are the security architect for a global financial firm. The organization has recently deployed a new cloud-based application that requires low-latency connections between data centers in New York, London, and Tokyo. The existing WAN uses MPLS L3 VPNs with IPsec encryption. However, the application team reports excessive latency and packet loss during peak hours. The network team confirms that the MPLS links are underutilized, but the IPsec tunnels show high CPU usage on the edge routers. Additionally, the security policy mandates that all inter-data center traffic must be encrypted and authenticated. The firm has a budget for hardware upgrades but wants to minimize operational changes. Which of the following is the BEST course of action?
14Drag and drop the steps for a secure software development lifecycle (SDLC) in the correct order.
15Match each threat type to its description.
16A company uses VLANs to separate traffic between the IT, HR, and Finance departments. A user in the HR VLAN reports that she cannot access a file server located in the IT VLAN. The file server's default gateway is correctly set to the IT VLAN interface. All workstations have correct IP addresses and subnet masks. What is the most likely cause of this issue?
17A network security analyst receives an alert from the intrusion detection system (IDS) indicating a high volume of TCP SYN packets to a single external IP address from a compromised internal host. This is characteristic of which type of attack?
18A company is deploying a wireless network for guests. The security requirement is to provide internet access only, with no access to the internal corporate network. Which technology should be used?
19An organization is implementing IPsec VPN tunnels between multiple branch offices and the main office. The security team notices that the VPN tunnels are established successfully but no traffic passes through. Which of the following is the most likely cause?
20A company recently suffered a data breach where an attacker was able to intercept network traffic and read sensitive data. Which network security control should be implemented to prevent this type of attack?
21A network engineer is configuring 802.1X authentication for wired network access. The authentication server supports EAP-TLS. What must be deployed to clients to support this authentication method?
22During a security assessment, a penetration tester successfully performed a VLAN hopping attack from a host in VLAN 10 to a host in VLAN 20. The switches are configured with IEEE 802.1Q trunking. Which misconfiguration likely allowed this attack?
23A security architect is designing a network for a high-security data center. The requirement is to ensure that even if an attacker compromises one server, they cannot easily move laterally to other servers in the same data center. Which network design principle should be applied?
24A security engineer is troubleshooting a site-to-site IPsec VPN between two firewalls. The tunnel status shows Phase 1 is up but Phase 2 is not. Which of the following is the most likely cause?
25Which TWO of the following are characteristics of a VPN that uses TLS?
26Which THREE of the following are valid methods for securing wireless networks against unauthorized access?
27Which TWO of the following are common causes of network performance degradation that can be detected by network monitoring tools?
28Refer to the exhibit. A security team is reviewing switch configurations and notices that the native VLAN is set to VLAN 10. An attacker on an access port in VLAN 10 sends a frame with a VLAN tag of VLAN 20 inside another frame. Which type of attack does this configuration make possible?
29Refer to the exhibit. The firewall rules above are applied to the outside interface. A penetration tester from the internet attempts to establish a connection to 192.168.1.10 on TCP port 8080. What will happen?
30Refer to the exhibit. A security auditor is reviewing the network ACLs for a cloud VPC. Which of the following is the most significant security concern?
31A company needs to provide secure remote access to employees using company-issued laptops. The solution must support both web applications and legacy client-server apps without installing client software on the laptops. Which VPN technology is best?
32A network engineer is troubleshooting a slow VPN connection between two sites. The link is symmetric 100 Mbps, but throughput tests show only 20 Mbps. The VPN uses AES-256 encryption. What is the most likely cause?
33An organization is designing a multicast network for live video streaming. They need to ensure that only authorized receivers can access the multicast group. Which technique should be implemented?
34A company has multiple offices connected via a WAN. They want to ensure that all traffic between offices is encrypted and authenticated. Which technology is most appropriate?
35A security analyst receives an alert that a host in the internal network is sending abnormal amounts of traffic to an external IP. The traffic uses destination port 53. What is the most likely attack?
36A network architect is designing a network to comply with PCI DSS requirements that cardholder data must be encrypted during transmission over open networks. Which protocol should be used for encrypting traffic between a point-of-sale (POS) terminal and the payment gateway?
37A switch port is configured with port security that allows only one MAC address. The help desk reports that a user's device cannot connect after a laptop is replaced. What should the network administrator do to resolve the issue?
38A company wants to implement 802.1X authentication on their wired network. Which components are required?
39During a security audit, it is discovered that a network firewall is allowing traffic based on source IP address only, without inspecting application-layer data. Which type of firewall is this?
40Which TWO options are valid methods for providing confidentiality in network communications? (Choose two.)
41Which TWO are common techniques to defend against VLAN hopping attacks? (Choose two.)
42Which THREE are essential elements of a Transport Layer Security (TLS) handshake? (Choose three.)
43A security engineer notices that the IKE phase 1 lifetime is set to 3600 seconds. What is a potential security implication?
44A remote user at 203.0.113.5 cannot access the internal web server at 10.0.0.10 over HTTPS. What is the most likely cause of the denial?
45A network administrator has configured private VLANs on a switch. The host in this port is part of PVLAN 100, and its associated secondary PVLAN is 200. What is the expected behavior for traffic from this host to other hosts in the same primary VLAN 100?
46A network engineer is troubleshooting an IPsec VPN tunnel between two sites. The tunnel is established but no traffic is passing. Which command should the engineer use to verify the phase 2 security associations?
47A company wants to secure its wireless network. Which approach provides the strongest authentication and encryption?
