Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Network and Communications Security practice sets

SSCP Network and Communications Security • Complete Question Bank

SSCP Network and Communications Security — All Questions With Answers

Complete SSCP Network and Communications Security question bank — all 0 questions with answers and detailed explanations.

87
Questions
Free
No signup
Certifications/SSCP/Practice Test/Network and Communications Security/All Questions
Question 1mediummultiple choice
Read the full Network and Communications Security explanation →

A security analyst notices unusual outbound traffic from a server in the DMZ to an external IP address on port 4444. The server runs a web application. Which action should the analyst take first?

Question 2hardmultiple choice
Read the full VPN explanation →

A network engineer is designing a secure WAN link between two offices using IPsec VPN. The company requires encryption of all traffic, authentication of both endpoints, and protection against replay attacks. Which combination of IPsec protocols and modes should be used?

Question 3easymultiple choice
Read the full Network and Communications Security explanation →

An organization wants to prevent unauthorized devices from connecting to its wired network. Which security control should be implemented?

Question 4mediummultiple choice
Review the full subnetting walkthrough →

A company's internal network uses a /24 subnet and has a single firewall connecting to the internet. Employees report that they cannot access an external web server at 203.0.113.50. The firewall has a rule that allows outbound HTTP. What is the most likely cause?

Question 5hardmultiple choice
Read the full wireless explanation →

A security administrator is configuring a wireless network for a branch office. The office has legacy devices that only support WPA2-PSK. The administrator wants to provide the highest level of security while maintaining compatibility. Which configuration should be used?

Question 6easymultiple choice
Read the full DHCP explanation →

A network technician needs to ensure that only authorized DHCP servers can assign IP addresses on the network. Which switch feature should be enabled?

Question 7mediummultiple choice
Read the full VPN explanation →

A company is implementing a VPN for remote employees. The security policy requires that all traffic from the remote device to the corporate network be encrypted, but internet-bound traffic should go directly to the internet. Which VPN configuration should be used?

Question 8hardmultiple choice
Read the full Network and Communications Security explanation →

An organization detects that an attacker is performing a MAC flooding attack on a switch. What is the primary goal of this attack?

Question 9easymultiple choice
Read the full Network and Communications Security explanation →

A network administrator is configuring a firewall rule to allow inbound HTTPS traffic to a web server. Which protocol and port should be allowed?

Question 10mediummulti select
Read the full Network and Communications Security explanation →

Which TWO of the following are functions of a network firewall?

Question 11mediummulti select
Read the full wireless explanation →

Which TWO of the following are best practices for securing a wireless network?

Question 12hardmulti select
Read the full Network and Communications Security explanation →

Which THREE of the following are characteristics of a stateful firewall?

Question 13hardmulti select
Read the full Network and Communications Security explanation →

Which THREE of the following are common types of network attacks?

Question 14mediummultiple choice
Read the full Network and Communications Security explanation →

A network administrator configured the above port security on an access port connected to a VoIP phone and a PC. A third device is connected to the phone's passthrough port. What will happen when the third device attempts to communicate?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address sticky
Question 15hardmultiple choice
Read the full network assurance explanation →

A security analyst reviews the syslog message from a router. What does this log entry indicate?

Exhibit

Refer to the exhibit.

syslog: %SEC-6-IPACCESSLOGP: list ACL_IN denied tcp 10.0.1.15(54321) -> 192.0.2.50(80), 1 packet
Question 16hardmultiple choice
Open the full VLAN trunking answer →

A medium-sized company with 200 employees has a single office with a flat network topology. Recently, the IT team noticed that network performance has degraded significantly during peak hours. A network analysis reveals excessive broadcast traffic and a high number of ARP requests. Additionally, the security team is concerned about the lack of segmentation, as a workstation infected with malware was able to spread rapidly to other systems. The company uses a single /24 subnet (192.168.1.0/24) and all devices are connected to a layer 2 switch. The IT manager wants to improve both performance and security without purchasing new hardware. The existing switch is a managed layer 2 switch that supports VLANs, but the router is a basic home-grade device that does not support VLAN routing. The company's internet connection is provided by a cable modem. What is the BEST course of action to address both performance and security concerns?

