Practice SSCP Network and Communications Security questions with full explanations on every answer.
Start practicing
Network and Communications Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security analyst notices unusual outbound traffic from a server in the DMZ to an external IP address on port 4444. The server runs a web application. Which action should the analyst take first?
2A network engineer is designing a secure WAN link between two offices using IPsec VPN. The company requires encryption of all traffic, authentication of both endpoints, and protection against replay attacks. Which combination of IPsec protocols and modes should be used?
3An organization wants to prevent unauthorized devices from connecting to its wired network. Which security control should be implemented?
4A company's internal network uses a /24 subnet and has a single firewall connecting to the internet. Employees report that they cannot access an external web server at 203.0.113.50. The firewall has a rule that allows outbound HTTP. What is the most likely cause?
5A security administrator is configuring a wireless network for a branch office. The office has legacy devices that only support WPA2-PSK. The administrator wants to provide the highest level of security while maintaining compatibility. Which configuration should be used?
6A network technician needs to ensure that only authorized DHCP servers can assign IP addresses on the network. Which switch feature should be enabled?
7A company is implementing a VPN for remote employees. The security policy requires that all traffic from the remote device to the corporate network be encrypted, but internet-bound traffic should go directly to the internet. Which VPN configuration should be used?
8An organization detects that an attacker is performing a MAC flooding attack on a switch. What is the primary goal of this attack?
9A network administrator is configuring a firewall rule to allow inbound HTTPS traffic to a web server. Which protocol and port should be allowed?
10Which TWO of the following are functions of a network firewall?
11Which TWO of the following are best practices for securing a wireless network?
12Which THREE of the following are characteristics of a stateful firewall?
13Which THREE of the following are common types of network attacks?
14A network administrator configured the above port security on an access port connected to a VoIP phone and a PC. A third device is connected to the phone's passthrough port. What will happen when the third device attempts to communicate?
15A security analyst reviews the syslog message from a router. What does this log entry indicate?
16A medium-sized company with 200 employees has a single office with a flat network topology. Recently, the IT team noticed that network performance has degraded significantly during peak hours. A network analysis reveals excessive broadcast traffic and a high number of ARP requests. Additionally, the security team is concerned about the lack of segmentation, as a workstation infected with malware was able to spread rapidly to other systems. The company uses a single /24 subnet (192.168.1.0/24) and all devices are connected to a layer 2 switch. The IT manager wants to improve both performance and security without purchasing new hardware. The existing switch is a managed layer 2 switch that supports VLANs, but the router is a basic home-grade device that does not support VLAN routing. The company's internet connection is provided by a cable modem. What is the BEST course of action to address both performance and security concerns?
17Drag and drop the steps for implementing mandatory access control (MAC) using security labels into the correct order.
18Drag and drop the steps for implementing a patch management process into the correct order.
19Match each access control model to its description.
20Match each vulnerability assessment tool to its use.
21A security analyst is troubleshooting a network issue where users on VLAN 10 cannot reach a server on VLAN 20. The router has an ACL applied to the interface connected to VLAN 10. Which step should the analyst take first to isolate the problem?
22A company wants to secure wireless communication for guests. Which protocol provides the strongest encryption for a wireless network?
23During a security audit, it is discovered that network devices are using Telnet for management. Which of the following is the most secure replacement to ensure encrypted remote access?
24Refer to the exhibit. A security analyst notices that multiple internal hosts are using the same inside global IP address but different port numbers. Which technology is being used?
25Refer to the exhibit. A user at IP 10.0.0.1 reports that they cannot access a web server at 203.0.113.5 on port 443. What is the most likely cause?
26Refer to the exhibit. A network engineer is configuring a site-to-site VPN. The remote peer is using AES-256 encryption and SHA-1 for integrity. Which configuration parameter is likely misconfigured?
27A network administrator is implementing segmentation to limit the spread of malware. Which two technologies can achieve network segmentation? (Choose two.)
28Which three of the following are best practices for securing a wireless network? (Choose three.)
29A security analyst is reviewing network device logs and finds multiple failed SSH login attempts from a single external IP. Which three actions should the analyst take to mitigate this brute-force attack? (Choose three.)
30A company uses a hub-and-spoke VPN topology with a central site and multiple branch offices. The central site's firewall is being upgraded. Which technology can provide link redundancy with automatic failover for the VPN connections?
31A security analyst discovers that an internal host is sending traffic to an external IP address known to be a command-and-control server. The analyst wants to block only that specific traffic without affecting other traffic. Which firewall rule should be implemented?
