Understanding security around network and communications design principles is critical to passing the CISSP exam, and you need to score well because there is a high 13% weighting on this topic.
Practice questions for domain 4 include understanding the OSI layers, the TCP/IP model, IPsec, the details of IPv4, and the basics of IPv6. The successful CISSP will know how to design, secure, and manage wired and wireless networks.
After studying these practice questions, you will be prepared to pass the communication and network security section of the exam, including the important scenarios on networking protocols, wireless networks, and content distribution networks.
- James, a network engineer, considers using SCP for copying files from one computer to another. Which connection-oriented protocol will be used?
A. PAP
B. TCP
C. UDP
D. ICMP
- Daria, a network engineer, seeks to set up a network that uses CSMA/CA. Which of the following should she select?
A. Wi-Fi
B. FDDI
C. Ethernet
D. Token Ring
- Dennis, a systems engineer, is upgrading 10 fax machines. What process should he use to dispose of the old fax machines?
A. Print the last fax, and then dump in a dumpster.
B. Use secure destruction methods.
C. Clear the memory buffer and then discard.
D. Simply dump in a dumpster.
- Melanie, a systems administrator, needs a secure, private connection from her home to the office. Which technology makes this possible for her?
A. IPsec
B. Encryption
C. Tunneling
D. VPN
- Emil is a network administrator setting up systems so that when users use FQDN, they are converted to IP addresses. Which technology is he configuring? (Choose two.)
A. HTTPD
B. NAMED
C. DHCPD
D. BIND
- Danka, a network engineer, desires to add routers that make routing decisions based on hop count only. Which protocol should she select?
A. EIGRP
B. RIP
C. OSPF
D. IGRP
- Camila is a network engineer in charge of the placement of detection systems for her organization. What type of device does she install for this functionality?
A. Firewall
B. IDS
C. IPS
D. HIPS
- Sugita is a network engineer installing Network Intrusion Prevention Systems (NIPS) in his organization. What are the two methods he should employ to detect incidents and attacks? (Choose two.)
A. Host
B. Network
C. Heuristic
D. Pattern matching
- Uchiyama is a network engineer tasked with explaining to management the differences between fraggle and smurf attacks. Which of the following is his BEST explanation?
A. A fraggle attack is the same as a smurf attack but sends UDP packets instead of ICMP packets.
B. A fraggle attack is the same as a smurf attack but sends ICMP packets instead of UDP packets.
C. A fraggle attack is the same as a smurf attack but sends TCP packets instead of UDP packets.
D. A fraggle attack is the same as a smurf attack but sends half-open packets instead of ICMP packets.
- Darcey, a network administrator, needs to set up a web server that allows customer access. To do this, the device sits outside of the corporate firewall. In which area should she deploy this system?
A. Intranet
B. DMZ
C. Internet
D. Honeypot
- IPv4 allows for about 4.3 billion IP addresses to be used on computers, tablets, smartphones, cameras, thermometers, and so on. Since the world ran out of IP addresses, IPv6 is one solution that extends the address space to more than 300 trillion trillion trillion IP addresses. What other systems increase IP address utilization? (Choose two.)
A. DAT
B. FAT
C. NAT
D. PAT
- Kirlyam is a security administrator seeking the best way to defend her organization's network against sniffing. What is the BEST way for her to accomplish this?
A. Enable DHCP.
B. Encryption.
C. Monitor for rogue access points.
D. Heuristic firewall.
- Aya is a network engineer looking to implement a security protocol that operates on the OSI application layer. Which of the following does she select?
A. S/MIME
B. RIP
C. SSL
D. TLS
- Which of the following is an attack on web applications that injects client-side scripts into a web page?
A. XSRF
B. XSS
C. SQL injection
D. Input validation
- Yamir, a network administrator, is asked to install a router to separate two networks within his LAN where there are no web or email services, instead of a firewall. After asking "Why not a firewall?", how does his network manager respond?
A. Firewalls are less expensive.
B. Routers are less expensive.
C. Routers are stateful by default.
D. Routers are stateless by default.
- Which VPN protocol operates at layer 2 of the OSI model using 256-bit encryption?