Question 17mediumdrag order
Read the full Network and Communications Security explanation →

Drag and drop the steps for implementing mandatory access control (MAC) using security labels into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps for implementing a patch management process into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 19mediummatching
Read the full Network and Communications Security explanation →

Match each access control model to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Owner sets permissions

System-enforced labels

Roles determine access

Attributes and policies

Question 20mediummatching
Read the full Network and Communications Security explanation →

Match each vulnerability assessment tool to its use.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network scanning and port discovery

Vulnerability scanning

Exploitation framework

Packet analysis

Question 21mediummultiple choice
Open the full VLAN trunking answer →

A security analyst is troubleshooting a network issue where users on VLAN 10 cannot reach a server on VLAN 20. The router has an ACL applied to the interface connected to VLAN 10. Which step should the analyst take first to isolate the problem?

Question 22easymultiple choice
Read the full wireless explanation →

A company wants to secure wireless communication for guests. Which protocol provides the strongest encryption for a wireless network?

Question 23hardmultiple choice
Read the full Network and Communications Security explanation →

During a security audit, it is discovered that network devices are using Telnet for management. Which of the following is the most secure replacement to ensure encrypted remote access?

Question 24easymultiple choice
Read the full Network and Communications Security explanation →

Refer to the exhibit. A security analyst notices that multiple internal hosts are using the same inside global IP address but different port numbers. Which technology is being used?

Exhibit

Router# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 203.0.113.10:80   192.168.1.10:80    198.51.100.20:80   198.51.100.20:80
tcp 203.0.113.10:443  192.168.1.10:443   198.51.100.20:443  198.51.100.20:443
tcp 203.0.113.11:80   192.168.1.11:80    198.51.100.30:80   198.51.100.30:80
Question 25mediummultiple choice
Read the full Network and Communications Security explanation →

Refer to the exhibit. A user at IP 10.0.0.1 reports that they cannot access a web server at 203.0.113.5 on port 443. What is the most likely cause?

Exhibit

Firewall ruleset:
Rule 1: permit tcp any host 10.0.0.1 eq 80
Rule 2: permit tcp any host 10.0.0.2 eq 443
Rule 3: deny ip any any log
Question 26hardmultiple choice
Read the full VPN explanation →

Refer to the exhibit. A network engineer is configuring a site-to-site VPN. The remote peer is using AES-256 encryption and SHA-1 for integrity. Which configuration parameter is likely misconfigured?

Exhibit

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
 lifetime 3600
crypto ipsec transform-set AES256-SHA esp-aes 256 esp-sha-hmac
crypto map CMAP 10 ipsec-isakmp
 set peer 198.51.100.1
 set transform-set AES256-SHA
 match address 101
Question 27easymulti select
Read the full Network and Communications Security explanation →

A network administrator is implementing segmentation to limit the spread of malware. Which two technologies can achieve network segmentation? (Choose two.)

Question 28mediummulti select
Read the full wireless explanation →

Which three of the following are best practices for securing a wireless network? (Choose three.)

Question 29hardmulti select
Read the full Network and Communications Security explanation →

A security analyst is reviewing network device logs and finds multiple failed SSH login attempts from a single external IP. Which three actions should the analyst take to mitigate this brute-force attack? (Choose three.)

Question 30mediummultiple choice
Read the full VPN explanation →

A company uses a hub-and-spoke VPN topology with a central site and multiple branch offices. The central site's firewall is being upgraded. Which technology can provide link redundancy with automatic failover for the VPN connections?

Question 31hardmultiple choice
Read the full Network and Communications Security explanation →

A security analyst discovers that an internal host is sending traffic to an external IP address known to be a command-and-control server. The analyst wants to block only that specific traffic without affecting other traffic. Which firewall rule should be implemented?

Question 32easymultiple choice
Read the full Network and Communications Security explanation →

Which protocol is used to automatically assign IP addresses to devices on a network?

