Q1. Which protocol provides secure remote command-line access? (Q-924442)
- A.FTP
- B.HTTP
- C.SSH✓ Correct
- D.SMTP
Explanation: SSH (Secure Shell) encrypts remote command-line sessions. Learn more.
CompTIA CySA+ Practice Questions: Network Security
18 free, exam-style CompTIA CySA+ (CS0-003) practice questions covering Network Security. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.
Q2. What is the primary function of a WAF? (Q-627fed)
- A.Prevent DDoS attacks
- B.Filter HTTP/HTTPS traffic✓ Correct
- C.Encrypt database contents
- D.Scan for viruses
Explanation: Web Application Firewalls (WAFs) protect against web-based attacks. Learn more.
Q3. Which protocol is vulnerable to downgrade attacks? (Q-924448)
- A.SSH
- B.TLS✓ Correct
- C.IPSec
- D.DNSSEC
Explanation: TLS can be forced to use weaker encryption via downgrade attacks. Learn more.
Q4. Which protocol is used to securely transfer files between systems? (Q-924452)
- A.HTTP
- B.FTP
- C.SFTP✓ Correct
- D.SNMP
Explanation: SFTP (SSH File Transfer Protocol) encrypts file transfers. Learn more.
Q5. What is the PRIMARY function of DNSSEC? (Q-627ffb)
- A.To encrypt DNS queries
- B.To authenticate DNS responses✓ Correct
- C.To block malicious domains
- D.To speed up DNS resolution
Explanation: DNSSEC adds cryptographic authentication to prevent DNS spoofing. Learn more.
Q6. Which of the following is a characteristic of a stateful firewall? (Q-924460)
- A.It only filters based on IP addresses
- B.It tracks the state of active connections✓ Correct
- C.It cannot block inbound traffic
- D.It operates only at the application layer
Explanation: Stateful firewalls monitor connection states (e.g., TCP handshakes) for more intelligent filtering. Learn more.
Q7. What does TLS provide for network communications? (Q-627fff)
- A.Compression
- B.Encryption✓ Correct
- C.Faster speeds
- D.Physical security
Explanation: TLS (Transport Layer Security) encrypts data in transit. Learn more.
Q8. What is the PRIMARY benefit of network segmentation? (Q-628000)
- A.Improved internet speed
- B.Reduced attack surface✓ Correct
- C.Simplified patch management
- D.Lower hardware costs
Explanation: Segmentation limits lateral movement during breaches. Learn more.
Q9. Which protocol is used for secure email? (Q-924464)
- A.SMTP
- B.POP3
- C.S/MIME✓ Correct
- D.FTP
Explanation: S/MIME encrypts and digitally signs email messages. Learn more.
Q10. What is the PRIMARY risk of using WEP encryption? (Q-628002)
- A.Slow performance
- B.Weak cryptographic protection✓ Correct
- C.High cost
- D.Complex configuration
Explanation: WEP's encryption is easily cracked due to vulnerabilities. Learn more.
Q11. What is the PRIMARY purpose of a bastion host? (Q-628006)
- A.To store backups
- B.To provide a secure gateway✓ Correct
- C.To encrypt all network traffic
- D.To block DDoS attacks
Explanation: Bastion hosts are hardened systems designed to withstand attacks (e.g., jump servers). Learn more.
Q12. What is the PRIMARY purpose of a jump server? (Q-628008)
- A.To host public websites
- B.To provide secure access to internal systems✓ Correct
- C.To block DDoS attacks
- D.To encrypt email
Explanation: Jump servers act as controlled gateways to access sensitive systems. Learn more.
Q13. Which protocol is used for secure file transfers? (Q-924476)
- A.FTP
- B.TFTP
- C.SCP✓ Correct
- D.HTTP
Explanation: SCP (Secure Copy Protocol) encrypts file transfers over SSH. Learn more.
Q14. What is the MAIN security benefit of microsegmentation? (Q-628022)
- A.Reduced firewall costs
- B.Granular east-west traffic control✓ Correct
- C.Faster internet speeds
- D.Simplified compliance reporting
Explanation: Microsegmentation limits lateral movement within networks. Learn more.
Q15. What is the MAIN security risk of deprecated TLS versions? (Q-628054)
- A.Slower encryption speeds
- B.Known cryptographic weaknesses✓ Correct
- C.Incompatibility with modern browsers
- D.Higher hardware costs
Explanation: TLS 1.0/1.1 have vulnerabilities like BEAST and POODLE. Learn more.
Q16. What does BGP hijacking involve? (Q-628055)
- A.Exploiting DNS cache poisoning
- B.Redirecting internet traffic via false routing announcements✓ Correct
- C.Stealing WiFi credentials
- D.Corrupting TCP/IP stacks
Explanation: BGP hijacking manipulates internet routing tables to intercept traffic. Learn more.
Q17. What does MAC flooding attack target? (Q-628057)
- A.DNS servers
- B.Switch CAM tables✓ Correct
- C.Firewall rule sets
- D.Web applications
Explanation: MAC flooding overwhelms switches to force traffic broadcast (like a hub). Learn more.
Q18. Which data source provides full packet payloads for detailed network investigation?
- A.Packet capture✓ Correct
- B.Asset tag list
- C.Change calendar
- D.Password policy
Explanation: Packet captures can include headers and payloads, giving analysts detailed visibility into network conversations. Learn more.
More CompTIA CySA+ practice topics
- Security Operations (64)
- Threat Management (53)
- Cloud Security (45)
- Incident Response (44)
- Security Operations and Monitoring (32)
- Access Control (21)
- Risk Management (17)
- Software Security (16)
- Data Security (14)
- Vulnerability Management (11)
- Cryptography (10)
- Compliance (9)
- Threat Intelligence (9)
- Threat Detection (7)
- Threat and Vulnerability Management (5)
- More Practice Questions (15)
- All CompTIA CySA+ topics →