A. PPTP
B. L2TP
C. PPP
D. IPsec
- Chelsea is a security engineer completing setups for a single-sign-on system. Which system should she set up for the MOST secure authentication?
A. EAP
B. PAP
C. MD5
D. AES
- A full-mesh network of four nodes requires how many connections?
A. 7
B. 6
C. 5
D. 4
- Evelin is a network engineer tasked with architecting the network connection from headquarters to a field office 50 miles away. Which solution should she choose for BEST security and performance?
A. 802.11n
B. CAT5 cable
C. Coaxial cable
D. Fiber optic media
- Brett is a network manager architecting a wired network through KloutCo. Part of the cabling will run above drop ceilings and through raised floors. Which of the following is his BEST recommendation?
A. Use standard-grade cables because it is the least expensive.
B. Use plenum-grade cables because in the case of a fire, standard-grade cables emit deadly gas.
C. Use standard-grade cables because they are fireproof.
D. Use plenum-grade cables because of their encryption features.
- Daya, a network engineer, desires to configure a network using a star-type topology. Which of the following should she select?
A. Partial mesh
B. Wi-Fi
C. Token ring
D. Bus
- Which of the following BEST describes the Media Access Control (MAC) address burned into a Network Interface Card (NIC)?
A. A MAC address is 24 bits, and the whole thing is a manufacturer code.
B. A MAC address is 24 bits, and the whole thing defines a unique address.
C. A MAC address is 48 bits, and 24 bits define the manufacturer.
D. A MAC address is 96 bits, and 48 bits define the manufacturer.
- Cassia is an ethical hacker who cannot penetrate the network due to an advanced firewall. Which of the following should be her next step?
A. Conclude the test and inform the client that their security levels will stop all attacks.
B. Conduct reconnaissance.
C. Attempt war dialing.
D. Collect data using OSINT.
- What is the primary purpose of an attacker launching an ARP poisoning attack?
A. As a man-in-the-middle exploit
B. To change the network's ARP table
C. To modify IP addresses
D. To decrease the acceptable resource pool
- Jason, an ethical hacker, is working with Jefferson Bank to perform a penetration test. Which of the following is the MOST important step for him to complete?
A. Reconnaissance.
B. Confirm management buy-in by having them sign the working agreement.
C. Network mapping and scanning for open ports and other vulnerabilities.
D. Running the exploit.
- Wireless access points and wireless systems use which technology?
A. CSMA/CD
B. Polling controls
C. Token passing
D. CSMA/CA
- Which of these is NOT an attribute of a packet filter firewall?
A. Makes use of access control lists
B. Runs at the application layer
C. Is a first-generation firewall type
D. Inspects the source and destination addresses
- TACACS and TACACS+ systems have which of the following two features? (Choose two.)
A. Allows password changes
B. Communicates via UDP protocols
C. Encrypts passwords but not data
D. Two-factor authentication
- Which of the following BEST describes UTP cables?
A. UTP cables have two conductors in concentric circles.
B. UTP cables have two insulated twisted wires.
C. UTP cables transfer data using laser signals.
D. UTP cables have a range of 1 km before data signal loss.
- Alexei is a marketing representative for GL Food Bars and maintains a mailing list for 5,000 customers. His ISP alerts him that his email server is sending spam to millions of users at 100 messages per minute. What is MOST LIKELY the problem?
A. The most recent update to the email server was buggy.
B. Millions of new clients have signed up for GL Food Bars information
C. Hackers have compromised his email list.
D. He has an open relay SMTP server.
- Loren runs the networking department and desires to architect a system for her website customers that will simplify scalability, improve security, and ease implementation on various devices, such as smartphones, smartwatches, and laptops. Which model should she select?
A. Demilitarized zone
B. N-tier architecture
C. Split DNS
D. Split tunneling
- Benvele is a hacker launching attacks on smartphones to gain access and download photos and contacts. What type of attack is this?
A. Bluesnarfing
B. Bluejacking
C. Bluebugging
D. BlueBorne
- Kyle is a secretary working fast to get work done for his boss. During a short break, he visits social media and clicks a link for cheap Ray-Ban glasses. Unbeknownst to Kyle, a hacker has downloaded his browser's cookies. What is the name of this attack?
