Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Communication and Network Security practice sets

CISSP Communication and Network Security • Complete Question Bank

CISSP Communication and Network Security — All Questions With Answers

Complete CISSP Communication and Network Security question bank — all 0 questions with answers and detailed explanations.

73
Questions
Free
No signup
Certifications/CISSP/Practice Test/Communication and Network Security/All Questions
Question 1mediummultiple choice
Read the full VPN explanation →

A security engineer is troubleshooting a network where internal users can access internet websites but cannot reach the company's external VPN server (IP 203.0.113.50, UDP port 500). The firewall rule for VPN traffic is correctly configured. What is the most likely cause?

Question 2hardmultiple choice
Read the full Communication and Network Security explanation →

A network architect is designing a secure connection between two data centers across an untrusted WAN. The requirement is to encrypt all traffic and authenticate both endpoints. Which protocol should be used?

Question 3easymultiple choice
Review the full subnetting walkthrough →

A network administrator notices that users in the accounting department can access the internet but are unable to access the internal payroll server (10.10.10.50). The firewall rule allows traffic from the accounting subnet (10.10.20.0/24) to the payroll server. What is the most likely issue?

Question 4mediummultiple choice
Read the full wireless explanation →

A company uses WPA2-Enterprise with EAP-TLS for wireless access. An employee reports that a new laptop cannot connect to the wireless network, while older laptops work fine. The employee has installed the correct client certificate. What is the most likely cause?

Question 5hardmultiple choice
Read the full Communication and Network Security explanation →

A network engineer is configuring a firewall to allow HTTP traffic from the internet to a web server (10.0.0.10). The firewall has three interfaces: outside (ISP), DMZ (10.0.0.0/24), and inside (192.168.1.0/24). The web server is in the DMZ. Which rule is correct?

Question 6easymultiple choice
Read the full VPN explanation →

An organization wants to ensure that employees can securely access internal applications from home. They deploy a VPN solution. Which VPN type provides the strongest encryption and is most commonly used for remote access?

Question 7mediummultiple choice
Read the full Communication and Network Security explanation →

A security analyst is reviewing network logs and sees repeated failed connection attempts from an external IP to the company's SSH server (port 22). The firewall has a rule allowing SSH from anywhere. What is the best immediate action to reduce risk?

Question 8hardmulti select
Open the full VLAN trunking answer →

Which TWO security controls are most effective in preventing VLAN hopping attacks?

Question 9mediummulti select
Read the full wireless explanation →

Which THREE of the following are best practices for securing a wireless network?

Question 10easymulti select
Read the full Communication and Network Security explanation →

Which TWO of the following are valid reasons to implement network segmentation?

Question 11hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. The ACL is applied inbound on the DMZ interface. What is the effect of this configuration?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 description DMZ to Web Server
 ip address 10.0.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 description Inside to Corp Network
 ip address 192.168.1.1 255.255.255.0
!
access-list 100 permit tcp any host 10.0.0.10 eq 80
access-list 100 permit tcp host 10.0.0.10 any established
access-list 100 deny ip any any
!
interface GigabitEthernet0/1
 ip access-group 100 in
Question 12easymultiple choice
Read the full VPN explanation →

Refer to the exhibit. The VPN tunnel is not coming up. What is the most likely configuration error?

Exhibit

Refer to the exhibit.

$$$ START CONFIG
crypto isakmp policy 10
 encryption aes 256
 hash sha256
 authentication pre-share
 group 14
 lifetime 86400
crypto isakmp key cisco123 address 203.0.113.1
!
crypto ipsec transform-set TSET esp-aes 256 esp-sha256-hmac
!
crypto map CMAP 10 ipsec-isakmp
 set peer 203.0.113.1
 set transform-set TSET
 match address 101
!
interface Tunnel0
 ip address 10.0.0.1 255.255.255.252
 tunnel source GigabitEthernet0/0
 tunnel destination 203.0.113.1
 crypto map CMAP
$$$ END CONFIG
Question 13hardmultiple choice
Read the full MPLS explanation →

You are the security architect for a global financial firm. The organization has recently deployed a new cloud-based application that requires low-latency connections between data centers in New York, London, and Tokyo. The existing WAN uses MPLS L3 VPNs with IPsec encryption. However, the application team reports excessive latency and packet loss during peak hours. The network team confirms that the MPLS links are underutilized, but the IPsec tunnels show high CPU usage on the edge routers. Additionally, the security policy mandates that all inter-data center traffic must be encrypted and authenticated. The firm has a budget for hardware upgrades but wants to minimize operational changes. Which of the following is the BEST course of action?

