Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsSSCPDomainsNetwork and Communications Security
SSCPFree — No Signup

Network and Communications Security

Practice SSCP Network and Communications Security questions with full explanations on every answer.

87questions

Start practicing

Network and Communications Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

SSCP Domains

Risk Identification, Monitoring and AnalysisNetwork and Communications SecuritySystems and Application SecuritySecurity Operations and AdministrationIncident Response and RecoveryAccess ControlsCryptography

Practice Network and Communications Security questions

10Q20Q30Q50Q

All SSCP Network and Communications Security questions (87)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst notices unusual outbound traffic from a server in the DMZ to an external IP address on port 4444. The server runs a web application. Which action should the analyst take first?

2

A network engineer is designing a secure WAN link between two offices using IPsec VPN. The company requires encryption of all traffic, authentication of both endpoints, and protection against replay attacks. Which combination of IPsec protocols and modes should be used?

3

An organization wants to prevent unauthorized devices from connecting to its wired network. Which security control should be implemented?

4

A company's internal network uses a /24 subnet and has a single firewall connecting to the internet. Employees report that they cannot access an external web server at 203.0.113.50. The firewall has a rule that allows outbound HTTP. What is the most likely cause?

5

A security administrator is configuring a wireless network for a branch office. The office has legacy devices that only support WPA2-PSK. The administrator wants to provide the highest level of security while maintaining compatibility. Which configuration should be used?

6

A network technician needs to ensure that only authorized DHCP servers can assign IP addresses on the network. Which switch feature should be enabled?

7

A company is implementing a VPN for remote employees. The security policy requires that all traffic from the remote device to the corporate network be encrypted, but internet-bound traffic should go directly to the internet. Which VPN configuration should be used?

8

An organization detects that an attacker is performing a MAC flooding attack on a switch. What is the primary goal of this attack?

9

A network administrator is configuring a firewall rule to allow inbound HTTPS traffic to a web server. Which protocol and port should be allowed?

10

Which TWO of the following are functions of a network firewall?

11

Which TWO of the following are best practices for securing a wireless network?

12

Which THREE of the following are characteristics of a stateful firewall?

13

Which THREE of the following are common types of network attacks?

14

A network administrator configured the above port security on an access port connected to a VoIP phone and a PC. A third device is connected to the phone's passthrough port. What will happen when the third device attempts to communicate?

15

A security analyst reviews the syslog message from a router. What does this log entry indicate?

16

A medium-sized company with 200 employees has a single office with a flat network topology. Recently, the IT team noticed that network performance has degraded significantly during peak hours. A network analysis reveals excessive broadcast traffic and a high number of ARP requests. Additionally, the security team is concerned about the lack of segmentation, as a workstation infected with malware was able to spread rapidly to other systems. The company uses a single /24 subnet (192.168.1.0/24) and all devices are connected to a layer 2 switch. The IT manager wants to improve both performance and security without purchasing new hardware. The existing switch is a managed layer 2 switch that supports VLANs, but the router is a basic home-grade device that does not support VLAN routing. The company's internet connection is provided by a cable modem. What is the BEST course of action to address both performance and security concerns?

17

Drag and drop the steps for implementing mandatory access control (MAC) using security labels into the correct order.

18

Drag and drop the steps for implementing a patch management process into the correct order.

19

Match each access control model to its description.

20

Match each vulnerability assessment tool to its use.

21

A security analyst is troubleshooting a network issue where users on VLAN 10 cannot reach a server on VLAN 20. The router has an ACL applied to the interface connected to VLAN 10. Which step should the analyst take first to isolate the problem?

22

A company wants to secure wireless communication for guests. Which protocol provides the strongest encryption for a wireless network?

23

During a security audit, it is discovered that network devices are using Telnet for management. Which of the following is the most secure replacement to ensure encrypted remote access?

24

Refer to the exhibit. A security analyst notices that multiple internal hosts are using the same inside global IP address but different port numbers. Which technology is being used?

25

Refer to the exhibit. A user at IP 10.0.0.1 reports that they cannot access a web server at 203.0.113.5 on port 443. What is the most likely cause?

26

Refer to the exhibit. A network engineer is configuring a site-to-site VPN. The remote peer is using AES-256 encryption and SHA-1 for integrity. Which configuration parameter is likely misconfigured?

27

A network administrator is implementing segmentation to limit the spread of malware. Which two technologies can achieve network segmentation? (Choose two.)

28

Which three of the following are best practices for securing a wireless network? (Choose three.)

29

A security analyst is reviewing network device logs and finds multiple failed SSH login attempts from a single external IP. Which three actions should the analyst take to mitigate this brute-force attack? (Choose three.)

30

A company uses a hub-and-spoke VPN topology with a central site and multiple branch offices. The central site's firewall is being upgraded. Which technology can provide link redundancy with automatic failover for the VPN connections?

31

A security analyst discovers that an internal host is sending traffic to an external IP address known to be a command-and-control server. The analyst wants to block only that specific traffic without affecting other traffic. Which firewall rule should be implemented?