A. XSRF
B. XSS
C. Cookie stealing
D. Cookie monster
- Fernando is a salesperson visiting one of his corporate field locations. He has the Wi-Fi password but still cannot access the internet because his browser requests another username and password. What is MOST LIKELY to be the trouble?
A. The RADIUS server is not granting him a ticket.
B. The SAML system has an incorrect password.
C. Improper user ID for extensible authentication protocol.
D. Port authentication is required through 802.1x.
- Two popular networking models include OSI and TCP/IP. The TCP/IP application layer represents which layer(s) of the OSI model?
A. Transport, session, presentation, application
B. Session, presentation, application
C. Presentation, application
D. Application
- Graphical imagery, whether it is JPEG, TIFF, or GIF, is generally processed in which layer of the OSI model?
A. Application
B. Presentation
C. Session
D. Transport
- Mikoopst is a hacker seeking vulnerabilities to attack a bank and steal money electronically. Which network device is likely to be the weakest vulnerability?
A. The bank website
B. The firewall
C. Fish tank thermometer
D. The internal corporate website
- Which protocol uses sequence and acknowledgment numbers to keep track of communications?
A. ICMP
B. UDP
C. TCP
D. IP
- Sandor is a hacker attacking a user's online banking experience. While the user is logged in to their banking account, the user clicks an enticing email for free check-printing from their bank and allows the attacker to transfer money from the user's bank account. Which of the following BEST describes this attack?
A. TCP hijacking
B. XSRF
C. XSS
D. SQL injection
- Which of the following is an example of protocols that would operate at the session layer of the OSI model?
A. RPC and FTP
B. PAP and PPTP
C. TCP and UDP
D. ICMP and RIP
- Aleksandra is an ethical hacker manipulating TTL values to determine where firewalls are located. What technique is she using?
A. Ping-of-death
B. TTL trace
C. Tracerouting
D. Firewalking
- The networking system designed to guarantee good performance of data flow and prioritize applications is known as what?
A. Prioritization
B. QoS
C. Service quality
D. Guaranflo
- Jorge is starting a new CBD business and desires to set up his online shopping cart. He wants users to trust his store, so he registers a digital certificate with which role for the PKI?
A. RA
B. CA
C. CRL
D. Root
- What is the primary difference between baseband and broadband technologies?
A. Baseband is for cable TV only.
B. Baseband transmits over a single channel, and broadband over multiple channels simultaneously.
C. Broadband is for cable TV only.
D. Broadband transmits over a single channel, and baseband over multiple channels simultaneously.
- Anfisa, a network engineer is asked to inspect a network and determine whether it should be upgraded to fiber optic. Building-to-building connections are connected using coaxial cables, and privacy information is showing up on PASTEBIN. What is her recommendation for BEST security?
A. Save money and make no changes because fiber optic cable is expensive.
B. Save money and enable encryption for business-to-business communications.
C. Upgrade the network to fiber because it is less expensive than STP.
D. Upgrade the network to fiber because EMI transmissions are being intercepted.
- Philyuk is a sales manager who is ready to get to work. He opens his laptop, connects to the Wi-Fi, but cannot access the internet. He notices that he has an IP address of 169.254.3.4 but still cannot access his online bank. What is MOST LIKELY to be the problem?
A. The internet is down.
B. The DHCP server is down.
C. The bank's web server is down.
D. His network card is disabled.
- Azan is part of the network security team and they are setting up a Wi-Fi system that allows any member of the company to connect to the network when at the office. Which feature should he recommend to help secure access to the network?
A. DHCP snooping
B. Flood guards
C. Integrity checking
D. Encryption
- Marcgerm is an overseas hacker conducting reconnaissance on the victim's network at EB Inc. What safeguards can the security team put in place to mitigate the attack?
A. Install an NIDS to block network threats.
B. Close ports 161 and 162 on the firewall and enable SNMPv3.
C. Upgrade the network from SNMPv1 to SNMPv2.
D. Attacks using SNMP are impossible to mitigate.
- Nicole, a systems administrator, is seeking methods to defend her public DNS server from hackers. Which of these is her BEST solution?