Question 14mediumdrag order
Read the full Communication and Network Security explanation →

Drag and drop the steps for a secure software development lifecycle (SDLC) in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 15mediummatching
Read the full Communication and Network Security explanation →

Match each threat type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fraudulent emails to obtain sensitive info

Targeted phishing at specific individuals

Phishing targeting senior executives

Voice phishing over phone

Phishing via SMS

Question 16easymultiple choice
Open the full VLAN trunking answer →

A company uses VLANs to separate traffic between the IT, HR, and Finance departments. A user in the HR VLAN reports that she cannot access a file server located in the IT VLAN. The file server's default gateway is correctly set to the IT VLAN interface. All workstations have correct IP addresses and subnet masks. What is the most likely cause of this issue?

Question 17easymultiple choice
Read the full Communication and Network Security explanation →

A network security analyst receives an alert from the intrusion detection system (IDS) indicating a high volume of TCP SYN packets to a single external IP address from a compromised internal host. This is characteristic of which type of attack?

Question 18easymultiple choice
Read the full wireless explanation →

A company is deploying a wireless network for guests. The security requirement is to provide internet access only, with no access to the internal corporate network. Which technology should be used?

Question 19mediummultiple choice
Read the full VPN explanation →

An organization is implementing IPsec VPN tunnels between multiple branch offices and the main office. The security team notices that the VPN tunnels are established successfully but no traffic passes through. Which of the following is the most likely cause?

Question 20mediummultiple choice
Read the full Communication and Network Security explanation →

A company recently suffered a data breach where an attacker was able to intercept network traffic and read sensitive data. Which network security control should be implemented to prevent this type of attack?

Question 21mediummultiple choice
Read the full Communication and Network Security explanation →

A network engineer is configuring 802.1X authentication for wired network access. The authentication server supports EAP-TLS. What must be deployed to clients to support this authentication method?

Question 22hardmultiple choice
Open the full VLAN trunking answer →

During a security assessment, a penetration tester successfully performed a VLAN hopping attack from a host in VLAN 10 to a host in VLAN 20. The switches are configured with IEEE 802.1Q trunking. Which misconfiguration likely allowed this attack?

Question 23hardmultiple choice
Read the full Communication and Network Security explanation →

A security architect is designing a network for a high-security data center. The requirement is to ensure that even if an attacker compromises one server, they cannot easily move laterally to other servers in the same data center. Which network design principle should be applied?

Question 24hardmultiple choice
Read the full VPN explanation →

A security engineer is troubleshooting a site-to-site IPsec VPN between two firewalls. The tunnel status shows Phase 1 is up but Phase 2 is not. Which of the following is the most likely cause?

Question 25easymulti select
Read the full VPN explanation →

Which TWO of the following are characteristics of a VPN that uses TLS?

Question 26mediummulti select
Read the full wireless explanation →

Which THREE of the following are valid methods for securing wireless networks against unauthorized access?

Question 27hardmulti select
Read the full Communication and Network Security explanation →

Which TWO of the following are common causes of network performance degradation that can be detected by network monitoring tools?

Question 28easymultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A security team is reviewing switch configurations and notices that the native VLAN is set to VLAN 10. An attacker on an access port in VLAN 10 sends a frame with a VLAN tag of VLAN 20 inside another frame. Which type of attack does this configuration make possible?

Exhibit

interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk native vlan 10
 switchport trunk allowed vlan 1-100,110-200
Question 29mediummultiple choice
Read the full Communication and Network Security explanation →

Refer to the exhibit. The firewall rules above are applied to the outside interface. A penetration tester from the internet attempts to establish a connection to 192.168.1.10 on TCP port 8080. What will happen?

Exhibit

access-list outside_in extended permit tcp any host 192.168.1.10 eq 443
access-list outside_in extended permit tcp any host 192.168.1.10 eq 80
access-list outside_in extended deny ip any any
Question 30hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. A security auditor is reviewing the network ACLs for a cloud VPC. Which of the following is the most significant security concern?