48In a software-defined network (SDN) architecture, the control plane is separated from the data plane. A network administrator is troubleshooting packet forwarding delays. Which plane is directly responsible for forwarding packets?
49A security administrator is configuring a stateful firewall to allow HTTP traffic from the internet to a web server. The firewall uses a default-deny policy. What is the correct rule placement?
50A security analyst is evaluating the impact of upgrading web servers from TLS 1.2 to TLS 1.3. Which advantage does TLS 1.3 offer in terms of handshake efficiency?
51A remote user needs to securely connect to the corporate network over the internet. Which protocol provides both encryption and authentication?
52A network analyst suspects a host on the internal network is sending abnormal amounts of traffic. Which tool should be used to capture and analyze the packets?
53A company uses BGP to exchange routes with its ISP. To prevent prefix hijacking, which mechanism should be implemented?
54An organization wants to ensure that only devices that meet security policies can connect to the network. Which technology should be deployed?
55Which two methods provide strong encryption and authentication for wireless networks? (Choose TWO.)
56Which three are network-layer security controls in a defense-in-depth strategy? (Choose THREE.)
57Which three BGP security mechanisms help protect against route hijacking? (Choose THREE.)
58Refer to the exhibit. Based on the output, which integrity algorithm is configured for the IPsec tunnel?
59Refer to the exhibit. A security analyst is reviewing the network ACL inbound rules. Which statement is true?
60A multinational corporation operates a private MPLS VPN network connecting 50 branch offices to a central data center. The network uses BGP as the routing protocol within the VPN, with each branch announcing its internal prefixes to the data center routers. Over the past week, several branch offices have reported intermittent connectivity issues, with traffic being routed to incorrect destinations before recovering. Network logs show that during these incidents, the data center router receives unexpected BGP updates from one of the branch routers, advertising prefixes that belong to other branches. BGP sessions remain established without flaps. The security team is concerned that this could be a route leak or intentional hijack. The network engineer has verified that all BGP sessions are authenticated with MD5 and that RPKI validation is not currently deployed. Which course of action should the engineer take first to mitigate the issue?
61A network administrator is configuring switches to prevent VLAN hopping attacks. Which TWO of the following measures should be implemented?
62A small company with 50 employees operates a flat network where all workstations, servers, and printers are on a single subnet without segmentation. The company recently suffered a ransomware outbreak that spread rapidly from an infected workstation to the file server and multiple other machines, causing significant downtime. The IT manager wants to redesign the network to contain future outbreaks and limit lateral movement. The budget is limited, and the environment uses a mixture of managed and unmanaged switches. Which course of action would BEST mitigate the risk of lateral spread while minimizing cost and complexity?
63A multinational corporation maintains site-to-site IPsec VPN tunnels between its headquarters and three regional branch offices. Over the past week, the tunnels have been dropping intermittently, causing disruption to real-time applications. The network team checked logs and found frequent 'Phase 2 rekey failure' messages. The tunnels are configured with IKEv1 and preshared keys. The headquarters uses a Cisco ASA, and the branches use various vendors' firewalls. The team verified that firewall policies allow IPsec traffic, and there is no packet loss on the WAN links. Which action should the team take to resolve the issue most effectively?
64A financial institution is implementing a zero-trust network architecture (ZTNA) using micro-segmentation. They have a legacy accounting application that runs on a Windows Server and communicates with multiple client workstations using both TCP and UDP dynamic ports (49152-65535) for various features. After deploying strict host-based firewall rules that only allow specific ports, users report that the application frequently loses connection and fails to authenticate. The security team verified that the application's required ports are allowed, but the dynamic port negotiation fails because the application uses a proprietary protocol that includes ephemeral ports outside the allowed range. The application vendor is no longer supporting it. The organization cannot replace the application immediately. What is the MOST effective short-term solution?
65A large hospital uses a wireless LAN (WLAN) for mobile medical devices and staff tablets. Recently, nurses reported intermittent connectivity drops and high retransmission rates specifically in the east wing near the elevator banks. The WLAN is based on 802.11ac in the 5 GHz band. The hospital's IT team has already checked for channel overlap, and the APs are configured to use non-overlapping channels with automatic channel selection. Signal strength in the area is adequate (-65 dBm). However, the retransmission rate spikes during peak hours. Which approach should the network team take FIRST to diagnose and resolve the issue?
66A security architect is designing a secure communication channel between two remote sites over the internet. Which TWO of the following protocols should be used to ensure confidentiality, integrity, and authentication?
67Refer to the exhibit. A network administrator sees that IPsec IKE negotiations fail between site A and site B. Site B's firewall has the above ACL applied inbound on the external interface. What is the most likely cause?
68A company has a headquarters and three branch offices connected via MPLS VPN. Recently, they deployed a new VoIP system across all sites. Users report intermittent call drops and poor voice quality during peak business hours. The network team suspects packet loss and jitter are the cause. The IT manager wants to verify the issue without affecting production traffic. Which of the following is the best course of action?
69Refer to the exhibit. Which of the following is true regarding the BGP routes received from neighbor 10.1.1.2?
70Refer to the exhibit. Which of the following statements is correct regarding the connections and access-list?
71Refer to the exhibit. What is the purpose of the NAT configuration on R1?
72Refer to the exhibit. Which of the following is true regarding the wireless clients?
73Refer to the exhibit. An administrator reviews the logs on router1. Which statement describes the events?
The Communication and Network Security domain covers the key concepts tested in this area of the CISSP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CISSP domains — no account required.
The Courseiva CISSP question bank contains 73 questions in the Communication and Network Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Communication and Network Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included