32

Which protocol is used to automatically assign IP addresses to devices on a network?

33

A network administrator needs to ensure that internal users can access only approved external websites. Which technology should be implemented?

34

Which of the following is a primary function of a firewall?

35

A security analyst is reviewing traffic logs and sees that a host is sending ICMP echo requests to multiple external IPs. This behavior is most likely indicative of:

36

A security administrator is configuring a firewall to allow HTTPS traffic from the internet to a web server. Which default port must be permitted?

37

A company wants to ensure that employees connecting from home use a secure tunnel to access internal resources. Which protocol should be implemented?

38

An analyst notices unusual outbound traffic from a workstation to an external IP on port 445. Which protocol is likely being used?

39

A network engineer is troubleshooting a site-to-site VPN that is failing to establish. The pre-shared key is correct and both sides use IKEv2. The VPN logs show 'no proposal chosen'. What is the most likely cause?

40

During a security audit, it is discovered that a legacy system uses SNMPv1 for network monitoring. Which of the following is the primary security concern?

41

A security administrator receives an alert about a potential SYN flood attack on a web server. At which OSI layer does this attack occur?

42

A network has multiple VLANs with an IDS deployed on the core switch using SPAN ports. The IDS is missing some packets during high traffic periods. What is the best course of action to improve packet capture reliability?

43

A security analyst reviews firewall logs and sees multiple 'ACL drop' entries for a specific internal IP trying to connect to a database server on port 1433. The rule base has an explicit permit for this traffic. What is the most likely reason for the drops?

44

An organization is implementing 802.1X authentication for wired network access. Which server is required to authenticate users?

45

A security engineer is designing a DMZ to host public-facing services. Which two security best practices should be applied? (Choose two.)

46

A network administrator is configuring a VPN using IPsec. Which two protocols are used within IPsec to ensure data integrity and confidentiality? (Choose two.)

47

A network security team is implementing a defense-in-depth strategy. Which three layers should be included? (Choose three.)

48

Refer to the exhibit. An administrator applies this ACL to the external interface. What specific traffic is blocked?

49

Refer to the exhibit. The security group is attached to a database server. Which hosts can connect to the database?

50

Refer to the exhibit. An analyst sees these logs and is concerned about a potential attack. What is the most likely scenario?

51

A user reports they cannot access the internet. The network administrator verifies that the user's workstation has an IP address of 192.168.1.100/24 and a default gateway of 192.168.1.1. The administrator can ping the default gateway but cannot ping 8.8.8.8. What is the most likely cause?

52

Which of the following is the primary purpose of network segmentation?

53

An organization wants to allow secure remote access for employees. Which protocol is most appropriate for a site-to-site VPN?

54

A company implements a DMZ to host public services. Which of the following is the best practice for securing the DMZ?

55

A network administrator notices that wireless users are experiencing intermittent connectivity. The controller shows excessive deauthentication frames. What is the most likely cause?

56

Which of the following encryption protocols should be used to secure wireless traffic in an enterprise environment?

57

A security analyst reviews log files and sees multiple failed SSH attempts from various IP addresses. The analyst implements a rate-limiting rule on the firewall to block IPs after 5 failed attempts in 10 minutes. This is an example of which type of security control?

58

A network engineer configures a VLAN hopping attack prevention by setting all unused switch ports to an unused VLAN and disabling trunking. What vulnerability is being mitigated?

59

During a penetration test, the tester captures traffic on a switch port that is part of a VLAN other than the native VLAN. The tester is able to receive traffic destined for the management VLAN. What configuration flaw is exploited?

60

Which TWO are common methods to secure a wireless network against unauthorized access?

61

Which THREE are effective controls against internal network threats?

62

Which TWO protocols are used to secure email communication at the message level?

63

Refer to the exhibit. What is the effect of this access control list on traffic entering the interface?

64

Refer to the exhibit. Which of the following is most likely a web browsing session?

65

Refer to the exhibit. What security issue is present in this firewall policy?

66

A company deploys a guest Wi-Fi network that must be isolated from the internal network. The network team uses VLANs and a firewall. Which configuration best ensures isolation?

67

A remote employee needs secure access to corporate resources over the internet. Which protocol is considered best practice for site-to-site VPN?

68

A helpdesk ticket reports that users can browse internal web servers but cannot access external websites. The IT team checks firewall logs and sees dropped packets with the DF flag set. What is the most likely cause?

69

An organization is redesigning its DMZ to host a public web server and an internal file server. Which architecture provides the strongest security?

70

A small business uses MAC address filtering on its wireless network to prevent unauthorized access. Which attack is most likely to bypass this control?

71

A network analyst reviews firewall logs and sees multiple SYN packets to various ports from the same external IP in a short time, with no subsequent ACK. What is the most likely cause?

72

A company wants to enforce network access control (NAC) for both wired and wireless devices. Which protocol is used for this purpose?

