CISSP · topic practice

Communication and Network Security practice questions

Practise Certified Information Systems Security Professional CISSP Communication and Network Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Communication and Network Security

What the exam tests

What to know about Communication and Network Security

Communication and Network Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Communication and Network Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Communication and Network Security questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full VPN explanation →

A security engineer is troubleshooting a network where internal users can access internet websites but cannot reach the company's external VPN server (IP 203.0.113.50, UDP port 500). The firewall rule for VPN traffic is correctly configured. What is the most likely cause?

A network architect is designing a secure connection between two data centers across an untrusted WAN. The requirement is to encrypt all traffic and authenticate both endpoints. Which protocol should be used?

Question 3easymultiple choice
Review the full subnetting walkthrough →

A network administrator notices that users in the accounting department can access the internet but are unable to access the internal payroll server (10.10.10.50). The firewall rule allows traffic from the accounting subnet (10.10.20.0/24) to the payroll server. What is the most likely issue?

Question 4mediummultiple choice
Read the full wireless explanation →

A company uses WPA2-Enterprise with EAP-TLS for wireless access. An employee reports that a new laptop cannot connect to the wireless network, while older laptops work fine. The employee has installed the correct client certificate. What is the most likely cause?

A network engineer is configuring a firewall to allow HTTP traffic from the internet to a web server (10.0.0.10). The firewall has three interfaces: outside (ISP), DMZ (10.0.0.0/24), and inside (192.168.1.0/24). The web server is in the DMZ. Which rule is correct?

Question 6easymultiple choice
Read the full VPN explanation →

An organization wants to ensure that employees can securely access internal applications from home. They deploy a VPN solution. Which VPN type provides the strongest encryption and is most commonly used for remote access?

A security analyst is reviewing network logs and sees repeated failed connection attempts from an external IP to the company's SSH server (port 22). The firewall has a rule allowing SSH from anywhere. What is the best immediate action to reduce risk?

Question 8hardmulti select
Open the full VLAN trunking answer →

Which TWO security controls are most effective in preventing VLAN hopping attacks?

Question 9mediummulti select
Read the full wireless explanation →

Which THREE of the following are best practices for securing a wireless network?

Which TWO of the following are valid reasons to implement network segmentation?

Question 11hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. The ACL is applied inbound on the DMZ interface. What is the effect of this configuration?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 description DMZ to Web Server
 ip address 10.0.0.1 255.255.255.0
!
interface GigabitEthernet0/2
 description Inside to Corp Network
 ip address 192.168.1.1 255.255.255.0
!
access-list 100 permit tcp any host 10.0.0.10 eq 80
access-list 100 permit tcp host 10.0.0.10 any established
access-list 100 deny ip any any
!
interface GigabitEthernet0/1
 ip access-group 100 in
Question 12easymultiple choice
Read the full VPN explanation →

Refer to the exhibit. The VPN tunnel is not coming up. What is the most likely configuration error?

Exhibit

Refer to the exhibit.

$$$ START CONFIG
crypto isakmp policy 10
 encryption aes 256
 hash sha256
 authentication pre-share
 group 14
 lifetime 86400
crypto isakmp key cisco123 address 203.0.113.1
!
crypto ipsec transform-set TSET esp-aes 256 esp-sha256-hmac
!
crypto map CMAP 10 ipsec-isakmp
 set peer 203.0.113.1
 set transform-set TSET
 match address 101
!
interface Tunnel0
 ip address 10.0.0.1 255.255.255.252
 tunnel source GigabitEthernet0/0
 tunnel destination 203.0.113.1
 crypto map CMAP
$$$ END CONFIG
Question 13hardmultiple choice
Read the full MPLS explanation →

You are the security architect for a global financial firm. The organization has recently deployed a new cloud-based application that requires low-latency connections between data centers in New York, London, and Tokyo. The existing WAN uses MPLS L3 VPNs with IPsec encryption. However, the application team reports excessive latency and packet loss during peak hours. The network team confirms that the MPLS links are underutilized, but the IPsec tunnels show high CPU usage on the edge routers. Additionally, the security policy mandates that all inter-data center traffic must be encrypted and authenticated. The firm has a budget for hardware upgrades but wants to minimize operational changes. Which of the following is the BEST course of action?

Drag and drop the steps for a secure software development lifecycle (SDLC) in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each threat type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fraudulent emails to obtain sensitive info

Targeted phishing at specific individuals

Phishing targeting senior executives

Voice phishing over phone

Phishing via SMS

Question 16easymultiple choice
Open the full VLAN trunking answer →

A company uses VLANs to separate traffic between the IT, HR, and Finance departments. A user in the HR VLAN reports that she cannot access a file server located in the IT VLAN. The file server's default gateway is correctly set to the IT VLAN interface. All workstations have correct IP addresses and subnet masks. What is the most likely cause of this issue?

A network security analyst receives an alert from the intrusion detection system (IDS) indicating a high volume of TCP SYN packets to a single external IP address from a compromised internal host. This is characteristic of which type of attack?

Question 18easymultiple choice
Read the full wireless explanation →

A company is deploying a wireless network for guests. The security requirement is to provide internet access only, with no access to the internal corporate network. Which technology should be used?

Question 19mediummultiple choice
Read the full VPN explanation →

An organization is implementing IPsec VPN tunnels between multiple branch offices and the main office. The security team notices that the VPN tunnels are established successfully but no traffic passes through. Which of the following is the most likely cause?

A company recently suffered a data breach where an attacker was able to intercept network traffic and read sensitive data. Which network security control should be implemented to prevent this type of attack?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Communication and Network Security sessions

Start a Communication and Network Security only practice session

Every question in these sessions is drawn from the Communication and Network Security domain — nothing else.

Related practice questions

Related CISSP topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISSP exam test about Communication and Network Security?
Communication and Network Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Communication and Network Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Communication and Network Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISSP topics?
Use the topic links above to move to related areas, or go back to the CISSP question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISSP exam covers. They are not copied from any real exam or dump site.