A. Enable encryption.
B. Deny access to everyone except staff.
C. Install an HIDS.
D. Enable DNSSEC.
- Matt is a salesperson for Wilco and plans to use the Wi-Fi offered at his local restaurant. He enters the Wi-Fi password but cannot access the internet like others there. The computer works fine at home on the VPN and at work. What is MOST LIKELY to be the problem?
A. He cannot access the DHCP server in the restaurant.
B. He has a static IP address set.
C. The DHCP server is down within the restaurant.
D. A hacker is altering the restaurant's network.
- Luis is a systems administrator at East School, and the board is requesting a network that allows students to reach Google but disallows access to X-rated websites. Which system is BEST for him to install?
A. Switch
B. Proxy
C. Repeater
D. Router
- Which of the following is a difference between an application-level firewall over a circuit-level firewall?
A. Circuit-level firewalls are, in general, slower than application-level firewalls.
B. Application-level firewalls do not require a proxy for each protocol monitored.
C. An application-level firewall can perform deep packet inspection.
D. A circuit-level firewall performs deep packet inspection.
- What are the port numbers for these services, respectively?
HTTP, FTP, SSH, SMTP, IMAP
A. 443, 21, 23, 25, 123
B. 80, 21, 23, 53, 143
C. 80, 21, 22, 25, 143
D. 443, 20, 22, 25, 110
- Molly is a network engineer tasked with reducing interference on VoIP phones within the network. Which of the following is her BEST solution?
A. Place all SIP- and RTP-related traffic into a separate VLAN.
B. Place VoIP phones onto their own switch within the subnet.
C. Reduce the thresholds on the NIDS devices.
D. Develop corporate policies to limit phone use.
- Alla, a network engineer, needs to extend a network so that computers 100 meters away from each other are on the same subnet. Which technology should she use to extend the network?
A. Router
B. Bridge
C. Gateway
D. Firewall
- RIP is a distance-vector routing protocol. Distance-vector routing protocols make routing decisions based on what?
A. Physical distance measured in centimeters and kilometers if preferred
B. A combination of physical distance and number of hops
C. Number of hops, network load, and packet size
D. Minimum number of hops to reach the destination
- Narkyia is an email administrator and her email server is being used to send forged emails. What technology can she install to mitigate this issue?
A. SSL
B. SPF
C. SASL
D. SMTP
- Difata is new to hacking and has discovered a new attack. The instructions state that to best breach the victim server, you should launch the attack on IP address 127.0.0.1. What type of individual is Difata?
A. Script kiddie
B. Skilled hacker
C. Ethical hacker
D. White hat hacker
- Olulowo is a network engineer asked to install an internal DNS server for staff and a separate DNS server on the internet for the public. He decides to install which type of setup?
A. Split-network
B. Split-DNS
C. Split-VPN
D. Split-IP
- Alice is a network engineer being consulted as to why network transmissions have slowly degraded over time. The small company has grown and installed microwave ovens in the break rooms, and the 100 new staff are using cell phones. What is her recommendation?
A. Create new policies not allowing the use of cell phones at work, and remove the microwave ovens.
B. After researching the environment, there is really nothing more that can be done.
C. Upgrade the STP cabling to UTP cabling.
D. Upgrade the UTP cabling to STP cabling.
- Technologies such as Fiber Channel over Ethernet, Multiprotocol Label Switching, VoIP, and Internet Small Computer System Interface are examples of which protocol?
A. Fiber optics
B. IP convergence
C. Ethernet
D. Storage
- Translating a set of public addresses to private addresses is accomplished with what method?
A. NAT
B. TCP
C. RFC
D. Teredo
- Mattrich uses a VPN to work from his Apple computer. While connected, he clicks a link from his personal email account. Days later, corporate offices are down because of a massive ransomware attack. What MOST LIKELY occurred?
A. Mattrich infected the company because he read his personal email.
B. Mattrich infected the company because he was using VPN split tunneling.
C. Mattrich infected the company because he disabled VPN encryption.
D. Mattrich infected the company because they mostly use Microsoft computers.
- Josh, a networking intern, is connecting two computers in a LAN. System A has IP address 192.168.4.7/24, and system B has IP address 192.168.5.8/24. He tests the connections using ping but gets the error message host unreachable. They are both properly plugged in to the switch. What is MOST LIKELY the problem?
