Communication and Network Security
Drill 19 practice questions focused entirely on Communication and Network Security for the ISC2 CISSP exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A hospital's wireless network keeps dropping clinical tablets from its access points. Analysis of captured traffic shows a steady stream of spoofed 802.11 deauthentication frames sourced from the legitimate AP's BSSID, forcing clients to disconnect repeatedly. The security team wants a standards-based control that prevents attackers from forging these management frames. Which measure most directly addresses this attack?
A retail chain offers free customer Wi-Fi using an open (unencrypted) SSID for convenience. Security notices that attackers are setting up rogue access points broadcasting the same SSID with stronger signal to lure customers into connecting, then intercepting their traffic and harvesting credentials from login portals. The business insists the guest network must remain frictionless with no pre-shared key or 802.1X. Which control BEST reduces the risk of these evil twin attacks while preserving open access?
A hospital's network team discovers that unauthorized laptops are being plugged into wall jacks in patient waiting areas and gaining access to the internal LAN. The team wants a solution that authenticates each device at the moment it connects to a switch port, before granting any network access, and can dynamically assign the device to an appropriate VLAN based on identity. Which control BEST meets this requirement?
A security analyst investigating intermittent session hijacking on a corporate LAN discovers that a rogue host is answering ARP requests for the default gateway's IP address, causing traffic destined for the gateway to be redirected through the attacker's machine. Which switch-based control would most effectively prevent this attack on the access layer?
A security team at a defense contractor discovers that executives traveling internationally are being targeted by rogue base stations that force their smartphones to downgrade from 5G/LTE to 2G, enabling interception of voice and SMS traffic. Which control most directly mitigates this IMSI-catcher (Stingray) attack technique?
A media company distributes premium video through a global content-distribution network (CDN). Analytics reveal that paying subscribers' video URLs are being shared and embedded on third-party sites, allowing non-subscribers to stream content for free (hotlinking). The origin server load is minimal because the CDN caches everything, but revenue is leaking. Which CDN-layer control most directly stops unauthorized reuse of the content URLs?
A financial services company discovers that some internal users were silently redirected to a fraudulent banking portal even though they typed the correct domain name. Investigation shows an attacker injected forged responses into the organization's recursive DNS resolver, causing it to store an incorrect IP-to-hostname mapping for a legitimate domain. Which control would most directly prevent this class of attack going forward?
A security architect discovers that several endpoints on the corporate network are using DNS over HTTPS (DoH) configured directly in their browsers, bypassing the organization's internal DNS resolvers. The security team relies on those resolvers to log queries, block known malicious domains, and detect DNS-based command-and-control traffic. Which consequence represents the MOST significant security concern the architect should address?
A hospital is deploying 802.1X authentication for its enterprise Wi-Fi network. Security requires that both the client devices and the RADIUS server mutually authenticate using X.509 certificates, eliminating any reliance on user passwords traversing the wireless link. Managed laptops already have client certificates provisioned via the corporate PKI. Which EAP method best satisfies these requirements?
A network engineer is configuring a site-to-site IPsec VPN between two corporate data centers using IKEv1 with pre-shared key authentication. Both gateways have static, well-known public IP addresses. During a security review, an auditor flags that the tunnel is configured to use IKE Aggressive Mode. What is the primary security concern the auditor is raising, and what is the appropriate remediation?
A network engineer must connect two branch offices over the public Internet. The requirement is that the entire original IP packet — including the internal source and destination addresses — be encrypted and hidden from anyone observing the traffic between the two site gateways, and that the gateways handle the encryption on behalf of all hosts behind them. Which IPsec configuration best satisfies these requirements?
A security engineer is deploying a network-based intrusion detection sensor to monitor traffic on a heavily utilized 10 Gbps link between the DMZ and the internal network. During a security incident, the team must guarantee that every packet — including malformed frames and traffic during peak saturation — is captured without impacting production flow or dropping frames. Which method of connecting the sensor to the monitored link best meets these requirements?
A financial services company needs to provide temporary remote access to a small group of third-party auditors who will use their own unmanaged laptops and kiosks in various locations. The auditors only need browser-based access to a single internal web application, and the security team wants to avoid installing or configuring any client software on the auditors' machines. Which remote access solution best fits these requirements?
A security analyst reviewing packet captures notices that an attacker on the same network segment successfully injected forged packets into an established TCP session between a client and an internal application server, taking over the session without knowing the user's credentials. The attacker guessed valid values to make the injected packets appear legitimate to the server. Which control would most directly prevent this type of session takeover?
A network engineer investigates an intermittent flood of ICMP echo replies overwhelming a company's edge router. Analysis shows external attackers are sending ICMP echo requests with a spoofed source address (the victim server's IP) to the company's network broadcast address, causing all internal hosts to reply and amplify traffic toward the victim. Which configuration change most directly prevents the company's network from being used as an amplifier in this attack?
A security engineer reviews the TLS configuration of a customer-facing web application. The scan reports that the server still negotiates TLS 1.0 and accepts cipher suites using CBC-mode with RC4 fallback. Penetration testers demonstrate a man-in-the-middle attack that forces the client and server to negotiate the weakest mutually supported protocol version. Which configuration change most directly mitigates this specific downgrade attack while preserving interoperability with modern clients?
A network engineer reviews switch configurations after a penetration test report indicates an attacker on an access port was able to inject frames that reached devices on a different VLAN without crossing a router. The report notes the attacker crafted frames containing two stacked 802.1Q tags. Which switch configuration weakness most directly enabled this attack, and what should be corrected?
A hospital is deploying a new VoIP telephony system. During a security review, an analyst captures traffic and finds that call setup messages containing extension numbers and caller identities are transmitted in cleartext, and the voice media streams can be reconstructed from captured packets. The security team must recommend protocols that protect BOTH the signaling and the media portions of the calls. Which combination best addresses this requirement?
A retail company is upgrading its corporate wireless infrastructure. The security architect wants to eliminate the risk of an attacker capturing the wireless handshake and later performing an offline dictionary attack to recover the pre-shared key. Employees will continue to use a shared passphrase rather than per-user 802.1X certificates. Which wireless security standard should the architect select to best mitigate this specific threat?
More CISSP practice
Keep going with the other ISC2 CISSP — Certified Information Systems Security Professional domains, or take a full timed mock exam.
← Back to CISSP overview