Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Network and Communications Security practice sets

SSCP Network and Communications Security • Complete Question Bank

SSCP Network and Communications Security — All Questions With Answers

Complete SSCP Network and Communications Security question bank — all 0 questions with answers and detailed explanations.

79
Questions
Free
No signup
Certifications/SSCP/Practice Test/Network and Communications Security/All Questions
Question 1easymultiple choice
Read the full Network and Communications Security explanation →

Which protocol and port combination is commonly used for secure remote administration of a server?

Question 2mediummultiple choice
Read the full Network and Communications Security explanation →

A security analyst notices an unusual number of ARP replies on the network where one MAC address is claiming to be multiple IP addresses. Which type of attack is most likely occurring?

Question 3mediummultiple choice
Read the full Network and Communications Security explanation →

A company wants to deploy a firewall that can track the state of active connections and make decisions based on the context of traffic flows. Which firewall type should they choose?

Question 4hardmultiple choice
Read the full wireless explanation →

During a wireless penetration test, an attacker captures the four-way handshake of a WPA2-PSK network and attempts to crack the passphrase offline. Which attack is the attacker likely using?

Question 5easymultiple choice
Read the full Network and Communications Security explanation →

Which protocol is used for secure web browsing and operates on TCP port 443?

Question 6mediummultiple choice
Read the full Network and Communications Security explanation →

An organization wants to ensure that only authorized devices can connect to the corporate wired network. Which technology should they implement to enforce this?

Question 7mediummultiple choice
Read the full Network and Communications Security explanation →

A network administrator wants to block all inbound traffic except for web and email services. Which firewall rule configuration would achieve this?

Question 8hardmultiple choice
Read the full Network and Communications Security explanation →

Which of the following is a characteristic of TLS 1.3 that improves security over previous versions?

Question 9easymultiple choice
Read the full Network and Communications Security explanation →

Which attack sends a flood of forged ICMP echo requests to a network's broadcast address to overwhelm a target?

Question 10mediummultiple choice
Read the full VPN explanation →

A company is deploying a VPN for remote employees. They require strong encryption and authentication, and the solution must be compatible with native OS clients without additional software. Which VPN protocol is most appropriate?

Question 11hardmultiple choice
Read the full wireless explanation →

During a security audit, a penetration tester successfully extracts the PMKID from a wireless beacon. What information can be derived from this attack?

Question 12mediummultiple choice
Read the full network assurance explanation →

Which UDP port is used by the Simple Network Management Protocol (SNMP) for receiving traps?

Question 13hardmulti select
Read the full Network and Communications Security explanation →

A security engineer is designing a network segmentation strategy to isolate a DMZ containing public-facing web servers from the internal corporate network. Which TWO controls should be implemented? (Select two)

Question 14mediummulti select
Read the full wireless explanation →

A company is migrating from WPA2 to WPA3 for wireless security. Which THREE features does WPA3 introduce? (Select three)

Question 15mediummulti select
Read the full DNS explanation →

A network administrator is troubleshooting a DNS poisoning attack. Which TWO countermeasures can help prevent such attacks? (Select two)

Question 16easymultiple choice
Read the full Network and Communications Security explanation →

Which of the following network protocols operates on TCP port 22 and provides secure remote administration of network devices?

Question 17mediummultiple choice
Read the full DHCP explanation →

An attacker sends a flood of DHCP request packets with spoofed MAC addresses to exhaust the DHCP server's IP address pool, preventing legitimate clients from obtaining IP addresses. This attack is known as:

Question 18hardmultiple choice
Read the full Network and Communications Security explanation →

During a penetration test, a security analyst captures a packet containing a gratuitous ARP reply that associates the attacker's MAC address with the default gateway's IP address. This is a classic indicator of which attack?

Question 19easymultiple choice
Read the full wireless explanation →

Which of the following wireless security protocols uses AES-CCMP and is based on the 802.11i standard?

Question 20mediummultiple choice
Read the full VPN explanation →

A security administrator is configuring a VPN between two branch offices. The requirement is to encrypt the entire original IP packet and add a new IP header for routing over the internet. Which IPsec mode should be used?

