ISC2 CC — Certified in Cybersecurity · Domain 4 · 24% of exam

Network Security

Drill 20 practice questions focused entirely on Network Security for the ISC2 CC exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

An attacker on the same office LAN sends forged replies mapping the default gateway's IP address to the attacker's own MAC address. Nearby workstations update their local tables and begin sending their internet-bound traffic to the attacker's machine instead of the router. Which technique is being used, and at which OSI layer does it operate?

Reviewed for accuracy · Report an issue
Question 2 of 20

A user connects to their bank's website over public Wi-Fi at a coffee shop. An attacker on the same network positions their device so that all traffic between the user and the bank router passes through the attacker's machine, allowing them to silently read and relay the communication in real time. Which type of attack is being described?

Reviewed for accuracy · Report an issue
Question 3 of 20

A software team deploys their application on a Platform as a Service (PaaS) offering. The cloud provider manages the operating system, runtime, and underlying infrastructure. During a security review, the team asks which security task remains their responsibility under the shared responsibility model. Which task is the customer responsible for?

Reviewed for accuracy · Report an issue
Question 4 of 20

A company migrates its application servers to a public cloud provider using an Infrastructure as a Service (IaaS) model. During a security review, the team debates who is responsible for applying operating system security patches on those virtual machines. According to the shared responsibility model, who is responsible?

Reviewed for accuracy · Report an issue
Question 5 of 20

A retail company's public website suddenly becomes unreachable. Monitoring shows the web servers are receiving an overwhelming volume of traffic from thousands of different IP addresses across the globe, consuming all available bandwidth and connection capacity so legitimate customers cannot load the site. What type of attack is most likely occurring?

Reviewed for accuracy · Report an issue
Question 6 of 20

A company runs a public-facing web server that customers access from the internet. The security team wants to allow this inbound public access while ensuring that if the web server is compromised, an attacker cannot directly reach the internal corporate network where sensitive databases and employee workstations reside. Which network design best meets this goal?

Reviewed for accuracy · Report an issue
Question 7 of 20

A company's users report that when they type their bank's URL into their browsers, they are redirected to a look-alike website that steals credentials. Investigation reveals that the resolver has cached forged records mapping the legitimate domain name to an attacker-controlled IP address. Which type of attack does this describe?

Reviewed for accuracy · Report an issue
Question 8 of 20

A network administrator is troubleshooting name-resolution failures on a workstation. Using a packet capture tool, she notices the workstation's DNS lookup requests are being sent to the resolver. Which transport protocol and default port are typically used for these standard DNS query requests?

Reviewed for accuracy · Report an issue
Question 9 of 20

A company has two branch offices that need to exchange sensitive internal data over the public internet. Management wants all traffic between the two office networks to be automatically encrypted without requiring individual employees to configure anything on their workstations. Which solution best meets this requirement?

Reviewed for accuracy · Report an issue
Question 10 of 20

A network technician is reviewing firewall logs and notices inbound connection attempts to TCP port 21 on a server that hosts file transfers. Which protocol is most likely being used on this port?

Reviewed for accuracy · Report an issue
Question 11 of 20

A network administrator is configuring firewall rules for a company's public-facing web server that must serve encrypted web pages to customers over the internet. Which port must the administrator allow through the firewall to permit this encrypted web traffic?

Reviewed for accuracy · Report an issue
Question 12 of 20

A company migrates several application servers to a public cloud provider using an Infrastructure as a Service (IaaS) model. During a security review, the team debates who is accountable for various layers of the environment. Under the shared responsibility model, which task remains the responsibility of the cloud service provider?

Reviewed for accuracy · Report an issue
Question 13 of 20

A network administrator wants to deploy a device that will monitor traffic on the internal network and generate alerts when it detects suspicious activity or known attack signatures. Management is concerned about accidentally blocking legitimate business traffic, so the device must NOT interfere with or drop any packets. Which technology best meets this requirement?

Reviewed for accuracy · Report an issue
Question 14 of 20

A small company has 40 internal workstations that all use private IP addresses. The office has only one public IP address assigned by its ISP, yet all 40 workstations can browse the internet simultaneously. Which technology on the company's router makes this possible?

Reviewed for accuracy · Report an issue
Question 15 of 20

A network administrator wants a device that not only detects malicious traffic patterns but also automatically blocks the offending packets before they reach internal servers. The device must be placed inline in the traffic path. Which technology best meets this requirement?

Reviewed for accuracy · Report an issue
Question 16 of 20

A network administrator is assigning IP addresses for an internal office LAN that will not be directly routable on the public internet. Which of the following addresses falls within a private (non-routable) IPv4 range suitable for this internal network?

Reviewed for accuracy · Report an issue
Question 17 of 20

A network administrator is documenting the addressing scheme for a new office. The organization is migrating from IPv4 to IPv6 to support address exhaustion concerns. When explaining the difference to junior staff, what is the correct address length of an IPv6 address?

Reviewed for accuracy · Report an issue
Question 18 of 20

A network engineer is planning a migration from IPv4 to IPv6 for a growing organization. Management asks what the primary driver was for developing IPv6 in the first place. Which answer best explains the fundamental reason IPv6 was created?

Reviewed for accuracy · Report an issue
Question 19 of 20

A network technician cannot reach a remote server and wants to confirm basic reachability and measure round-trip response time before escalating the issue. Which protocol is most directly used by the ping utility to perform this test?

Reviewed for accuracy · Report an issue
Question 20 of 20

A network technician is documenting the devices on the company LAN. She needs to identify the device that forwards traffic between hosts on the same local network by reading the destination hardware (MAC) address in each frame. At which OSI layer does this device primarily operate?

Reviewed for accuracy · Report an issue

More CC practice

Keep going with the other ISC2 CC — Certified in Cybersecurity domains, or take a full timed mock exam.

← Back to CC overview