CC · topic practice

Network Security practice questions

Use this page to practise Network Security questions for this certification. Focus on how the exam tests network security in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Network Security

What the exam tests

What to know about Network Security

Network Security questions on this certification test your ability to deploy and manage network security concepts in scenario-based situations.

Core Network Security concepts and how they apply in real-world cloud scenarios.

How to deploy network security correctly and verify the outcome.

Troubleshooting network security issues by interpreting error output and system state.

Cloud best practices and Network Security design trade-offs tested by this certification.

Watch out for

Common Network Security exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Network Security questions

20 questions · select your answer, then reveal the explanation

A security analyst notices that an internal web server is receiving a high volume of TCP SYN packets from a single external IP address, but the server is not sending SYN-ACK replies. The server's CPU and memory usage are normal. What is the most likely cause?

Question 2mediummultiple choice
Read the full Network Security explanation →

A network administrator is designing a DMZ to host a public-facing web server and a database server that should only be accessible from the web server. Which of the following firewall rule sets best achieves this design?

A company's network uses 802.1X authentication with PEAP-MSCHAPv2 on wired ports. Users report that after a recent switch firmware update, some workstations fail to authenticate intermittently, while others work fine. The authentication server logs show 'Authentication failed: Unknown CA certificate' for affected workstations. What is the most likely cause?

Question 4easymultiple choice
Review the full subnetting walkthrough →

A security engineer is configuring a network intrusion detection system (NIDS) to monitor traffic on a critical subnet. To minimize false positives, which of the following should the engineer baseline first?

Question 5mediummultiple choice
Read the full VPN explanation →

A company's remote access VPN uses IPsec with pre-shared keys. Employees report that they cannot connect from home. The VPN server logs show 'IKE authentication failed.' The help desk confirms the pre-shared keys are correct. Which of the following is the most likely cause?

During a security audit, a penetration tester captures network traffic and finds that some packets have the IP ID field set to 0 and the DF (Don't Fragment) flag set. What is this technique attempting to do?

Question 7mediummulti select
Read the full wireless explanation →

Which TWO of the following are best practices for securing a wireless network? (Select exactly two.)

Which THREE of the following are characteristics of a stateful firewall? (Select exactly three.)

Question 9mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. An administrator configures the above ACLs on a router. The goal is to allow internal users (192.168.1.0/24) to browse the web, and to allow SSH management from the internet to a server at 10.0.0.10. However, users report that they cannot browse external websites. What is the most likely reason?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group OUTBOUND out
!
interface GigabitEthernet0/2
 ip address 10.0.0.1 255.255.255.0
 ip access-group INBOUND in
!
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any
!
access-list 110 permit tcp any host 10.0.0.10 eq 22
access-list 110 permit icmp any host 10.0.0.10 echo-reply
access-list 110 deny ip any any

Refer to the exhibit. An IDS generates this alert for traffic from an internal server (10.1.1.50) to an external IP on port 443. The security team investigates and finds that the server is a web application that normally uses TLS 1.2. What does this alert most likely indicate?

Exhibit

Refer to the exhibit.

[IDS Alert Log]
Timestamp: 2024-03-15 10:23:45
Signature: ET POLICY Outgoing SSLv3 Handshake (Possible SSL Stripping)
Source IP: 10.1.1.50
Destination IP: 203.0.113.10
Protocol: TCP
Port: 443
Payload: [Hex dump of ClientHello with version 3.0]
Question 11hardmultiple choice
Open the full VLAN trunking answer →

A medium-sized company uses a network with three VLANs: VLAN 10 (Users, 192.168.10.0/24), VLAN 20 (Servers, 192.168.20.0/24), and VLAN 30 (DMZ, 192.168.30.0/24). A Layer 3 switch with an ACL is used for inter-VLAN routing. The company has a web server in the DMZ that must be accessible from the internet (via a public IP mapped to 192.168.30.10). Users in VLAN 10 need to access the web server on its private IP (192.168.30.10) for internal testing. The ACL is applied inbound on the VLAN 10 SVI. The ACL currently has the following entries: permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255; deny ip any 192.168.20.0 0.0.0.255; permit ip any any. Recently, the security team noticed that users can access the web server on its private IP, but they cannot access the web server via the public IP (which goes through the firewall and then to the DMZ). The firewall logs show that traffic from the users to the public IP is allowed and reaches the DMZ web server, but the return traffic is blocked. The web server's default gateway is the Layer 3 switch (192.168.30.1). Which of the following is the most likely cause of the problem?

A network security team is implementing a defense-in-depth strategy. Which TWO of the following controls are examples of network segmentation? (Choose two.)

Question 13mediummultiple choice
Read the full Network Security explanation →

Based on the exhibit, what is the most likely result of the client's HTTP request?

Exhibit

Refer to the exhibit.

Router# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group BLOCK_HTTP in
!
ip access-list extended BLOCK_HTTP
 deny tcp any any eq 80
 permit ip any any

A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.
Question 14hardmultiple choice
Open the full VLAN trunking answer →

You are the network security lead for a medium-sized financial firm with 500 employees. The network consists of a core switch, distribution switches, and access switches. There are three main VLANs: VLAN 10 (Management - 192.168.10.0/24), VLAN 20 (Finance - 192.168.20.0/24), and VLAN 30 (Guest Wi-Fi - 192.168.30.0/24). The network uses a single firewall with three interfaces: inside (trusted), outside (untrusted), and DMZ. The firewall is configured with default-deny rules. Recently, the helpdesk reported that employees in the Finance VLAN cannot access a web-based accounting application hosted on a server at 10.0.0.5, which is in the DMZ. The server's default gateway is the firewall's DMZ interface (10.0.0.1). The accounting application runs on HTTPS (TCP 443). Employees in the Management VLAN can access the application without issue. You have verified that the Finance VLAN has connectivity to the firewall's inside interface (192.168.20.1). The firewall's inside interface has an IP of 192.168.20.1. There is no ACL on the inside interface. The firewall's DMZ interface has an ACL permitting TCP/443 from any to 10.0.0.5. The firewall's routing table shows a route to 10.0.0.0/24 via DMZ interface. What is the most likely cause of the issue?

Drag and drop the steps for the incident response process according to NIST into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Drag and drop the steps to recover a system from a verified backup after a ransomware attack into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each network security concept to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Filters traffic based on rules

Segments public-facing servers

Maps private to public IPs

Encrypts data over public networks

Monitors for suspicious activity

Match each risk management term to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Weakness in a system

Potential cause of harm

Likelihood and impact of a threat exploiting a vulnerability

Control to mitigate risk

A network administrator notices unusual traffic from an internal workstation to an external IP address on port 443. The workstation has no business reason for such communication. Which action should the administrator take first?

Question 20mediummultiple choice
Read the full Network Security explanation →

A security engineer is designing a DMZ for a web server that must be accessible from the internet. The web server needs to query an internal database server. Which network security approach best limits exposure?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Network Security sessions

Start a Network Security only practice session

Every question in these sessions is drawn from the Network Security domain — nothing else.

Related practice questions

Related CC topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CC exam test about Network Security?
Network Security questions on this certification test your ability to deploy and manage network security concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Network Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Network Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CC topics?
Use the topic links above to move to related areas, or go back to the CC question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CC exam covers. They are not copied from any real exam or dump site.