Question 21mediummultiple choice
Read the full Network and Communications Security explanation →

An organization wants to deploy a firewall that can inspect the payload of application-layer protocols such as HTTP and FTP, and make access decisions based on application data. Which type of firewall best meets this requirement?

Question 22hardmultiple choice
Read the full wireless explanation →

Which attack exploits the lack of IV (Initialization Vector) randomness in the RC4 algorithm to recover the Wi-Fi password, and is considered completely broken?

Question 23easymultiple choice
Read the full DHCP explanation →

Which of the following is a connectionless transport layer protocol primarily used for services like DNS and DHCP?

Question 24mediummultiple choice
Read the full Network and Communications Security explanation →

A security team is implementing Network Access Control (NAC) to enforce endpoint compliance before granting network access. Which technology allows port-based authentication on wired networks?

Question 25hardmultiple choice
Read the full Network and Communications Security explanation →

Which of the following best describes the function of SYN cookies in mitigating SYN flood attacks?

Question 26mediummultiple choice
Read the full VPN explanation →

An organization is planning to deploy a remote access VPN for employees. The solution must support strong encryption, mutual authentication, and work through firewalls without requiring additional ports. Which technology is most suitable?

Question 27easymultiple choice
Read the full Network and Communications Security explanation →

Which of the following is a common defense against ARP spoofing attacks on a local area network?

Question 28mediummulti select
Read the full Network and Communications Security explanation →

A security analyst is investigating a network incident. Which TWO of the following are indicators of a man-in-the-middle attack using ARP spoofing? (Select TWO)

Question 29hardmulti select
Read the full wireless explanation →

Which THREE of the following are security features of WPA3 compared to WPA2? (Select THREE)

Question 30mediummulti select
Read the full Network and Communications Security explanation →

A company is designing a network with multiple security zones. Which TWO of the following are best practices for network segmentation? (Select TWO)

Question 31easymultiple choice
Read the full Network and Communications Security explanation →

Which protocol is used to securely transfer files over a network and operates on TCP port 22?

Question 32easymultiple choice
Read the full DHCP explanation →

Which UDP port is used by the Dynamic Host Configuration Protocol (DHCP) for server communication?

Question 33mediummultiple choice
Read the full Network and Communications Security explanation →

An attacker sends a forged ARP reply associating the attacker's MAC address with the IP address of the default gateway. What type of attack is this?

Question 34mediummultiple choice
Read the full DHCP explanation →

A network administrator notices that legitimate clients are unable to obtain IP addresses from the DHCP server. The network logs show a high volume of DHCP Discover messages from different MAC addresses. Which attack is most likely occurring?

Question 35mediummultiple choice
Read the full DHCP explanation →

Which security control can prevent a rogue DHCP server from assigning incorrect gateway addresses to clients?

Question 36hardmultiple choice
Read the full Network and Communications Security explanation →

An organization deploys a firewall that examines the entire packet, including application-layer data, and can block specific commands or content. Which type of firewall is this?

Question 37mediummultiple choice
Read the full wireless explanation →

Which wireless security standard introduced the Simultaneous Authentication of Equals (SAE) handshake to replace the pre-shared key (PSK) method?

Question 38mediummultiple choice
Read the full wireless explanation →

A security analyst discovers that an attacker has set up a fake wireless access point with the same SSID as the corporate network. Users are unknowingly connecting to it. What is this attack called?

Question 39hardmultiple choice
Read the full VPN explanation →

In IPsec VPNs, which protocol provides authentication and encryption of the entire IP packet, including the IP header, in tunnel mode?

Question 40mediummultiple choice
Read the full Network and Communications Security explanation →

Which of the following is a primary advantage of using TLS 1.3 over earlier versions?

Question 41easymultiple choice
Read the full Network and Communications Security explanation →

What is the default port for Microsoft SQL Server?

Question 42hardmultiple choice
Read the full Network and Communications Security explanation →

Which network security control can enforce that only authorized devices with current antivirus and patches can connect to the network?

Question 43mediummulti select
Read the full Network and Communications Security explanation →

Which TWO of the following are methods to defend against SYN flood attacks? (Select TWO)

Question 44mediummulti select
Read the full Network and Communications Security explanation →

Which TWO of the following are characteristics of a Smurf attack? (Select TWO)

Question 45hardmulti select
Read the full VPN explanation →

Which THREE of the following are valid considerations when deploying a remote access VPN using SSL/TLS? (Select THREE)

Question 46easymultiple choice
Read the full DNS explanation →

Which transport layer protocol is used by DNS for its queries and responses, and why is it appropriate?