Question 33mediummultiple choice
Read the full Network and Communications Security explanation →

A network administrator needs to ensure that internal users can access only approved external websites. Which technology should be implemented?

Question 34easymultiple choice
Read the full Network and Communications Security explanation →

Which of the following is a primary function of a firewall?

Question 35hardmultiple choice
Read the full Network and Communications Security explanation →

A security analyst is reviewing traffic logs and sees that a host is sending ICMP echo requests to multiple external IPs. This behavior is most likely indicative of:

Question 36easymultiple choice
Read the full Network and Communications Security explanation →

A security administrator is configuring a firewall to allow HTTPS traffic from the internet to a web server. Which default port must be permitted?

Question 37easymultiple choice
Read the full Network and Communications Security explanation →

A company wants to ensure that employees connecting from home use a secure tunnel to access internal resources. Which protocol should be implemented?

Question 38easymultiple choice
Read the full Network and Communications Security explanation →

An analyst notices unusual outbound traffic from a workstation to an external IP on port 445. Which protocol is likely being used?

Question 39mediummultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting a site-to-site VPN that is failing to establish. The pre-shared key is correct and both sides use IKEv2. The VPN logs show 'no proposal chosen'. What is the most likely cause?

Question 40mediummultiple choice
Read the full network assurance explanation →

During a security audit, it is discovered that a legacy system uses SNMPv1 for network monitoring. Which of the following is the primary security concern?

Question 41mediummultiple choice
Read the full Network and Communications Security explanation →

A security administrator receives an alert about a potential SYN flood attack on a web server. At which OSI layer does this attack occur?

Question 42hardmultiple choice
Open the full VLAN trunking answer →

A network has multiple VLANs with an IDS deployed on the core switch using SPAN ports. The IDS is missing some packets during high traffic periods. What is the best course of action to improve packet capture reliability?

Question 43hardmultiple choice
Read the full Network and Communications Security explanation →

A security analyst reviews firewall logs and sees multiple 'ACL drop' entries for a specific internal IP trying to connect to a database server on port 1433. The rule base has an explicit permit for this traffic. What is the most likely reason for the drops?

Question 44hardmultiple choice
Read the full Network and Communications Security explanation →

An organization is implementing 802.1X authentication for wired network access. Which server is required to authenticate users?

Question 45easymulti select
Read the full Network and Communications Security explanation →

A security engineer is designing a DMZ to host public-facing services. Which two security best practices should be applied? (Choose two.)

Question 46mediummulti select
Read the full VPN explanation →

A network administrator is configuring a VPN using IPsec. Which two protocols are used within IPsec to ensure data integrity and confidentiality? (Choose two.)

Question 47hardmulti select
Read the full Network and Communications Security explanation →

A network security team is implementing a defense-in-depth strategy. Which three layers should be included? (Choose three.)

Question 48mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. An administrator applies this ACL to the external interface. What specific traffic is blocked?

Exhibit

access-list 100 deny icmp any any echo-request
access-list 100 permit ip any any
!
interface GigabitEthernet0/0
 ip access-group 100 in
Question 49hardmultiple choice
Read the full Network and Communications Security explanation →

Refer to the exhibit. The security group is attached to a database server. Which hosts can connect to the database?

Exhibit

{
  "SecurityGroupIngress": [
    {"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "IpRanges": [{"CidrIp": "0.0.0.0/0"}]},
    {"IpProtocol": "tcp", "FromPort": 3306, "ToPort": 3306, "IpRanges": [{"CidrIp": "10.0.0.0/8"}]}
  ]
}
Question 50easymultiple choice
Read the full Network and Communications Security explanation →

Refer to the exhibit. An analyst sees these logs and is concerned about a potential attack. What is the most likely scenario?