Exhibit

{
  "network": "vpc-12345",
  "inbound_rules": [
    {"protocol": "tcp", "port": 22, "source": "10.0.0.0/8"},
    {"protocol": "tcp", "port": 3389, "source": "192.168.1.0/24"}
  ],
  "outbound_rules": [
    {"protocol": "all", "destination": "0.0.0.0/0"}
  ]
}
Question 31easymultiple choice
Read the full VPN explanation →

A company needs to provide secure remote access to employees using company-issued laptops. The solution must support both web applications and legacy client-server apps without installing client software on the laptops. Which VPN technology is best?

Question 32mediummultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting a slow VPN connection between two sites. The link is symmetric 100 Mbps, but throughput tests show only 20 Mbps. The VPN uses AES-256 encryption. What is the most likely cause?

Question 33hardmultiple choice
Study the full multicast explanation →

An organization is designing a multicast network for live video streaming. They need to ensure that only authorized receivers can access the multicast group. Which technique should be implemented?

Question 34easymultiple choice
Read the full Communication and Network Security explanation →

A company has multiple offices connected via a WAN. They want to ensure that all traffic between offices is encrypted and authenticated. Which technology is most appropriate?

Question 35mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst receives an alert that a host in the internal network is sending abnormal amounts of traffic to an external IP. The traffic uses destination port 53. What is the most likely attack?

Question 36hardmultiple choice
Read the full Communication and Network Security explanation →

A network architect is designing a network to comply with PCI DSS requirements that cardholder data must be encrypted during transmission over open networks. Which protocol should be used for encrypting traffic between a point-of-sale (POS) terminal and the payment gateway?

Question 37easymultiple choice
Read the full Communication and Network Security explanation →

A switch port is configured with port security that allows only one MAC address. The help desk reports that a user's device cannot connect after a laptop is replaced. What should the network administrator do to resolve the issue?

Question 38mediummultiple choice
Read the full Communication and Network Security explanation →

A company wants to implement 802.1X authentication on their wired network. Which components are required?

Question 39hardmultiple choice
Read the full Communication and Network Security explanation →

During a security audit, it is discovered that a network firewall is allowing traffic based on source IP address only, without inspecting application-layer data. Which type of firewall is this?

Question 40easymulti select
Read the full Communication and Network Security explanation →

Which TWO options are valid methods for providing confidentiality in network communications? (Choose two.)

Question 41mediummulti select
Open the full VLAN trunking answer →

Which TWO are common techniques to defend against VLAN hopping attacks? (Choose two.)

Question 42hardmulti select
Read the full Communication and Network Security explanation →

Which THREE are essential elements of a Transport Layer Security (TLS) handshake? (Choose three.)

Question 43easymultiple choice
Read the full Communication and Network Security explanation →

A security engineer notices that the IKE phase 1 lifetime is set to 3600 seconds. What is a potential security implication?

Exhibit

Refer to the exhibit. The following output is from a Cisco router:

crypto isakmp policy 10
 hash sha256
 authentication pre-share
 group 14
 lifetime 3600
Question 44mediummultiple choice
Read the full Communication and Network Security explanation →

A remote user at 203.0.113.5 cannot access the internal web server at 10.0.0.10 over HTTPS. What is the most likely cause of the denial?

Exhibit

Refer to the exhibit. The following firewall log entry shows a denied packet:

Deny tcp 203.0.113.5 52314 10.0.0.10 443

The firewall has the following ACL applied inbound on the external interface:

ip access-list extended INSIDE-IN
 permit tcp host 203.0.113.2 host 10.0.0.10 eq 443
 deny ip any any log
Question 45hardmultiple choice
Open the full VLAN trunking answer →

A network administrator has configured private VLANs on a switch. The host in this port is part of PVLAN 100, and its associated secondary PVLAN is 200. What is the expected behavior for traffic from this host to other hosts in the same primary VLAN 100?

Exhibit

Refer to the exhibit. The following is a configuration snippet from a network device:

interface GigabitEthernet0/1
 switchport mode private-vlan host
 switchport private-vlan host-association 100 200
Question 46mediummultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting an IPsec VPN tunnel between two sites. The tunnel is established but no traffic is passing. Which command should the engineer use to verify the phase 2 security associations?