Question 47mediummultiple choice
Read the full Network and Communications Security explanation →

An attacker sends a gratuitous ARP reply associating the attacker's MAC address with the default gateway's IP address. Which attack is being performed, and what is the primary risk?

Question 48hardmultiple choice
Read the full Network and Communications Security explanation →

A security administrator is configuring a firewall to allow outbound web traffic from internal users. The firewall must inspect the application layer data to block malicious URLs. Which type of firewall should be used?

Question 49easymultiple choice
Read the full wireless explanation →

Which wireless security standard replaces WPA2 and mandates Protected Management Frames (PMF) to prevent certain types of attacks?

Question 50mediummultiple choice
Read the full wireless explanation →

During a security assessment, a penetration tester discovers that the network uses WPA2-PSK. Which attack could be used to recover the pre-shared key without interacting with the access point after capturing a single handshake?

Question 51hardmultiple choice
Read the full VPN explanation →

A security engineer is configuring a site-to-site VPN between two branch offices using IPsec in tunnel mode. Which protocol provides both authentication and encryption of the entire original IP packet?

Question 52mediummultiple choice
Open the full VLAN trunking answer →

An organization wants to ensure that only corporate-managed devices can connect to the internal network. Non-compliant devices should be placed in a restricted VLAN with limited access. Which technology should be deployed?

Question 53easymultiple choice
Read the full Network and Communications Security explanation →

Which TCP port is commonly used for secure web traffic (HTTPS) and is often allowed through firewalls for web browsing?

Question 54mediummultiple choice
Read the full Network and Communications Security explanation →

A system administrator notices a high number of half-open TCP connections to the company's web server. The server is becoming unresponsive. Which attack is likely occurring, and which mitigation is effective?

Question 55hardmultiple choice
Read the full DNS explanation →

A security analyst discovers that an internal DNS server is returning incorrect IP addresses for legitimate domains. The analyst suspects that an attacker has compromised the DNS resolver's cache. Which type of attack has likely occurred?

Question 56easymultiple choice
Read the full Network and Communications Security explanation →

Which protocol is used to securely transfer files between a client and server, typically over TCP port 22?

Question 57mediummultiple choice
Read the full Network and Communications Security explanation →

A network administrator is tasked with segmenting the network to isolate a DMZ containing public-facing web servers from the internal corporate network. Which device should be placed between the DMZ and internal network, and what type of traffic should it allow?

Question 58mediummulti select
Read the full VPN explanation →

A security auditor is reviewing the configuration of a remote access VPN. Which TWO features are considered best practices for securing the VPN connection?

Question 59hardmulti select
Read the full Network and Communications Security explanation →

An organization is deploying a network-based intrusion detection system (NIDS). The security team must decide on placement and configuration. Which THREE considerations are critical for effective NIDS deployment?

Question 60mediummulti select
Read the full wireless explanation →

During a wireless site survey, a security engineer identifies several security weaknesses. Which TWO measures should be implemented to improve wireless security for a corporate network using WPA2-Enterprise?

Question 61easymultiple choice
Read the full Network and Communications Security explanation →

Which of the following protocols operates on TCP port 443 and provides encrypted communication between a web browser and a web server?

Question 62mediummultiple choice
Read the full DHCP explanation →

An attacker sends a large number of DHCP request messages with spoofed MAC addresses to a network's DHCP server, causing the server to exhaust its IP address pool and deny service to legitimate clients. This attack is known as:

Question 63hardmultiple choice
Read the full DNS explanation →

A security analyst is investigating a network where an attacker successfully redirected traffic from a legitimate web server to a malicious server by corrupting the target domain's DNS records in a local resolver cache. Which attack technique was used?

Question 64mediummultiple choice
Read the full Network and Communications Security explanation →

A company wants to implement a firewall that can track the state of network connections and make decisions based on the context of traffic (e.g., allowing return packets for an established connection). Which type of firewall should they choose?