Exhibit

Jan 15 10:35:22 192.168.1.1 10.0.0.2 TCP_SYN 192.168.1.100:31456 -> 10.0.0.2:3389
Jan 15 10:35:22 192.168.1.1 10.0.0.2 TCP_SYN_ACK 10.0.0.2:3389 -> 192.168.1.100:31456
Jan 15 10:35:23 192.168.1.1 10.0.0.2 TCP_ACK 192.168.1.100:31456 -> 10.0.0.2:3389
Jan 15 10:35:24 192.168.1.1 10.0.0.2 TCP_FIN 192.168.1.100:31456 -> 10.0.0.2:3389
Question 51easymultiple choice
Read the full Network and Communications Security explanation →

A user reports they cannot access the internet. The network administrator verifies that the user's workstation has an IP address of 192.168.1.100/24 and a default gateway of 192.168.1.1. The administrator can ping the default gateway but cannot ping 8.8.8.8. What is the most likely cause?

Question 52easymultiple choice
Read the full Network and Communications Security explanation →

Which of the following is the primary purpose of network segmentation?

Question 53easymultiple choice
Read the full VPN explanation →

An organization wants to allow secure remote access for employees. Which protocol is most appropriate for a site-to-site VPN?

Question 54mediummultiple choice
Read the full Network and Communications Security explanation →

A company implements a DMZ to host public services. Which of the following is the best practice for securing the DMZ?

Question 55mediummultiple choice
Read the full wireless explanation →

A network administrator notices that wireless users are experiencing intermittent connectivity. The controller shows excessive deauthentication frames. What is the most likely cause?

Question 56mediummultiple choice
Read the full wireless explanation →

Which of the following encryption protocols should be used to secure wireless traffic in an enterprise environment?

Question 57hardmultiple choice
Read the full Network and Communications Security explanation →

A security analyst reviews log files and sees multiple failed SSH attempts from various IP addresses. The analyst implements a rate-limiting rule on the firewall to block IPs after 5 failed attempts in 10 minutes. This is an example of which type of security control?

Question 58hardmultiple choice
Open the full VLAN trunking answer →

A network engineer configures a VLAN hopping attack prevention by setting all unused switch ports to an unused VLAN and disabling trunking. What vulnerability is being mitigated?

Question 59hardmultiple choice
Open the full VLAN trunking answer →

During a penetration test, the tester captures traffic on a switch port that is part of a VLAN other than the native VLAN. The tester is able to receive traffic destined for the management VLAN. What configuration flaw is exploited?

Question 60easymulti select
Read the full wireless explanation →

Which TWO are common methods to secure a wireless network against unauthorized access?

Question 61mediummulti select
Read the full Network and Communications Security explanation →

Which THREE are effective controls against internal network threats?

Question 62hardmulti select
Read the full Network and Communications Security explanation →

Which TWO protocols are used to secure email communication at the message level?

Question 63easymultiple choice
Study the full ACL explanation →

Refer to the exhibit. What is the effect of this access control list on traffic entering the interface?

Exhibit

access-list 100 permit tcp any host 10.0.0.1 eq 22
access-list 100 deny ip any any log
interface GigabitEthernet0/0
 ip access-group 100 in
Question 64mediummultiple choice
Read the full Network and Communications Security explanation →

Refer to the exhibit. Which of the following is most likely a web browsing session?

Exhibit

Proto Local Address          Foreign Address        State
TCP 192.168.1.100:49152   203.0.113.10:80       ESTABLISHED
TCP 192.168.1.100:49153   192.168.1.1:53        TIME_WAIT
TCP 192.168.1.100:49154   74.125.224.72:443     ESTABLISHED
Question 65hardmultiple choice
Read the full Network and Communications Security explanation →

Refer to the exhibit. What security issue is present in this firewall policy?

Exhibit

{
  "FirewallPolicies": [
    {
      "Name": "AllowWeb",
      "Source": "0.0.0.0/0",
      "Destination": "10.0.0.0/24",
      "Port": 443,
      "Action": "allow"
    },
    {
      "Name": "BlockSSH",
      "Source": "0.0.0.0/0",
      "Destination": "10.0.0.0/24",
      "Port": 22,
      "Action": "deny"
    }
  ]
}
Question 66mediummultiple choice
Open the full VLAN trunking answer →

A company deploys a guest Wi-Fi network that must be isolated from the internal network. The network team uses VLANs and a firewall. Which configuration best ensures isolation?

