Log in Start practising free
CISSP

Communication & Network Security

32 free practice questions with explanations

Practise all 32 questions free →

PassNova has 32 free CISSP practice questions on Communication & Network Security, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Communication & Network Security: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 32 free in the browser.

  1. At which layer of the OSI model does a traditional packet-filtering firewall that makes decisions based solely on IP addresses and port numbers primarily operate?

    • A Layer 7 (Application)
    • B Layer 2 (Data Link)
    • C Layer 3 (Network) and Layer 4 (Transport)
    • D Layer 5 (Session)

    Answer: Packet-filtering firewalls inspect IP addresses (Layer 3) and TCP/UDP port numbers (Layer 4) to permit or deny traffic.

  2. Which IPsec component provides confidentiality, integrity, and authentication for the payload, whereas its companion protocol provides only integrity and authentication without encryption?

    • A Internet Key Exchange (IKE) provides confidentiality
    • B Security Association (SA) provides confidentiality
    • C Authentication Header (AH) provides confidentiality
    • D Encapsulating Security Payload (ESP) provides confidentiality

    Answer: Encapsulating Security Payload (ESP) encrypts the payload to provide confidentiality, while Authentication Header (AH) offers integrity and authentication only.

  3. An attacker sends a flood of TCP SYN packets with spoofed source addresses and never completes the handshake, exhausting the target's connection table. Which attack is this?

    • A SYN flood attack
    • B Teardrop attack
    • C DNS amplification attack
    • D Smurf attack

    Answer: A SYN flood sends many half-open connection requests without completing the three-way handshake, exhausting the server's backlog of pending connections.

  4. Which network segmentation approach isolates and forwards traffic based on logical groupings at Layer 2, allowing devices on the same physical switch to be separated into different broadcast domains?

    • A Virtual Local Area Network (VLAN)
    • B Demilitarized Zone (DMZ)
    • C Port Address Translation (PAT)
    • D Network Address Translation (NAT)

    Answer: A VLAN logically segments a switch into separate broadcast domains at Layer 2, isolating traffic without requiring separate physical hardware.

  5. Which wireless security protocol introduced Simultaneous Authentication of Equals (SAE) to replace the pre-shared key handshake and resist offline dictionary attacks?

    • A WPA3
    • B WEP
    • C WPA
    • D WPA2

    Answer: WPA3 replaced the WPA2 four-way handshake with Simultaneous Authentication of Equals (SAE, or Dragonfly), protecting against offline dictionary attacks.

  6. A security architect needs a protocol to securely manage network devices that provides encryption and integrity, replacing an older protocol that sent community strings in cleartext. Which version should be selected?

    • A SNMPv2c
    • B SNMPv3
    • C Telnet
    • D SNMPv1

    Answer: SNMPv3 adds authentication and encryption (the USM security model), unlike SNMPv1/v2c which transmit community strings in cleartext.

Start practising Communication & Network Security →
More CISSP topics

Practise another topic

Asset Security & Security Architecture47 questions Security Assessment, Testing & Operations37 questions Security & Risk Management36 questions Identity & Access Management32 questions Software Development Security16 questions
← Back to CISSP