Question 47easymultiple choice
Read the full wireless explanation →

A company wants to secure its wireless network. Which approach provides the strongest authentication and encryption?

Question 48hardmultiple choice
Read the full Communication and Network Security explanation →

In a software-defined network (SDN) architecture, the control plane is separated from the data plane. A network administrator is troubleshooting packet forwarding delays. Which plane is directly responsible for forwarding packets?

Question 49mediummultiple choice
Read the full Communication and Network Security explanation →

A security administrator is configuring a stateful firewall to allow HTTP traffic from the internet to a web server. The firewall uses a default-deny policy. What is the correct rule placement?

Question 50hardmultiple choice
Read the full Communication and Network Security explanation →

A security analyst is evaluating the impact of upgrading web servers from TLS 1.2 to TLS 1.3. Which advantage does TLS 1.3 offer in terms of handshake efficiency?

Question 51easymultiple choice
Read the full Communication and Network Security explanation →

A remote user needs to securely connect to the corporate network over the internet. Which protocol provides both encryption and authentication?

Question 52mediummultiple choice
Read the full Communication and Network Security explanation →

A network analyst suspects a host on the internal network is sending abnormal amounts of traffic. Which tool should be used to capture and analyze the packets?

Question 53hardmultiple choice
Open the full BGP breakdown →

A company uses BGP to exchange routes with its ISP. To prevent prefix hijacking, which mechanism should be implemented?

Question 54easymultiple choice
Read the full Communication and Network Security explanation →

An organization wants to ensure that only devices that meet security policies can connect to the network. Which technology should be deployed?

Question 55mediummulti select
Read the full wireless explanation →

Which two methods provide strong encryption and authentication for wireless networks? (Choose TWO.)

Question 56easymulti select
Read the full Communication and Network Security explanation →

Which three are network-layer security controls in a defense-in-depth strategy? (Choose THREE.)

Question 57hardmulti select
Open the full BGP breakdown →

Which three BGP security mechanisms help protect against route hijacking? (Choose THREE.)

Question 58mediummultiple choice
Read the full VPN explanation →

Refer to the exhibit. Based on the output, which integrity algorithm is configured for the IPsec tunnel?

Exhibit

Router# show crypto ipsec sa peer 203.0.113.10 interface outside

interface: outside
    path mtu 1500, ipsec overhead 58, media mtu 1500
    current outbound spi: 0x12345678(305419896)
    inbound esp sas:
      spi: 0x87654321(2271560481)
        transform: esp-aes-256 esp-sha-hmac
    inbound ah sas:
    outbound esp sas:
      spi: 0x12345678(305419896)
        transform: esp-aes-256 esp-sha-hmac
    outbound ah sas:
Question 59hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. A security analyst is reviewing the network ACL inbound rules. Which statement is true?

Exhibit

{
  "InboundRules": [
    {
      "RuleNumber": 100,
      "Protocol": "6",
      "PortRange": {
        "From": 80,
        "To": 80
      },
      "Source": "0.0.0.0/0",
      "Action": "allow"
    },
    {
      "RuleNumber": 200,
      "Protocol": "6",
      "PortRange": {
        "From": 22,
        "To": 22
      },
      "Source": "10.0.0.0/8",
      "Action": "allow"
    }
  ]
}
Question 60hardmultiple choice
Open the full BGP breakdown →

A multinational corporation operates a private MPLS VPN network connecting 50 branch offices to a central data center. The network uses BGP as the routing protocol within the VPN, with each branch announcing its internal prefixes to the data center routers. Over the past week, several branch offices have reported intermittent connectivity issues, with traffic being routed to incorrect destinations before recovering. Network logs show that during these incidents, the data center router receives unexpected BGP updates from one of the branch routers, advertising prefixes that belong to other branches. BGP sessions remain established without flaps. The security team is concerned that this could be a route leak or intentional hijack. The network engineer has verified that all BGP sessions are authenticated with MD5 and that RPKI validation is not currently deployed. Which course of action should the engineer take first to mitigate the issue?

Question 61easymulti select
Open the full VLAN trunking answer →

A network administrator is configuring switches to prevent VLAN hopping attacks. Which TWO of the following measures should be implemented?