Question 67easymultiple choice
Read the full VPN explanation →

A remote employee needs secure access to corporate resources over the internet. Which protocol is considered best practice for site-to-site VPN?

Question 68hardmultiple choice
Read the full Network and Communications Security explanation →

A helpdesk ticket reports that users can browse internal web servers but cannot access external websites. The IT team checks firewall logs and sees dropped packets with the DF flag set. What is the most likely cause?

Question 69mediummultiple choice
Read the full Network and Communications Security explanation →

An organization is redesigning its DMZ to host a public web server and an internal file server. Which architecture provides the strongest security?

Question 70easymultiple choice
Read the full wireless explanation →

A small business uses MAC address filtering on its wireless network to prevent unauthorized access. Which attack is most likely to bypass this control?

Question 71hardmultiple choice
Read the full Network and Communications Security explanation →

A network analyst reviews firewall logs and sees multiple SYN packets to various ports from the same external IP in a short time, with no subsequent ACK. What is the most likely cause?

Question 72mediummultiple choice
Read the full wireless explanation →

A company wants to enforce network access control (NAC) for both wired and wireless devices. Which protocol is used for this purpose?

Question 73easymultiple choice
Read the full wireless explanation →

Which wireless encryption protocol is currently considered the most secure for home use?

Question 74mediummulti select
Open the full VLAN trunking answer →

Which TWO are benefits of network segmentation using VLANs? (Choose two.)

Question 75easymulti select
Read the full NAT/PAT explanation →

Which TWO protocols are considered insecure and should be replaced with secure alternatives? (Choose two.)

Question 76hardmulti select
Read the full Network and Communications Security explanation →

Which THREE are common types of network-based attacks? (Choose three.)

Question 77mediummultiple choice
Read the full Network and Communications Security explanation →

A network administrator is unable to ping the server at 10.2.2.100 from a host on the 192.168.1.0/24 network. Based on the exhibit, what is the most likely cause?

Exhibit

Refer to the exhibit.

Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.1.2 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C       10.1.1.0/24 is directly connected, GigabitEthernet0/0
O       10.2.2.0/24 [110/20] via 10.1.1.2, 00:05:12, GigabitEthernet0/0
S       10.3.3.0/24 [1/0] via 10.1.1.2
C       192.168.1.0/24 is directly connected, GigabitEthernet0/1
Question 78mediummultiple choice
Read the full VPN explanation →

A multinational company has a headquarters (HQ) and several branch offices connected via site-to-site IPsec VPN tunnels. The branch offices use a single internet connection and a VPN concentrator at HQ. Recently, users in the Asia branch report intermittent connectivity to the HQ file server, with high latency and occasional packet loss. The network team runs a traceroute from Asia branch to the HQ server; it shows the path goes through multiple hops with high latency at the second hop, which is the ISP router. The VPN tunnel status shows 'up' but with increasing rekey failures. The team has verified that the local internet link is stable and there are no bandwidth saturation issues. Which action should the team take first?

Question 79hardmultiple choice
Read the full NAT/PAT explanation →

A large data center uses a three-tier architecture with core, aggregation, and access switches. The security team detects anomalous traffic patterns: every night at 2:00 AM, a single server (IP 10.10.10.50) sends large ICMP Echo requests to multiple external IPs, followed by a flood of TCP SYN packets from those external IPs back to the server. The server is a critical database server that should not initiate outbound connections. The team suspects the server is compromised. The network team wants to contain the threat without taking the server offline immediately. Which action should they take first?

Question 80easymultiple choice
Read the full wireless explanation →

A small medical office has 10 employees who use laptops to access electronic health records (EHR) via a web application hosted at a colocation facility. The office currently uses a consumer-grade wireless router with WPA2-PSK for internet access. The EHR vendor requires all connections to be encrypted with TLS 1.2 and recommends using a VPN for remote access. The office manager wants to ensure secure connections from the office to the EHR system, while keeping costs low. The network consultant proposes several options. Which option best balances security and cost?

