Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Communication and Network Security practice sets

CISSP Communication and Network Security • Complete Question Bank

CISSP Communication and Network Security — All Questions With Answers

Complete CISSP Communication and Network Security question bank — all 0 questions with answers and detailed explanations.

60
Questions
Free
No signup
Certifications/CISSP/Practice Test/Communication and Network Security/All Questions
Question 1mediummultiple choice
Read the full Communication and Network Security explanation →

A security analyst observes a network attack where an attacker sends forged ARP messages to associate the attacker's MAC address with the IP address of the default gateway. This attack occurs at which layer of the OSI model?

Question 2hardmultiple choice
Read the full VPN explanation →

An organization is deploying a VPN solution for remote employees. The security team requires a modern protocol with perfect forward secrecy, uses elliptic curve cryptography, and is known for its efficient, minimal codebase. Which VPN protocol should they choose?

Question 3easymultiple choice
Read the full Communication and Network Security explanation →

A security engineer is configuring a firewall that makes decisions based on source/destination IP addresses and port numbers without tracking the state of connections. Which type of firewall is this?

Question 4mediummultiple choice
Read the full Communication and Network Security explanation →

During a security assessment, a penetration tester sends TCP SYN packets to various ports on a target server. Based on the responses, the tester determines which ports are open. This technique is commonly used at which OSI layer?

Question 5mediummultiple choice
Read the full Communication and Network Security explanation →

An organization wants to secure email communications by providing encryption and digital signatures. They require a solution that uses a web of trust model rather than a hierarchical PKI. Which protocol should they implement?

Question 6hardmultiple choice
Read the full network assurance explanation →

A network administrator is configuring SNMPv3 for monitoring network devices. The organization requires both authentication and encryption of SNMP traffic. Which combination of protocols should be used to meet this requirement?

Question 7easymultiple choice
Read the full wireless explanation →

Which wireless security protocol replaces the pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) to provide stronger security and forward secrecy?

Question 8mediummultiple choice
Read the full wireless explanation →

A security analyst discovers an attack where an attacker sets up a rogue wireless access point with a legitimate SSID to trick users into connecting. Once connected, the attacker captures credentials. This type of attack is known as:

Question 9mediummultiple choice
Read the full Communication and Network Security explanation →

An organization is implementing network segmentation. They need to place publicly accessible servers (e.g., web and email) in a separate network that is isolated from the internal LAN but still allows controlled access from the internet. Which architecture should they use?

Question 10hardmultiple choice
Read the full DNS explanation →

A company deploys DNSSEC to protect its DNS infrastructure. Which cryptographic operation does DNSSEC primarily use to ensure the authenticity and integrity of DNS data?

Question 11easymultiple choice
Read the full Communication and Network Security explanation →

Which of the following is a key feature of TLS 1.3 that enhances security compared to earlier versions?

Question 12mediummultiple choice
Read the full Communication and Network Security explanation →

A security architect is designing a zero-trust network. Which principle is fundamental to a zero-trust architecture (ZTA) such as BeyondCorp?

Question 13hardmultiple choice
Read the full VPN explanation →

A network engineer is configuring an IPsec VPN in tunnel mode. Which IPsec protocol provides both authentication and encryption of the entire IP packet?

Question 14easymultiple choice
Read the full Communication and Network Security explanation →

Which type of firewall is capable of inspecting application-layer data, performing SSL decryption, and integrating intrusion prevention capabilities?

Question 15mediummultiple choice
Read the full Communication and Network Security explanation →

A company uses SSH for remote administration. To enhance security, they want to implement public-key authentication. Which statement about SSH public-key authentication is true?

Question 16mediummulti select
Open the full VLAN trunking answer →

A security team is reviewing network segmentation strategies. Which TWO of the following are benefits of using VLANs? (Select TWO.)

Question 17hardmulti select
Read the full wireless explanation →

An organization is deploying a wireless network with WPA3-Enterprise. Which THREE of the following are features or improvements of WPA3 compared to WPA2? (Select THREE.)

Question 18hardmulti select
Read the full Communication and Network Security explanation →

A security administrator is evaluating secure file transfer protocols. Which THREE of the following protocols provide encryption for data in transit? (Select THREE.)

Question 19mediummultiple choice
Read the full Communication and Network Security explanation →

After a recent security audit, a network administrator discovers that an attacker has been intercepting traffic by associating with a legitimate access point's MAC address and broadcasting a stronger signal. Which type of attack has occurred?

Question 20mediummultiple choice
Read the full Communication and Network Security explanation →

An organization is implementing network segmentation to enhance security. They create a DMZ to host public-facing servers and want to ensure that if a server is compromised, the attacker cannot pivot to the internal network. Which firewall placement best achieves this?