Question 65mediummultiple choice
Read the full wireless explanation →

Which wireless security protocol uses the Simultaneous Authentication of Equals (SAE) handshake to replace the Pre-Shared Key (PSK) method and provides stronger protection against offline dictionary attacks?

Question 66hardmultiple choice
Read the full VPN explanation →

An organization is setting up a site-to-site VPN between two branch offices. They require encryption of the entire IP packet, including the original IP header, and plan to use IPsec. Which mode should they configure?

Question 67mediummultiple choice
Read the full Network and Communications Security explanation →

A network administrator wants to prevent unauthorized devices from connecting to the wired network. Which technology can be used to enforce authentication at the switch port level before granting network access?

Question 68easymultiple choice
Read the full DNS explanation →

Which UDP port is used by the Domain Name System (DNS) for name resolution queries?

Question 69mediummultiple choice
Review the full subnetting walkthrough →

An attacker is performing a man-in-the-middle attack at Layer 2 by sending forged ARP messages to associate their MAC address with the IP address of a legitimate host on the same subnet. This attack is known as:

Question 70hardmultiple choice
Read the full Network and Communications Security explanation →

A security analyst is reviewing firewall logs and notices a high rate of TCP SYN packets to multiple ports on a server, but no corresponding ACK or RST packets. This is characteristic of which type of attack?

Question 71easymultiple choice
Read the full VPN explanation →

Which of the following is a secure remote access VPN protocol that uses TLS for encryption and is commonly used with Cisco AnyConnect?

Question 72mediummultiple choice
Read the full Network and Communications Security explanation →

A company wants to deploy a network IDS that can analyze traffic patterns and detect anomalies. Where should the IDS sensor be placed to monitor all traffic on a network segment without introducing latency?

Question 73mediummulti select
Read the full wireless explanation →

A security administrator is hardening a wireless network. Which TWO of the following should be avoided due to known vulnerabilities?

Question 74hardmulti select
Read the full Network and Communications Security explanation →

A security analyst is reviewing a TLS 1.3 deployment. Which THREE of the following are features of TLS 1.3?

Question 75mediummulti select
Read the full Network and Communications Security explanation →

An organization is designing network segmentation to protect sensitive data. Which TWO of the following are effective methods for implementing network segmentation?

Question 76mediummulti select
Read the full Network and Communications Security explanation →

A security analyst is investigating a potential ARP spoofing attack on a local network segment. Which TWO network security controls would be most effective in preventing or detecting such an attack at Layer 2?

Question 77hardmulti select
Read the full Network and Communications Security explanation →

A network administrator is designing a secure remote access solution for employees using company laptops. The solution must support strong authentication, encryption, and be resistant to man-in-the-middle attacks. Which THREE components should be included?

Question 78easymulti select
Read the full DHCP explanation →

During a security assessment, a penetration tester successfully performs a DHCP starvation attack followed by a DHCP spoofing attack. Which TWO outcomes are the most likely consequences of this combined attack?

Question 79mediummulti select
Read the full wireless explanation →

A company is migrating from WPA2-PSK to WPA3 for its wireless network. Which THREE benefits does WPA3 provide compared to WPA2?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SSCP Practice Test 1 — 25 Questions→SSCP Practice Test 2 — 25 Questions→SSCP Practice Test 3 — 25 Questions→SSCP Practice Test 4 — 25 Questions→SSCP Practice Test 5 — 25 Questions→SSCP Practice Exam 1 — 20 Questions→SSCP Practice Exam 2 — 20 Questions→SSCP Practice Exam 3 — 20 Questions→SSCP Practice Exam 4 — 20 Questions→Free SSCP Practice Test 1 — 30 Questions→Free SSCP Practice Test 2 — 30 Questions→Free SSCP Practice Test 3 — 30 Questions→SSCP Practice Questions 1 — 50 Questions→SSCP Practice Questions 2 — 50 Questions→SSCP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Access ControlsRisk Identification, Monitoring, and AnalysisIncident Response and RecoverySecurity Operations and AdministrationCryptographyNetwork and Communications SecuritySystems and Application SecurityRisk Identification, Monitoring and Analysis

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Network and Communications Security setsAll Network and Communications Security questionsSSCP Practice Hub