73

Which wireless encryption protocol is currently considered the most secure for home use?

74

Which TWO are benefits of network segmentation using VLANs? (Choose two.)

75

Which TWO protocols are considered insecure and should be replaced with secure alternatives? (Choose two.)

76

Which THREE are common types of network-based attacks? (Choose three.)

77

A network administrator is unable to ping the server at 10.2.2.100 from a host on the 192.168.1.0/24 network. Based on the exhibit, what is the most likely cause?

78

A multinational company has a headquarters (HQ) and several branch offices connected via site-to-site IPsec VPN tunnels. The branch offices use a single internet connection and a VPN concentrator at HQ. Recently, users in the Asia branch report intermittent connectivity to the HQ file server, with high latency and occasional packet loss. The network team runs a traceroute from Asia branch to the HQ server; it shows the path goes through multiple hops with high latency at the second hop, which is the ISP router. The VPN tunnel status shows 'up' but with increasing rekey failures. The team has verified that the local internet link is stable and there are no bandwidth saturation issues. Which action should the team take first?

79

A large data center uses a three-tier architecture with core, aggregation, and access switches. The security team detects anomalous traffic patterns: every night at 2:00 AM, a single server (IP 10.10.10.50) sends large ICMP Echo requests to multiple external IPs, followed by a flood of TCP SYN packets from those external IPs back to the server. The server is a critical database server that should not initiate outbound connections. The team suspects the server is compromised. The network team wants to contain the threat without taking the server offline immediately. Which action should they take first?

80

A small medical office has 10 employees who use laptops to access electronic health records (EHR) via a web application hosted at a colocation facility. The office currently uses a consumer-grade wireless router with WPA2-PSK for internet access. The EHR vendor requires all connections to be encrypted with TLS 1.2 and recommends using a VPN for remote access. The office manager wants to ensure secure connections from the office to the EHR system, while keeping costs low. The network consultant proposes several options. Which option best balances security and cost?

81

An organization is implementing a new remote access VPN for employees using IPsec. Which TWO of the following are best practices for securing the IPsec VPN?

82

A small business uses a wireless network for employees and guests. The network uses WPA2-PSK with a single SSID, and the guest network is separate but broadcasts the same SSID. Recently, employees report intermittent connection drops and slow internet speeds. A site survey shows multiple access points from neighboring businesses operating on channels 1, 6, and 11. The business's access points are set to auto-channel selection. What is the most likely cause of the issue?

83

A company has segmented its network into VLANs for different departments: HR, Finance, and IT. The router interconnecting the VLANs has ACLs configured to block traffic from HR to Finance. However, IT has noticed that traffic from HR VLAN is reaching the Finance VLAN. The network uses managed switches with 802.1Q trunking. All access ports are configured as untagged members of their respective VLANs. What is the most likely cause of this unauthorized traffic flow?

84

A financial firm has deployed network-based IDS/IPS sensors at key points to detect and prevent intrusions. During a recent security audit, it was discovered that an attacker exfiltrated sensitive data using DNS over HTTPS (DoH) queries. The IDS/IPS did not generate any alerts. The firm's network policy allows all outbound HTTPS traffic to any destination. To prevent such exfiltration in the future, what is the most effective corrective action?

85

A security analyst is reviewing the configuration of an enterprise wireless network. Which TWO of the following are best practices for securing the wireless network against unauthorized access and eavesdropping?

86

Refer to the exhibit. A network administrator is reviewing the VPN configuration on a site-to-site VPN hub. Which of the following is the most significant security vulnerability in this configuration?

87

A financial services company has recently deployed a new customer-facing web application on port 443. The application is essential for client transactions. Within the first week, the security team's monitoring system detected thousands of failed login attempts originating from a wide range of IP addresses across multiple countries. The attempts are using common usernames and passwords, indicating a coordinated brute-force attack. The company's perimeter firewall is configured with a default allow rule for inbound TCP traffic on port 443 to the web server's public IP address. The company operates with a small IT team and has a limited security budget. The web application is custom-developed and cannot be modified quickly. The security analyst must recommend a solution to mitigate the attack while maintaining availability for legitimate users. Which of the following is the most effective first step?

Practice all 87 Network and Communications Security questions

Other SSCP exam domains

Risk Identification, Monitoring and AnalysisSystems and Application SecuritySecurity Operations and AdministrationIncident Response and RecoveryAccess ControlsCryptography

Frequently asked questions

What does the Network and Communications Security domain cover on the SSCP exam?

The Network and Communications Security domain covers the key concepts tested in this area of the SSCP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SSCP domains — no account required.

How many Network and Communications Security questions are in the SSCP question bank?

The Courseiva SSCP question bank contains 87 questions in the Network and Communications Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Network and Communications Security for SSCP?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Network and Communications Security questions for SSCP?

Yes — the session launcher on this page draws questions exclusively from the Network and Communications Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your SSCP domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

CCCISSPSY0-701