Network Security
Drill 20 practice questions focused entirely on Network Security for the ISC2 CC exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
An attacker on the same office LAN sends forged replies mapping the default gateway's IP address to the attacker's own MAC address. Nearby workstations update their local tables and begin sending their internet-bound traffic to the attacker's machine instead of the router. Which technique is being used, and at which OSI layer does it operate?
A user connects to their bank's website over public Wi-Fi at a coffee shop. An attacker on the same network positions their device so that all traffic between the user and the bank router passes through the attacker's machine, allowing them to silently read and relay the communication in real time. Which type of attack is being described?
A software team deploys their application on a Platform as a Service (PaaS) offering. The cloud provider manages the operating system, runtime, and underlying infrastructure. During a security review, the team asks which security task remains their responsibility under the shared responsibility model. Which task is the customer responsible for?
A company migrates its application servers to a public cloud provider using an Infrastructure as a Service (IaaS) model. During a security review, the team debates who is responsible for applying operating system security patches on those virtual machines. According to the shared responsibility model, who is responsible?
A retail company's public website suddenly becomes unreachable. Monitoring shows the web servers are receiving an overwhelming volume of traffic from thousands of different IP addresses across the globe, consuming all available bandwidth and connection capacity so legitimate customers cannot load the site. What type of attack is most likely occurring?
A company runs a public-facing web server that customers access from the internet. The security team wants to allow this inbound public access while ensuring that if the web server is compromised, an attacker cannot directly reach the internal corporate network where sensitive databases and employee workstations reside. Which network design best meets this goal?
A company's users report that when they type their bank's URL into their browsers, they are redirected to a look-alike website that steals credentials. Investigation reveals that the resolver has cached forged records mapping the legitimate domain name to an attacker-controlled IP address. Which type of attack does this describe?
A network administrator is troubleshooting name-resolution failures on a workstation. Using a packet capture tool, she notices the workstation's DNS lookup requests are being sent to the resolver. Which transport protocol and default port are typically used for these standard DNS query requests?
A company has two branch offices that need to exchange sensitive internal data over the public internet. Management wants all traffic between the two office networks to be automatically encrypted without requiring individual employees to configure anything on their workstations. Which solution best meets this requirement?
A network technician is reviewing firewall logs and notices inbound connection attempts to TCP port 21 on a server that hosts file transfers. Which protocol is most likely being used on this port?
A network administrator is configuring firewall rules for a company's public-facing web server that must serve encrypted web pages to customers over the internet. Which port must the administrator allow through the firewall to permit this encrypted web traffic?
A company migrates several application servers to a public cloud provider using an Infrastructure as a Service (IaaS) model. During a security review, the team debates who is accountable for various layers of the environment. Under the shared responsibility model, which task remains the responsibility of the cloud service provider?
A network administrator wants to deploy a device that will monitor traffic on the internal network and generate alerts when it detects suspicious activity or known attack signatures. Management is concerned about accidentally blocking legitimate business traffic, so the device must NOT interfere with or drop any packets. Which technology best meets this requirement?
A small company has 40 internal workstations that all use private IP addresses. The office has only one public IP address assigned by its ISP, yet all 40 workstations can browse the internet simultaneously. Which technology on the company's router makes this possible?
A network administrator wants a device that not only detects malicious traffic patterns but also automatically blocks the offending packets before they reach internal servers. The device must be placed inline in the traffic path. Which technology best meets this requirement?
A network administrator is assigning IP addresses for an internal office LAN that will not be directly routable on the public internet. Which of the following addresses falls within a private (non-routable) IPv4 range suitable for this internal network?
A network administrator is documenting the addressing scheme for a new office. The organization is migrating from IPv4 to IPv6 to support address exhaustion concerns. When explaining the difference to junior staff, what is the correct address length of an IPv6 address?
A network engineer is planning a migration from IPv4 to IPv6 for a growing organization. Management asks what the primary driver was for developing IPv6 in the first place. Which answer best explains the fundamental reason IPv6 was created?
A network technician cannot reach a remote server and wants to confirm basic reachability and measure round-trip response time before escalating the issue. Which protocol is most directly used by the ping utility to perform this test?
A network technician is documenting the devices on the company LAN. She needs to identify the device that forwards traffic between hosts on the same local network by reading the destination hardware (MAC) address in each frame. At which OSI layer does this device primarily operate?
More CC practice
Keep going with the other ISC2 CC — Certified in Cybersecurity domains, or take a full timed mock exam.
← Back to CC overview