Question 21hardmultiple choice
Read the full VPN explanation →

A security engineer is evaluating VPN protocols for a remote access solution. The requirements are: strong encryption with perfect forward secrecy, support for mutual authentication, and no reliance on pre-shared keys that could be brute-forced. Which protocol best meets these requirements?

Question 22easymultiple choice
Read the full Communication and Network Security explanation →

An attacker sends a flood of SYN packets to a server, consuming its resources and preventing legitimate connections. Which OSI layer is this attack targeting?

Question 23mediummultiple choice
Read the full Communication and Network Security explanation →

A company wants to secure email communications for its employees. They need to ensure message confidentiality and integrity, and also verify the sender's identity. Which protocol uses a hierarchical public key infrastructure (PKI) for email encryption and signing?

Question 24mediummultiple choice
Read the full network assurance explanation →

A security administrator is configuring SNMPv3 for network device monitoring. The requirement is to provide both authentication and encryption of SNMP traffic. Which combination of options should be used?

Question 25hardmultiple choice
Open the full VLAN trunking answer →

During a penetration test, the tester successfully performs a VLAN hopping attack by sending packets with a specific tag. Which mitigation technique is most effective at preventing double-tagging VLAN hopping?

Question 26easymultiple choice
Read the full Communication and Network Security explanation →

Which of the following is a key feature of TLS 1.3 that enhances security compared to earlier versions?

Question 27mediummultiple choice
Read the full Communication and Network Security explanation →

A security team is implementing a zero trust architecture. Which component is essential to enforce access decisions based on user identity, device posture, and context before granting access to resources?

Question 28hardmultiple choice
Read the full DNS explanation →

A network administrator is configuring DNSSEC to protect against DNS spoofing. Which record type is used to provide cryptographic verification of DNS data origins?

Question 29mediummultiple choice
Read the full wireless explanation →

An organization is migrating from WPA2 to WPA3 for its wireless network. Which improvement does WPA3 provide over WPA2?

Question 30easymultiple choice
Read the full Communication and Network Security explanation →

Which type of firewall operates at Layer 7 and can inspect application payloads, such as blocking specific SQL commands or HTTP methods?

Question 31hardmultiple choice
Read the full Communication and Network Security explanation →

During a security assessment, a penetration tester successfully performs an ARP spoofing attack, redirecting traffic through their machine. This attack exploits which protocol vulnerability?

Question 32mediummultiple choice
Read the full Communication and Network Security explanation →

A company wants to securely transfer files between systems over SSH. Which protocol should they use to leverage the existing SSH infrastructure and provide both authentication and encryption?

Question 33easymultiple choice
Read the full VPN explanation →

In IPsec, which protocol provides both authentication and encryption for the packet payload, but does not encrypt the IP header?

Question 34mediummulti select
Read the full Communication and Network Security explanation →

A security architect is designing a network segmentation strategy for a financial institution. Which TWO techniques are best suited for implementing micro-segmentation in a data center environment? (Select two.)

Question 35hardmulti select
Read the full Communication and Network Security explanation →

An organization is reviewing its use of SSH for remote administration. Which TWO features of SSH should be disabled or carefully managed to reduce security risks? (Select two.)

Question 36hardmulti select
Read the full VPN explanation →

A company is deploying a VPN solution for remote employees using SSL/TLS VPN. Which TWO security considerations are important when implementing this type of VPN? (Select two.)

Question 37mediummulti select
Read the full Communication and Network Security explanation →

An incident responder is analyzing a network compromise that involved ICMP attacks. Which THREE types of ICMP attacks could have been used to disrupt network operations? (Select three.)

Question 38easymulti select
Read the full VPN explanation →

Which TWO features are true of IPsec tunnel mode compared to transport mode? (Select two.)

Question 39mediummultiple choice
Read the full Communication and Network Security explanation →

A security analyst detects an attack where the attacker sends forged ARP messages to associate the attacker's MAC address with the IP address of the default gateway. Which OSI layer is primarily targeted by this attack?

Question 40mediummultiple choice
Read the full Communication and Network Security explanation →

A company is implementing TLS 1.3 to secure web communications. Which of the following features is unique to TLS 1.3 compared to earlier versions?

Question 41hardmultiple choice
Read the full network assurance explanation →

A security engineer is configuring SNMPv3 on network devices. The policy requires both authentication and encryption of SNMP messages. Which combination of protocols should be used to meet this requirement?

Question 42easymultiple choice
Read the full VPN explanation →

Which VPN technology operates at Layer 2 of the OSI model and is often used in combination with IPsec to provide encryption?

Question 43mediummultiple choice
Read the full wireless explanation →

A network administrator is deploying a wireless network for a small business and wants to ensure strong security. Which of the following is the best choice for authentication in a WPA3 Personal network?