Question 81mediummulti select
Read the full VPN explanation →

An organization is implementing a new remote access VPN for employees using IPsec. Which TWO of the following are best practices for securing the IPsec VPN?

Question 82easymultiple choice
Read the full wireless explanation →

A small business uses a wireless network for employees and guests. The network uses WPA2-PSK with a single SSID, and the guest network is separate but broadcasts the same SSID. Recently, employees report intermittent connection drops and slow internet speeds. A site survey shows multiple access points from neighboring businesses operating on channels 1, 6, and 11. The business's access points are set to auto-channel selection. What is the most likely cause of the issue?

Question 83mediummultiple choice
Open the full VLAN trunking answer →

A company has segmented its network into VLANs for different departments: HR, Finance, and IT. The router interconnecting the VLANs has ACLs configured to block traffic from HR to Finance. However, IT has noticed that traffic from HR VLAN is reaching the Finance VLAN. The network uses managed switches with 802.1Q trunking. All access ports are configured as untagged members of their respective VLANs. What is the most likely cause of this unauthorized traffic flow?

Question 84hardmultiple choice
Read the full DNS explanation →

A financial firm has deployed network-based IDS/IPS sensors at key points to detect and prevent intrusions. During a recent security audit, it was discovered that an attacker exfiltrated sensitive data using DNS over HTTPS (DoH) queries. The IDS/IPS did not generate any alerts. The firm's network policy allows all outbound HTTPS traffic to any destination. To prevent such exfiltration in the future, what is the most effective corrective action?

Question 85mediummulti select
Read the full wireless explanation →

A security analyst is reviewing the configuration of an enterprise wireless network. Which TWO of the following are best practices for securing the wireless network against unauthorized access and eavesdropping?

Question 86hardmultiple choice
Read the full VPN explanation →

Refer to the exhibit. A network administrator is reviewing the VPN configuration on a site-to-site VPN hub. Which of the following is the most significant security vulnerability in this configuration?

Exhibit

Refer to the exhibit.

crypto isakmp policy 10
 authentication pre-share
 encryption aes 256
 hash sha
 group 14
 lifetime 3600
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
Question 87easymultiple choice
Read the full NAT/PAT explanation →

A financial services company has recently deployed a new customer-facing web application on port 443. The application is essential for client transactions. Within the first week, the security team's monitoring system detected thousands of failed login attempts originating from a wide range of IP addresses across multiple countries. The attempts are using common usernames and passwords, indicating a coordinated brute-force attack. The company's perimeter firewall is configured with a default allow rule for inbound TCP traffic on port 443 to the web server's public IP address. The company operates with a small IT team and has a limited security budget. The web application is custom-developed and cannot be modified quickly. The security analyst must recommend a solution to mitigate the attack while maintaining availability for legitimate users. Which of the following is the most effective first step?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SSCP Practice Test 1 — 10 Questions→SSCP Practice Test 2 — 10 Questions→SSCP Practice Test 3 — 10 Questions→SSCP Practice Test 4 — 10 Questions→SSCP Practice Test 5 — 10 Questions→SSCP Practice Exam 1 — 20 Questions→SSCP Practice Exam 2 — 20 Questions→SSCP Practice Exam 3 — 20 Questions→SSCP Practice Exam 4 — 20 Questions→Free SSCP Practice Test 1 — 30 Questions→Free SSCP Practice Test 2 — 30 Questions→Free SSCP Practice Test 3 — 30 Questions→SSCP Practice Questions 1 — 50 Questions→SSCP Practice Questions 2 — 50 Questions→SSCP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Risk Identification, Monitoring and AnalysisNetwork and Communications SecuritySystems and Application SecuritySecurity Operations and AdministrationIncident Response and RecoveryAccess ControlsCryptography

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Network and Communications Security setsAll Network and Communications Security questionsSSCP Practice Hub