Practice SSCP Network and Communications Security questions with full explanations on every answer.
Start practicing
Network and Communications Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Which protocol and port combination is commonly used for secure remote administration of a server?
2A security analyst notices an unusual number of ARP replies on the network where one MAC address is claiming to be multiple IP addresses. Which type of attack is most likely occurring?
3A company wants to deploy a firewall that can track the state of active connections and make decisions based on the context of traffic flows. Which firewall type should they choose?
4During a wireless penetration test, an attacker captures the four-way handshake of a WPA2-PSK network and attempts to crack the passphrase offline. Which attack is the attacker likely using?
5Which protocol is used for secure web browsing and operates on TCP port 443?
6An organization wants to ensure that only authorized devices can connect to the corporate wired network. Which technology should they implement to enforce this?
7A network administrator wants to block all inbound traffic except for web and email services. Which firewall rule configuration would achieve this?
8Which of the following is a characteristic of TLS 1.3 that improves security over previous versions?
9Which attack sends a flood of forged ICMP echo requests to a network's broadcast address to overwhelm a target?
10A company is deploying a VPN for remote employees. They require strong encryption and authentication, and the solution must be compatible with native OS clients without additional software. Which VPN protocol is most appropriate?
11During a security audit, a penetration tester successfully extracts the PMKID from a wireless beacon. What information can be derived from this attack?
12Which UDP port is used by the Simple Network Management Protocol (SNMP) for receiving traps?
13A security engineer is designing a network segmentation strategy to isolate a DMZ containing public-facing web servers from the internal corporate network. Which TWO controls should be implemented? (Select two)
14A company is migrating from WPA2 to WPA3 for wireless security. Which THREE features does WPA3 introduce? (Select three)
15A network administrator is troubleshooting a DNS poisoning attack. Which TWO countermeasures can help prevent such attacks? (Select two)
16Which of the following network protocols operates on TCP port 22 and provides secure remote administration of network devices?
17An attacker sends a flood of DHCP request packets with spoofed MAC addresses to exhaust the DHCP server's IP address pool, preventing legitimate clients from obtaining IP addresses. This attack is known as:
18During a penetration test, a security analyst captures a packet containing a gratuitous ARP reply that associates the attacker's MAC address with the default gateway's IP address. This is a classic indicator of which attack?
19Which of the following wireless security protocols uses AES-CCMP and is based on the 802.11i standard?
20A security administrator is configuring a VPN between two branch offices. The requirement is to encrypt the entire original IP packet and add a new IP header for routing over the internet. Which IPsec mode should be used?
21An organization wants to deploy a firewall that can inspect the payload of application-layer protocols such as HTTP and FTP, and make access decisions based on application data. Which type of firewall best meets this requirement?
22Which attack exploits the lack of IV (Initialization Vector) randomness in the RC4 algorithm to recover the Wi-Fi password, and is considered completely broken?
23Which of the following is a connectionless transport layer protocol primarily used for services like DNS and DHCP?
24A security team is implementing Network Access Control (NAC) to enforce endpoint compliance before granting network access. Which technology allows port-based authentication on wired networks?
25Which of the following best describes the function of SYN cookies in mitigating SYN flood attacks?
26An organization is planning to deploy a remote access VPN for employees. The solution must support strong encryption, mutual authentication, and work through firewalls without requiring additional ports. Which technology is most suitable?
27Which of the following is a common defense against ARP spoofing attacks on a local area network?
28A security analyst is investigating a network incident. Which TWO of the following are indicators of a man-in-the-middle attack using ARP spoofing? (Select TWO)
29Which THREE of the following are security features of WPA3 compared to WPA2? (Select THREE)
30A company is designing a network with multiple security zones. Which TWO of the following are best practices for network segmentation? (Select TWO)
31Which protocol is used to securely transfer files over a network and operates on TCP port 22?
32Which UDP port is used by the Dynamic Host Configuration Protocol (DHCP) for server communication?
33An attacker sends a forged ARP reply associating the attacker's MAC address with the IP address of the default gateway. What type of attack is this?
34A network administrator notices that legitimate clients are unable to obtain IP addresses from the DHCP server. The network logs show a high volume of DHCP Discover messages from different MAC addresses. Which attack is most likely occurring?
35Which security control can prevent a rogue DHCP server from assigning incorrect gateway addresses to clients?
36An organization deploys a firewall that examines the entire packet, including application-layer data, and can block specific commands or content. Which type of firewall is this?
37Which wireless security standard introduced the Simultaneous Authentication of Equals (SAE) handshake to replace the pre-shared key (PSK) method?
38A security analyst discovers that an attacker has set up a fake wireless access point with the same SSID as the corporate network. Users are unknowingly connecting to it. What is this attack called?
39In IPsec VPNs, which protocol provides authentication and encryption of the entire IP packet, including the IP header, in tunnel mode?
40Which of the following is a primary advantage of using TLS 1.3 over earlier versions?
41What is the default port for Microsoft SQL Server?
42Which network security control can enforce that only authorized devices with current antivirus and patches can connect to the network?
43Which TWO of the following are methods to defend against SYN flood attacks? (Select TWO)
44Which TWO of the following are characteristics of a Smurf attack? (Select TWO)
45Which THREE of the following are valid considerations when deploying a remote access VPN using SSL/TLS? (Select THREE)
46Which transport layer protocol is used by DNS for its queries and responses, and why is it appropriate?
