ISC2-CC Domain 4: Network Security Welcome to your ISC2-CC Domain 4: Network Security 1. CC: Network Security In the context of securing a network, which of the following best describes the function of a stateful firewall? A. It filters traffic based on state, port, and protocol. B. It inspects packets independently without considering the state of the connection. C. It primarily focuses on deep packet inspection of application layer data. D. It uses complex algorithms to predict the state of packets without inspection. None 2. CC: Network Security Which of the following encryption methods is considered the most secure for wireless networks? A. WEP B. WPA C. WPA2 D. WPA3 None 3. CC: Network Security In network security, which of the following best describes a Zero Trust model? A. Trusting all devices within the network but not external devices. B. Never trusting, always verifying every device, whether inside or outside the network. C. Trusting devices based on their IP addresses. D. Implementing default allow rules in firewall configurations. None 4. CC: Network Security Which protocol is primarily used for securely managing network devices remotely? A. SNMP B. SSH C. FTP D. HTTP None 5. CC: Network Security In the OSI model, at which layer does a network-based intrusion detection system (NIDS) typically operate? A. Layer 2 (Data Link) B. Layer 3 (Network) C. Layer 4 (Transport) D. Layer 7 (Application) None 6. CC: Network Security What is the primary purpose of using a VPN in network security? A. To create a secure and encrypted connection over a less secure network, such as the internet. B. To increase the speed of internet connections. C. To block malicious traffic and protect against malware. D. To manage network devices without using secure protocols. None 7. CC: Network Security Which of the following is a primary security concern when implementing IPv6? A. The increased size of the address space makes scanning more difficult. B. The mandatory use of encryption for IPv6 traffic. C. The potential for misconfigured devices leading to security vulnerabilities. D. The elimination of the need for NAT, reducing security. None 8. CC: Network Security What is the primary function of a network access control 'NAC' system? A. To encrypt data traffic on a network. B. To manage the distribution of IP addresses. C. To control access to a network based on compliance with defined security policies. D. To monitor network traffic for malicious activities. None 9. CC: Network Security In the context of network security, which of the following best describes the purpose of port security? A. To prevent unauthorized access to physical network ports. B. To encrypt data passing through specific ports. C. To dynamically open ports based on application needs. D. To monitor and log the traffic passing through ports. None 10. CC: Network Security Which technology is typically used to isolate broadcast domains in a network environment? A. VPN B. VLAN C. NAT D. Proxy None 11. CC: Network Security What is the main security advantage of implementing network segmentation? A. Reducing the overall cost of the network infrastructure. B. Increasing the speed of the network. C. Limiting the spread of malware and reducing the attack surface. D. Simplifying the management of the network. None 12. CC: Network Security Which protocol is designed to secure SNMP traffic, ensuring both encryption and data integrity? A. SNMPv3 B. SSH C. HTTPS D. SNMPv2 None 13. CC: Network Security In network security, what is the primary purpose of an IPSec VPN? A. To provide end-to-end security in the transport layer. B. To secure web traffic exclusively. C. To establish secure network connections at the IP layer. D. To protect against physical security breaches. None 14. CC: Network Security Which of the following is a characteristic of symmetric encryption within the context of network security? A. It uses the same key for encryption and decryption. B. It uses a public key for encryption and a private key for decryption. C. It cannot be used for encrypting internet traffic. D. It provides a method for digital signatures. None 15. CC: Network Security What is the main function of a SIEM (Security Information and Event Management) system in network security? A. To physically secure network hardware. B. To manage IP address allocations. C. To aggregate and analyze security-related events and information. D. To encrypt all data traffic within the network. None 16. CC: Network Security In the context of network security, what is a honeypot primarily used for? A. To serve as a primary defense mechanism against DDoS attacks. B. To act as a decoy, attracting attackers to monitor their activities. C. To encrypt data traffic passing through the network. D. To provide high availability and redundancy for network services. None 17. CC: Network Security Which type of firewall is best suited for deep packet inspection (DPI)? A. Packet filtering firewall B. Stateful firewall C. Proxy firewall D. Next-Generation Firewall (NGFW) None 18. CC: Network Security What is the primary security concern associated with BYOD (Bring Your Own Device) policies? A. The increased complexity of network topology. B. The potential for unauthorized access to the network. C. The difficulty in managing IP address allocations. D. The requirement for additional physical security measures. None 19. CC: Network Security Which protocol is used to securely transmit log data over the internet? A. SNMP B. SSH C. Syslog over TLS D. FTPS None 20. CC: Network Security In network security, what is the primary purpose of implementing a DMZ (Demilitarized Zone)? A. To segregate internal network traffic from external traffic. B. To encrypt all inbound and outbound communications. C. To provide a secure area for users to access the internet. D. To host public-facing services while protecting the internal network. None 1 out of 20 Time is Up! Time's up