Question 44hardmultiple choice
Read the full Communication and Network Security explanation →

During a penetration test, an ethical hacker sets up a rogue access point with the same SSID as the corporate network and broadcasts a stronger signal. Users inadvertently connect to the rogue AP, allowing the hacker to capture credentials. What is this attack called?

Question 45easymultiple choice
Read the full Communication and Network Security explanation →

Which of the following is a secure protocol for transferring files that uses SSH for authentication and encryption?

Question 46mediummultiple choice
Read the full Communication and Network Security explanation →

A company is designing a network segmentation strategy to isolate a public-facing web server from the internal corporate network. Which of the following is the most appropriate architecture?

Question 47mediummultiple choice
Read the full Communication and Network Security explanation →

Which type of firewall can inspect the contents of application-layer traffic, such as HTTP requests, and block malicious payloads?

Question 48hardmultiple choice
Read the full DNS explanation →

An organization is implementing DNSSEC to protect its DNS infrastructure. Which of the following best describes the primary security benefit of DNSSEC?

Question 49easymultiple choice
Read the full VPN explanation →

Which IPsec protocol provides both authentication and encryption of the packet payload, but does not encrypt the IP header?

Question 50mediummultiple choice
Read the full Communication and Network Security explanation →

A security architect is designing a zero trust network. Which principle is fundamental to a zero trust architecture?

Question 51hardmulti select
Read the full VPN explanation →

A network administrator is reviewing the security of the company's VPN solution. They discover that the current VPN uses PPTP. Which TWO of the following are significant security weaknesses associated with PPTP?

Question 52mediummulti select
Read the full wireless explanation →

A company is migrating from WPA2 to WPA3 to improve wireless security. Which THREE of the following are features of WPA3 compared to WPA2?

Question 53easymulti select
Read the full Communication and Network Security explanation →

A security analyst is evaluating secure email protocols. Which TWO of the following provide both encryption and digital signing of email messages?

Question 54mediummultiple choice
Read the full Communication and Network Security explanation →

A security analyst notices that an attacker is sending forged ARP messages onto a local area network, linking the attacker's MAC address with the IP address of the default gateway. This allows the attacker to intercept traffic destined for the gateway. Which OSI layer is directly targeted by this attack?

Question 55easymultiple choice
Read the full Communication and Network Security explanation →

A network administrator is configuring a firewall that examines the source and destination IP addresses, port numbers, and protocol (TCP/UDP) of each packet without considering the state of the connection. Which type of firewall is being deployed?

Question 56hardmultiple choice
Read the full wireless explanation →

A company is migrating from WPA2 to WPA3 to enhance wireless security. Which of the following cryptographic changes does WPA3 introduce compared to WPA2?

Question 57mediummultiple choice
Read the full VPN explanation →

A security engineer is recommending a VPN protocol for remote access. The requirements are: strong encryption, perfect forward secrecy, use of elliptic curve cryptography, and minimal overhead. Which VPN protocol best meets these requirements?

Question 58mediummultiple choice
Read the full DNS explanation →

An organization is implementing DNSSEC to protect against DNS spoofing attacks. Which of the following best describes the primary security function provided by DNSSEC?

Question 59hardmultiple choice
Read the full VPN explanation →

During a security assessment, a consultant discovers that a legacy VPN solution uses MS-CHAPv2 for authentication and does not support IKE. The protocol is known to be vulnerable to dictionary attacks. Which VPN protocol is most likely being used?

Question 60easymultiple choice
Read the full Communication and Network Security explanation →

A security analyst is configuring a firewall to allow HTTP traffic (TCP port 80) from the internet to a web server in the DMZ. The firewall should also allow return traffic from the server back to the internet. Which type of firewall is best suited to handle this traffic while maintaining security?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISSP Practice Test 1 — 25 Questions→CISSP Practice Test 2 — 25 Questions→CISSP Practice Test 3 — 25 Questions→CISSP Practice Test 4 — 25 Questions→CISSP Practice Test 5 — 25 Questions→CISSP Practice Exam 1 — 20 Questions→CISSP Practice Exam 2 — 20 Questions→CISSP Practice Exam 3 — 20 Questions→CISSP Practice Exam 4 — 20 Questions→Free CISSP Practice Test 1 — 30 Questions→Free CISSP Practice Test 2 — 30 Questions→Free CISSP Practice Test 3 — 30 Questions→CISSP Practice Questions 1 — 50 Questions→CISSP Practice Questions 2 — 50 Questions→CISSP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security and Risk ManagementAsset SecuritySecurity OperationsSecurity Architecture and EngineeringCommunication and Network SecuritySecurity Assessment and TestingSoftware Development SecurityIdentity and Access Management

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Communication and Network Security setsAll Communication and Network Security questionsCISSP Practice Hub