A. One of the cables is broken.
B. The systems are improperly connected.
C. Josh needs to use a hub instead of a switch.
D. The systems are on separate subnets.
- Which ports are considered the MOST well-known ports?
A. 1-1024
B. 0-1023
C. 0-1024
D. 1-1023
- In the OSI model, which layer converts voltages to bits?
A. Bitwise
B. Physical
C. V2Bit
D. Data link
- Carolina is a network engineer and notices that network traffic has degraded to 50% of normal. After investigating, she discovers the problem. What did she determine?
A. A new employee was streaming online music.
B. The firewall was blocking the ports to access the web server.
C. The manufacturer of the routers reported several zero-days that affected performance.
D. Degradation only occurs in the evening when the users shut down their computers.
- Noon, a network engineer, has been tasked with setting up a Wi-Fi network by upgrading the firmware of older-generation WAPs currently using WEP security. She is asked to improve the security without replacing the WAPs. Which level of security should she choose?
A. Open authentication
B. WEP
C. WPA
D. WPA2
- This technology logically groups networked computers by function or department and enhances security by segregating data traffic, for example, by separating VoIP traffic. What is this technology called?
A. VLAN
B. VPN
C. DNS
D. DMZ
- The TCP and UDP protocols are common in that they transfer data. What is the key difference between the two protocols?
A. TCP is unreliable and transmits data faster than UDP.
B. UDP is connectionless and has greater potential for data loss.
C. UDP utilizes a three-way handshake.
D. TCP is great for digital video and audio applications.
- VPNs have which of these characteristics? (Choose two.)
A. VPN connections occur through software applications only.
B. VPN connections can occur through hardware or software utilities.
C. VPN connections must utilize IPsec.
D. VPN implementations can be accomplished through certificate or key exchange.
- Peter is a security analyst reviewing network logs and notices that from 10 PM-4 AM, the server reports attempted connections on ports 0, 1, 2, 3…, and 1023 from an unknown system on the internet. What type of attack is occurring?
A. NMAP
B. Port scanning
C. HPING
D. DDOS
- Serena is a hacker, exfiltrating corporate files to her partner, Janine. What is the BEST way for Serena to launch the upload without getting caught?
A. Janine builds an SSH server so that Serena can launch a covert channel and tunnel HTTP over SSH.
B. Janine builds an SSH server so that Serena can launch a covert channel using SSH.
C. Janine builds an FTP server so that Serena can launch a covert channel using FTP.
D. Janine builds a Telnet server so that Serena can launch a covert channel using Telnet.
- Simone-Jeannelle is a chemical engineer transferring work-from-home data to her office. As she transfers files from her house, she notices the transfer is taking much longer than expected. The network administrator states the network is functioning normally. What is the MOST LIKELY issue?
A. She needs to upgrade her home-based SDSL modem to ADSL.
B. Her home-based ADSL modem downloads faster than it uploads.
C. The office firewall is doing deep packet inspection.
D. The office server is under a DOS attack.
- Which of these are characteristics of a bridged network? (Choose two.)
A. Layer 3 network device
B. Connects two disparate networks
C. Layer 2 network device
D. Extends the current network
- Bryce is a network engineer reviewing an RFP that states they require systems that work with CSMA/CD technologies. Which solution should he suggest?
A. Wireless access points throughout the environment
B. Ethernet connections because of the cabling
C. Fiber optics because of its performance
D. DVD/CD technology because it will work with CDs
- Lai is a security engineer working with the networking department. During an audit, she notices the use of several old hubs in secure, networked environments. What is MOST LIKELY to be her recommendation?
A. Replace the hubs with switches.
B. Update the firmware on the hubs.
C. Upgrade the hubs to the latest hub technology.
D. Divide hubs with eight connections to make two hubs with four connections each.
- Barry is a network engineer seeking to directly network two nearby buildings. Which option should he choose since the empty land between the two buildings is owned by his competitor?
A. Connect the buildings via fiber channels.
B. Install a Yagi antenna.
C. Connect the buildings using CAT5 ethernet.
D. Install building-to-building Bluetooth.
- Avril is a systems administrator setting up email for her users. They are able to send email but not receive it. What is the MOST LIKELY problem?