Question 62easymultiple choice
Review the full subnetting walkthrough →

A small company with 50 employees operates a flat network where all workstations, servers, and printers are on a single subnet without segmentation. The company recently suffered a ransomware outbreak that spread rapidly from an infected workstation to the file server and multiple other machines, causing significant downtime. The IT manager wants to redesign the network to contain future outbreaks and limit lateral movement. The budget is limited, and the environment uses a mixture of managed and unmanaged switches. Which course of action would BEST mitigate the risk of lateral spread while minimizing cost and complexity?

Question 63mediummultiple choice
Read the full VPN explanation →

A multinational corporation maintains site-to-site IPsec VPN tunnels between its headquarters and three regional branch offices. Over the past week, the tunnels have been dropping intermittently, causing disruption to real-time applications. The network team checked logs and found frequent 'Phase 2 rekey failure' messages. The tunnels are configured with IKEv1 and preshared keys. The headquarters uses a Cisco ASA, and the branches use various vendors' firewalls. The team verified that firewall policies allow IPsec traffic, and there is no packet loss on the WAN links. Which action should the team take to resolve the issue most effectively?

Question 64hardmultiple choice
Read the full Communication and Network Security explanation →

A financial institution is implementing a zero-trust network architecture (ZTNA) using micro-segmentation. They have a legacy accounting application that runs on a Windows Server and communicates with multiple client workstations using both TCP and UDP dynamic ports (49152-65535) for various features. After deploying strict host-based firewall rules that only allow specific ports, users report that the application frequently loses connection and fails to authenticate. The security team verified that the application's required ports are allowed, but the dynamic port negotiation fails because the application uses a proprietary protocol that includes ephemeral ports outside the allowed range. The application vendor is no longer supporting it. The organization cannot replace the application immediately. What is the MOST effective short-term solution?

Question 65hardmultiple choice
Read the full wireless explanation →

A large hospital uses a wireless LAN (WLAN) for mobile medical devices and staff tablets. Recently, nurses reported intermittent connectivity drops and high retransmission rates specifically in the east wing near the elevator banks. The WLAN is based on 802.11ac in the 5 GHz band. The hospital's IT team has already checked for channel overlap, and the APs are configured to use non-overlapping channels with automatic channel selection. Signal strength in the area is adequate (-65 dBm). However, the retransmission rate spikes during peak hours. Which approach should the network team take FIRST to diagnose and resolve the issue?

Question 66mediummulti select
Read the full Communication and Network Security explanation →

A security architect is designing a secure communication channel between two remote sites over the internet. Which TWO of the following protocols should be used to ensure confidentiality, integrity, and authentication?

Question 67hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. A network administrator sees that IPsec IKE negotiations fail between site A and site B. Site B's firewall has the above ACL applied inbound on the external interface. What is the most likely cause?

Exhibit

access-list 101 permit tcp any host 192.168.1.10 eq 443
access-list 101 permit udp any host 192.168.1.10 eq 500
access-list 101 permit udp any host 192.168.1.10 eq 4500
access-list 101 deny ip any any
Question 68easymultiple choice
Read the full MPLS explanation →

A company has a headquarters and three branch offices connected via MPLS VPN. Recently, they deployed a new VoIP system across all sites. Users report intermittent call drops and poor voice quality during peak business hours. The network team suspects packet loss and jitter are the cause. The IT manager wants to verify the issue without affecting production traffic. Which of the following is the best course of action?

Question 69hardmultiple choice
Open the full BGP breakdown →

Refer to the exhibit. Which of the following is true regarding the BGP routes received from neighbor 10.1.1.2?

Exhibit

R1# show ip bgp neighbors 10.1.1.2 received-routes
BGP table version is 5, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.0.0/16     10.1.1.2                 0             0 65001 65002 i
*> 10.20.0.0/16     10.1.1.2                 0             0 65001 65003 65004 i
*> 10.30.0.0/16     10.1.1.2                 0             0 65001 i
R1# show ip route 10.30.0.0
Routing entry for 10.30.0.0/16
  Known via "bgp", distance 20, metric 0
  Tag 65001, type external
  Last update from 10.1.1.2 00:00:12 ago
  Routing Descriptor Blocks:
  * 10.1.1.2, from 10.1.1.2, 00:00:12 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 65001
      MPLS label: none
Question 70hardmultiple choice
Read the full Communication and Network Security explanation →

Refer to the exhibit. Which of the following statements is correct regarding the connections and access-list?