32Which protocol is used to automatically assign IP addresses to devices on a network?
33A network administrator needs to ensure that internal users can access only approved external websites. Which technology should be implemented?
34Which of the following is a primary function of a firewall?
35A security analyst is reviewing traffic logs and sees that a host is sending ICMP echo requests to multiple external IPs. This behavior is most likely indicative of:
36A security administrator is configuring a firewall to allow HTTPS traffic from the internet to a web server. Which default port must be permitted?
37A company wants to ensure that employees connecting from home use a secure tunnel to access internal resources. Which protocol should be implemented?
38An analyst notices unusual outbound traffic from a workstation to an external IP on port 445. Which protocol is likely being used?
39A network engineer is troubleshooting a site-to-site VPN that is failing to establish. The pre-shared key is correct and both sides use IKEv2. The VPN logs show 'no proposal chosen'. What is the most likely cause?
40During a security audit, it is discovered that a legacy system uses SNMPv1 for network monitoring. Which of the following is the primary security concern?
41A security administrator receives an alert about a potential SYN flood attack on a web server. At which OSI layer does this attack occur?
42A network has multiple VLANs with an IDS deployed on the core switch using SPAN ports. The IDS is missing some packets during high traffic periods. What is the best course of action to improve packet capture reliability?
43A security analyst reviews firewall logs and sees multiple 'ACL drop' entries for a specific internal IP trying to connect to a database server on port 1433. The rule base has an explicit permit for this traffic. What is the most likely reason for the drops?
44An organization is implementing 802.1X authentication for wired network access. Which server is required to authenticate users?
45A security engineer is designing a DMZ to host public-facing services. Which two security best practices should be applied? (Choose two.)
46A network administrator is configuring a VPN using IPsec. Which two protocols are used within IPsec to ensure data integrity and confidentiality? (Choose two.)
47A network security team is implementing a defense-in-depth strategy. Which three layers should be included? (Choose three.)
48Refer to the exhibit. An administrator applies this ACL to the external interface. What specific traffic is blocked?
49Refer to the exhibit. The security group is attached to a database server. Which hosts can connect to the database?
50Refer to the exhibit. An analyst sees these logs and is concerned about a potential attack. What is the most likely scenario?
51A user reports they cannot access the internet. The network administrator verifies that the user's workstation has an IP address of 192.168.1.100/24 and a default gateway of 192.168.1.1. The administrator can ping the default gateway but cannot ping 8.8.8.8. What is the most likely cause?
52Which of the following is the primary purpose of network segmentation?
53An organization wants to allow secure remote access for employees. Which protocol is most appropriate for a site-to-site VPN?
54A company implements a DMZ to host public services. Which of the following is the best practice for securing the DMZ?
55A network administrator notices that wireless users are experiencing intermittent connectivity. The controller shows excessive deauthentication frames. What is the most likely cause?
56Which of the following encryption protocols should be used to secure wireless traffic in an enterprise environment?
57A security analyst reviews log files and sees multiple failed SSH attempts from various IP addresses. The analyst implements a rate-limiting rule on the firewall to block IPs after 5 failed attempts in 10 minutes. This is an example of which type of security control?
58A network engineer configures a VLAN hopping attack prevention by setting all unused switch ports to an unused VLAN and disabling trunking. What vulnerability is being mitigated?
59During a penetration test, the tester captures traffic on a switch port that is part of a VLAN other than the native VLAN. The tester is able to receive traffic destined for the management VLAN. What configuration flaw is exploited?
60Which TWO are common methods to secure a wireless network against unauthorized access?
61Which THREE are effective controls against internal network threats?
62Which TWO protocols are used to secure email communication at the message level?
63Refer to the exhibit. What is the effect of this access control list on traffic entering the interface?
64Refer to the exhibit. Which of the following is most likely a web browsing session?
65Refer to the exhibit. What security issue is present in this firewall policy?
66A company deploys a guest Wi-Fi network that must be isolated from the internal network. The network team uses VLANs and a firewall. Which configuration best ensures isolation?
67A remote employee needs secure access to corporate resources over the internet. Which protocol is considered best practice for site-to-site VPN?
68A helpdesk ticket reports that users can browse internal web servers but cannot access external websites. The IT team checks firewall logs and sees dropped packets with the DF flag set. What is the most likely cause?
69An organization is redesigning its DMZ to host a public web server and an internal file server. Which architecture provides the strongest security?
70A small business uses MAC address filtering on its wireless network to prevent unauthorized access. Which attack is most likely to bypass this control?