A. No email client is installed.
B. No email server is installed.
C. Port 25 needs to be opened on the firewall.
D. Port 110 needs to be opened in the firewall.
- Which protocols operate at the application, presentation, network, and data link layers, respectively?
A. Pretty Good Privacy, routing information protocol, address resolution protocol, IPsec
B. Routing information protocol, Pretty Good Privacy, IPsec, address resolution protocol
C. Address resolution protocol, IPsec, Pretty Good Privacy, routing information protocol
D. IPsec, Pretty Good Privacy, routing information protocol, address resolution protocol
- Huisha is a security engineer deploying several honeypots. Her manager suggests that once a hacker is identified, the system should automatically attack the hacker's system and wipe the hacker's hard drive. Why does she tell the manager this is not recommended?
A. It is technically impossible to launch a counter-attack.
B. Hackback is against the law.
C. There are not enough staff to conduct the remote hard-drive wipes.
D. Hackback is too difficult to automate.
- Of the following options, which provides the least protection to data in motion?
A. WEP
B. WPA
C. L2TP
D. PPTP
- Which of these is a type of prevention system that performs IOC pattern matching, such as comparing instruction sequences of known malware or correlating known file hashes?
A. Heuristic-based
B. Network-based
C. Signature-based
D. IDS
- What is another term for a pharming attack where victims get diverted to an attacker's fake website?
A. DNS poisoning
B. Flooding
C. IP forwarding
D. Phishing
- Which setting does traceroute manipulate in the TCP/IP model?
A. UDP
B. TTL
C. Data link
D. Frame header
- Hackers look for soft, vulnerable targets to attack, as they make it easier to upload exploits. Security engineers harden these systems by disabling which features? (Choose two.)
A. FTP
B. SSH
C. HTTPS
D. Telnet
- Justin is a senior security officer asked for his opinion on installing wireless access points in a secure area. What does he recommend as security levels for the implementation?
A. WPA
B. WPA2
C. WEP
D. Open system
- Of the following, which two are NOT VPN protocols? (Choose two)
A. RADIUS
B. Kerberos
C. L2TP
D. PPTP
- Aziza is a network administrator setting up a private network with non-routable IP addresses. Which network block should she use?
A. 169.254.0.0/16
B. 192.168.0.0/8
C. 127.0.0.0/8
D. 192.16.0.0/8
- Louis, a security engineer, is testing methods to defeat the firewall. Which method would he find MOST effective?
A. Fragmentation
B. Firewalking
C. Changing static IP address
D. Encryption
- Alan is a network engineer tasked with writing firewall rules that allow SYN-ACK-SYN communications. Which protocol should he set to permit?
A. UDP
B. TCP
C. ICMP
D. IP
- What are the BEST examples of IPv6 addresses here? (Choose two.)
A. ::1
B. a:b:c:d:d:c:b:a
C. :::1
D. a:b:c:d:e:f:g:h
- A system that encrypts a symmetric key so that two users can use this key for secret messages is known as what?
A. DSS
B. Diffie-Hellman
C. AES
D. MD5
- At which layer does IPsec operate within the OSI model?
A. Application
B. Physical
C. Data Link
D. Network
- Devar is a systems administrator who manages 1,000 users and their email usage. What is his number one security issue with email?
A. Poor passwords
B. Phishing attacks
C. Use of Thunderbird and other open source email clients
D. Disk space utilization
- The network interface layer of the TCP/IP model is equivalent to which layer of the OSI model?
A. Application
B. Data link
C. Session
D. Network
- Which device operates at the data link layer of the OSI model?
A. Firewall
B. Hub
C. Switch
D. Router
- Which of these protocols operate at the transport layer of the OSI model? (Choose two.)
A. TCP
B. ICMP
C. UDP
D. RARP
- The ARP command (address resolution protocol) notifies the user of which MAC address a computer uses by providing the IP address of that system. ARP collects data from which layers of the OSI model?
A. Network and data link
B. Physical and data link
C. Network and transport
D. Presentation and application
- Irina, a systems engineer, is in the process of installing fax machines on a corporate network. Where is the BEST place for her to install these for the best security?
A. Break room
B. SOC
C. Computer room
D. Utility closet