Exhibit

ASA1# show conn
21 in use, 52 most used
TCP outside 203.0.113.5:443 inside 10.0.0.10:49152, idle 0:00:02, bytes 10240, flags UIO
UDP outside 198.51.100.2:53 inside 10.0.0.5:12345, idle 0:00:15, bytes 512, flags -
TCP outside 203.0.113.10:80 inside 10.0.0.20:49153, idle 0:00:05, bytes 2048, flags UIO

ASA1# show access-list outside_in
access-list outside_in line 1 extended permit tcp any host 203.0.113.5 eq 443 (hitcnt=0)
access-list outside_in line 2 extended permit udp any host 198.51.100.2 eq 53 (hitcnt=0)
access-list outside_in line 3 extended deny ip any any (hitcnt=0)
Question 71mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. What is the purpose of the NAT configuration on R1?

Exhibit

hostname R1
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no shutdown
!
interface Serial0/0
 ip address 203.0.113.1 255.255.255.252
 ip nat outside
 no shutdown
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat inside source list 1 interface Serial0/0 overload
!
ip route 0.0.0.0 0.0.0.0 Serial0/0
Question 72hardmultiple choice
Read the full wireless explanation →

Refer to the exhibit. Which of the following is true regarding the wireless clients?

Exhibit

WLC# show client summary
Number of Clients................................ 3

MAC Address    AP Name      Status         WLAN   Auth Algorithm    IP Address
00:11:22:33:44:55  AP01    Associated     1      Open              10.0.0.10
66:77:88:99:aa:bb  AP01    Associated     2      802.1X           10.0.0.11
cc:dd:ee:ff:00:11  AP02    Associated     1      Open              10.0.0.12

WLC# show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... Guest
Status........................................... Enabled
Security Policies................................ None (Open)

WLC# show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Corporate
Status........................................... Enabled
Security Policies................................ 802.1X (WPA2)
Question 73mediummultiple choice
Review the full routing breakdown →

Refer to the exhibit. An administrator reviews the logs on router1. Which statement describes the events?

Exhibit

Jan 15 10:30:15 router1 sshd[1234]: Failed password for admin from 192.0.2.100 port 22 ssh2
Jan 15 10:30:20 router1 sshd[1234]: Failed password for admin from 192.0.2.100 port 22 ssh2
Jan 15 10:30:25 router1 sshd[1234]: Failed password for admin from 192.0.2.100 port 22 ssh2
Jan 15 10:30:30 router1 sshd[1234]: Connection closed by 192.0.2.100 [preauth]
Jan 15 10:30:35 router1 sshd[1235]: Failed password for admin from 198.51.100.50 port 22 ssh2
Jan 15 10:30:40 router1 sshd[1235]: Failed password for admin from 198.51.100.50 port 22 ssh2
Jan 15 10:30:45 router1 sshd[1235]: Failed password for admin from 198.51.100.50 port 22 ssh2
Jan 15 10:30:50 router1 sshd[1235]: Connection closed by 198.51.100.50 [preauth]

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISSP Practice Test 1 — 10 Questions→CISSP Practice Test 2 — 10 Questions→CISSP Practice Test 3 — 10 Questions→CISSP Practice Test 4 — 10 Questions→CISSP Practice Test 5 — 10 Questions→CISSP Practice Exam 1 — 20 Questions→CISSP Practice Exam 2 — 20 Questions→CISSP Practice Exam 3 — 20 Questions→CISSP Practice Exam 4 — 20 Questions→Free CISSP Practice Test 1 — 30 Questions→Free CISSP Practice Test 2 — 30 Questions→Free CISSP Practice Test 3 — 30 Questions→CISSP Practice Questions 1 — 50 Questions→CISSP Practice Questions 2 — 50 Questions→CISSP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Software Development SecuritySecurity Assessment and TestingIdentity and Access ManagementSecurity and Risk ManagementSecurity Architecture and EngineeringCommunication and Network SecurityAsset SecuritySecurity Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Communication and Network Security setsAll Communication and Network Security questionsCISSP Practice Hub