Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›N10-009›Objectives›Network Security
Objective 4.0

Network Security

N10-009 Practice Questions

Use this page to practise Network Security questions for this certification. Focus on how the exam tests network security in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

N10-009 Network Security — Key Topics

Network Security questions on this certification test your ability to deploy and manage network security concepts in scenario-based situations.

  • Core Network Security concepts and how they apply in real-world cloud scenarios.
  • How to deploy network security correctly and verify the outcome.
  • Troubleshooting network security issues by interpreting error output and system state.
  • Cloud best practices and Network Security design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Network Security

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

N10-009 Network Security — Practice Questions

30 questions from this objective

Question 2hardmultiple choice
Full question →

A security analyst notices that an attacker is sending crafted packets with overlapping IP fragments to a target server, causing the server to crash. Which type of attack is described?

Question 3hardmultiple choice
Read the full NAT/PAT explanation →

A company wants to implement network access control that requires users to authenticate before gaining access to the network. The NAC solution uses a policy that checks for antivirus updates and OS patches. Which component enforces the policy?

Question 4easymultiple choice
Full question →

A security auditor is reviewing firewall logs and notices repeated login attempts from a single external IP address to the company's SSH server. Which type of attack is likely occurring?

Question 5mediummultiple choice
Full question →

A network administrator wants to prevent unauthorized devices from connecting to the company's Ethernet ports. The company uses a centralized authentication server. Which IEEE standard should be implemented?

Question 6mediummultiple choice
Full question →

A security analyst notices that a web server is receiving a large number of ICMP echo reply packets from many different external hosts. The server did not send any echo requests. Which type of attack is most likely occurring?

Question 7easymultiple choice
Full question →

A company wants to ensure that only authorized employee computers can connect to the wired network. Each computer must be authenticated before it is granted access to the network. Which technology is designed to provide this port-based authentication?

Question 8easymultiple choice
Full question →

A security analyst notices that the company's web server is receiving a high volume of TCP SYN packets from a single source IP address, but the server is not completing the three-way handshake. Which type of attack is most likely occurring?

Question 9hardmultiple choice
Full question →

A security administrator is configuring a firewall to allow remote employees to access the company's internal web server (port 443) from the internet. The web server has an internal IP address of 10.0.0.5. The firewall has a public IP of 203.0.113.10. Which type of firewall rule should be created?

Question 10hardmultiple choice
Full question →

A security analyst is reviewing firewall logs and sees many incoming packets with a source IP address that matches the internal IP range of the company (10.0.0.0/8) arriving on the external interface. Which type of attack is likely being attempted?

Question 11hardmultiple choice
Read the full wireless explanation →

A security administrator is configuring a wireless network to use WPA3-Enterprise. Which authentication server protocol is required for WPA3-Enterprise?

Question 12hardmultiple choice
Read the full DHCP explanation →

A security analyst is reviewing DHCP server logs and notices that a single MAC address is sending an extremely high number of DHCP discover packets. The DHCP server is responding, but the client never sends a DHCP request. Which type of attack is most likely occurring?

Question 13mediummultiple choice
Full question →

A company is implementing 802.1X port-based authentication on its wired network to ensure only authorized devices can connect. Which of the following servers is required to authenticate users and devices?

Question 14mediummultiple choice
Read the full DHCP explanation →

A security analyst notices that the DHCP server is responding to a large number of DHCP Discover messages from a single MAC address, but that client never sends a DHCP Request to complete the lease. This pattern repeats continuously. Which type of attack is most likely occurring?

Question 15hardmultiple choice
Full question →

A company is implementing 802.1X port-based authentication on its wired network to control access. The network uses Active Directory for user accounts. Which type of server must be deployed to authenticate clients connecting to the switch ports?

Question 16mediummultiple choice
Read the full wireless explanation →

A company is deploying a wireless network that requires the highest level of security for client authentication. The network must use a RADIUS server. Which wireless security standard should be implemented?

Question 17hardmultiple choice
Full question →

A security analyst is investigating a potential breach. A network device shows logs indicating that it received packets with a source IP address belonging to the internal network range on its external (internet-facing) interface. This is a classic indication of which type of attack?

Question 18hardmultiple choice
Read the full DHCP explanation →

A security analyst is reviewing logs and finds that a single MAC address is rapidly requesting IP addresses from a DHCP server, each time with a different client ID. The DHCP server is exhausting its address pool. Which type of attack is occurring?

Question 19mediummultiple choice
Full question →

A network administrator is configuring a firewall to allow external users to securely access an internal web server. Which security technique should be used to place the web server in a separate, isolated network segment that is still accessible from the internet?

Question 20mediummultiple choice
Full question →

A network security analyst notices that the firewall is logging traffic on the external interface that has a source IP address of 10.0.1.5, which is within the internal network range. This is most likely the result of which type of attack?

Question 21hardmultiple choice
Full question →

An organization wants to implement a security solution that uses a cloud-based service to inspect all incoming web traffic for malware and policy violations before it reaches the internal network. This type of solution is known as a:

Question 22mediummultiple choice
Read the full wireless explanation →

A company wants to deploy a wireless network with the highest level of security for client authentication. The network will use a RADIUS server. Which authentication method should be used?

Question 23hardmultiple choice
Full question →

A network administrator reviews firewall logs and sees thousands of SYN packets coming from various source IP addresses to a single internal web server. No ACK or RST packets are observed from these sources. Which type of attack is most likely occurring?

Question 24easymultiple choice
Full question →

A company wants to allow external users to access a web server located in the DMZ. The firewall has three interfaces: inside, outside, and DMZ. Which firewall rule is necessary?

Question 25mediummultiple choice
Full question →

A company hosts a web server in a DMZ. The firewall has three interfaces: inside (corporate network), outside (Internet), and DMZ. Which firewall rule is necessary to allow external users to access the web server?

Question 26mediummultiple choice
Full question →

A network administrator notices that a large number of ICMP echo request packets are being sent to the broadcast address of the network from a single host. This is causing performance degradation. Which type of attack is this?

Question 27hardmultiple choice
Read the full DNS explanation →

A security analyst detects a large number of DNS queries for the same domain from multiple internal hosts. The responses contain large payloads. Which type of attack is likely occurring?

Question 28mediummultiple choice
Full question →

A company wants to allow inbound HTTPS traffic to a web server located in the DMZ from the Internet. The firewall has three interfaces: Inside (corporate network), Outside (Internet), and DMZ (web server). Which of the following firewall rules is required?

Question 29easymultiple choice
Read the full DHCP explanation →

A network administrator wants to prevent unauthorized DHCP servers from offering IP addresses to clients on a switch. Which security feature should be enabled?

Question 30hardmultiple choice
Full question →

A security analyst needs to deploy a device that can perform deep packet inspection and block specific application-layer attacks in real time. Which of the following devices is MOST appropriate for this purpose?

Question 31hardmultiple choice
Review the full subnetting walkthrough →

A security analyst receives an alert that an internal user's workstation is sending a high volume of ARP requests for multiple IP addresses on the local subnet. The analyst suspects a man-in-the-middle attack. Which security mechanism is most effective at mitigating this type of attack on a switched network?

More Network Security questions available in the full practice test.

Continue Practising →
←

Previous objective

Network Operations

Next objective

Network Troubleshooting

→

All N10-009 Objectives

  • 1.Networking Concepts
  • 2.Network Implementation
  • 3.Network Operations
  • 4.Network Security
  • 5.Network Troubleshooting