47An attacker sends a gratuitous ARP reply associating the attacker's MAC address with the default gateway's IP address. Which attack is being performed, and what is the primary risk?
48A security administrator is configuring a firewall to allow outbound web traffic from internal users. The firewall must inspect the application layer data to block malicious URLs. Which type of firewall should be used?
49Which wireless security standard replaces WPA2 and mandates Protected Management Frames (PMF) to prevent certain types of attacks?
50During a security assessment, a penetration tester discovers that the network uses WPA2-PSK. Which attack could be used to recover the pre-shared key without interacting with the access point after capturing a single handshake?
51A security engineer is configuring a site-to-site VPN between two branch offices using IPsec in tunnel mode. Which protocol provides both authentication and encryption of the entire original IP packet?
52An organization wants to ensure that only corporate-managed devices can connect to the internal network. Non-compliant devices should be placed in a restricted VLAN with limited access. Which technology should be deployed?
53Which TCP port is commonly used for secure web traffic (HTTPS) and is often allowed through firewalls for web browsing?
54A system administrator notices a high number of half-open TCP connections to the company's web server. The server is becoming unresponsive. Which attack is likely occurring, and which mitigation is effective?
55A security analyst discovers that an internal DNS server is returning incorrect IP addresses for legitimate domains. The analyst suspects that an attacker has compromised the DNS resolver's cache. Which type of attack has likely occurred?
56Which protocol is used to securely transfer files between a client and server, typically over TCP port 22?
57A network administrator is tasked with segmenting the network to isolate a DMZ containing public-facing web servers from the internal corporate network. Which device should be placed between the DMZ and internal network, and what type of traffic should it allow?
58A security auditor is reviewing the configuration of a remote access VPN. Which TWO features are considered best practices for securing the VPN connection?
59An organization is deploying a network-based intrusion detection system (NIDS). The security team must decide on placement and configuration. Which THREE considerations are critical for effective NIDS deployment?
60During a wireless site survey, a security engineer identifies several security weaknesses. Which TWO measures should be implemented to improve wireless security for a corporate network using WPA2-Enterprise?
61Which of the following protocols operates on TCP port 443 and provides encrypted communication between a web browser and a web server?
62An attacker sends a large number of DHCP request messages with spoofed MAC addresses to a network's DHCP server, causing the server to exhaust its IP address pool and deny service to legitimate clients. This attack is known as:
63A security analyst is investigating a network where an attacker successfully redirected traffic from a legitimate web server to a malicious server by corrupting the target domain's DNS records in a local resolver cache. Which attack technique was used?
64A company wants to implement a firewall that can track the state of network connections and make decisions based on the context of traffic (e.g., allowing return packets for an established connection). Which type of firewall should they choose?
65Which wireless security protocol uses the Simultaneous Authentication of Equals (SAE) handshake to replace the Pre-Shared Key (PSK) method and provides stronger protection against offline dictionary attacks?
66An organization is setting up a site-to-site VPN between two branch offices. They require encryption of the entire IP packet, including the original IP header, and plan to use IPsec. Which mode should they configure?
67A network administrator wants to prevent unauthorized devices from connecting to the wired network. Which technology can be used to enforce authentication at the switch port level before granting network access?
68Which UDP port is used by the Domain Name System (DNS) for name resolution queries?
69An attacker is performing a man-in-the-middle attack at Layer 2 by sending forged ARP messages to associate their MAC address with the IP address of a legitimate host on the same subnet. This attack is known as:
70A security analyst is reviewing firewall logs and notices a high rate of TCP SYN packets to multiple ports on a server, but no corresponding ACK or RST packets. This is characteristic of which type of attack?
71Which of the following is a secure remote access VPN protocol that uses TLS for encryption and is commonly used with Cisco AnyConnect?
72A company wants to deploy a network IDS that can analyze traffic patterns and detect anomalies. Where should the IDS sensor be placed to monitor all traffic on a network segment without introducing latency?
73A security administrator is hardening a wireless network. Which TWO of the following should be avoided due to known vulnerabilities?
74A security analyst is reviewing a TLS 1.3 deployment. Which THREE of the following are features of TLS 1.3?
75An organization is designing network segmentation to protect sensitive data. Which TWO of the following are effective methods for implementing network segmentation?
76A security analyst is investigating a potential ARP spoofing attack on a local network segment. Which TWO network security controls would be most effective in preventing or detecting such an attack at Layer 2?
77A network administrator is designing a secure remote access solution for employees using company laptops. The solution must support strong authentication, encryption, and be resistant to man-in-the-middle attacks. Which THREE components should be included?
78During a security assessment, a penetration tester successfully performs a DHCP starvation attack followed by a DHCP spoofing attack. Which TWO outcomes are the most likely consequences of this combined attack?
79A company is migrating from WPA2-PSK to WPA3 for its wireless network. Which THREE benefits does WPA3 provide compared to WPA2?
The Network and Communications Security domain covers the key concepts tested in this area of the SSCP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SSCP domains — no account required.
The Courseiva SSCP question bank contains 79 questions in the Network and Communications Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Network and Communications Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included