71A network analyst reviews firewall logs and sees multiple SYN packets to various ports from the same external IP in a short time, with no subsequent ACK. What is the most likely cause?
72A company wants to enforce network access control (NAC) for both wired and wireless devices. Which protocol is used for this purpose?
73Which wireless encryption protocol is currently considered the most secure for home use?
74Which TWO are benefits of network segmentation using VLANs? (Choose two.)
75Which TWO protocols are considered insecure and should be replaced with secure alternatives? (Choose two.)
76Which THREE are common types of network-based attacks? (Choose three.)
77A network administrator is unable to ping the server at 10.2.2.100 from a host on the 192.168.1.0/24 network. Based on the exhibit, what is the most likely cause?
78A multinational company has a headquarters (HQ) and several branch offices connected via site-to-site IPsec VPN tunnels. The branch offices use a single internet connection and a VPN concentrator at HQ. Recently, users in the Asia branch report intermittent connectivity to the HQ file server, with high latency and occasional packet loss. The network team runs a traceroute from Asia branch to the HQ server; it shows the path goes through multiple hops with high latency at the second hop, which is the ISP router. The VPN tunnel status shows 'up' but with increasing rekey failures. The team has verified that the local internet link is stable and there are no bandwidth saturation issues. Which action should the team take first?
79A large data center uses a three-tier architecture with core, aggregation, and access switches. The security team detects anomalous traffic patterns: every night at 2:00 AM, a single server (IP 10.10.10.50) sends large ICMP Echo requests to multiple external IPs, followed by a flood of TCP SYN packets from those external IPs back to the server. The server is a critical database server that should not initiate outbound connections. The team suspects the server is compromised. The network team wants to contain the threat without taking the server offline immediately. Which action should they take first?
80A small medical office has 10 employees who use laptops to access electronic health records (EHR) via a web application hosted at a colocation facility. The office currently uses a consumer-grade wireless router with WPA2-PSK for internet access. The EHR vendor requires all connections to be encrypted with TLS 1.2 and recommends using a VPN for remote access. The office manager wants to ensure secure connections from the office to the EHR system, while keeping costs low. The network consultant proposes several options. Which option best balances security and cost?
81An organization is implementing a new remote access VPN for employees using IPsec. Which TWO of the following are best practices for securing the IPsec VPN?
82A small business uses a wireless network for employees and guests. The network uses WPA2-PSK with a single SSID, and the guest network is separate but broadcasts the same SSID. Recently, employees report intermittent connection drops and slow internet speeds. A site survey shows multiple access points from neighboring businesses operating on channels 1, 6, and 11. The business's access points are set to auto-channel selection. What is the most likely cause of the issue?
83A company has segmented its network into VLANs for different departments: HR, Finance, and IT. The router interconnecting the VLANs has ACLs configured to block traffic from HR to Finance. However, IT has noticed that traffic from HR VLAN is reaching the Finance VLAN. The network uses managed switches with 802.1Q trunking. All access ports are configured as untagged members of their respective VLANs. What is the most likely cause of this unauthorized traffic flow?
84A financial firm has deployed network-based IDS/IPS sensors at key points to detect and prevent intrusions. During a recent security audit, it was discovered that an attacker exfiltrated sensitive data using DNS over HTTPS (DoH) queries. The IDS/IPS did not generate any alerts. The firm's network policy allows all outbound HTTPS traffic to any destination. To prevent such exfiltration in the future, what is the most effective corrective action?
85A security analyst is reviewing the configuration of an enterprise wireless network. Which TWO of the following are best practices for securing the wireless network against unauthorized access and eavesdropping?
86Refer to the exhibit. A network administrator is reviewing the VPN configuration on a site-to-site VPN hub. Which of the following is the most significant security vulnerability in this configuration?
87A financial services company has recently deployed a new customer-facing web application on port 443. The application is essential for client transactions. Within the first week, the security team's monitoring system detected thousands of failed login attempts originating from a wide range of IP addresses across multiple countries. The attempts are using common usernames and passwords, indicating a coordinated brute-force attack. The company's perimeter firewall is configured with a default allow rule for inbound TCP traffic on port 443 to the web server's public IP address. The company operates with a small IT team and has a limited security budget. The web application is custom-developed and cannot be modified quickly. The security analyst must recommend a solution to mitigate the attack while maintaining availability for legitimate users. Which of the following is the most effective first step?
The Network and Communications Security domain covers the key concepts tested in this area of the SSCP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SSCP domains — no account required.
The Courseiva SSCP question bank contains 87 questions in the Network and Communications Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Network and Communications Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included