Network Security Bonus Content
30 questions on Network Security.
Question 1: What is the primary difference between a stateful firewall and a packet-filtering firewall?
- A. Stateful firewalls encrypt the payloads.
- B. Stateful firewalls monitor active connection states (handshakes) and allow return traffic automatically, whereas packet-filtering inspects packets individually based on static rules. β (correct answer)
- C. Packet-filtering firewalls operate only on the application layer.
- D. Stateful firewalls are slower and deprecated.
Explanation: Stateful firewalls maintain connection tables, securing ports dynamically by verifying sequence matching.
Question 2: Which layer of the OSI model does an IPsec VPN primarily operate on?
- A. Application Layer (Layer 7)
- B. Transport Layer (Layer 4)
- C. Network Layer (Layer 3) β (correct answer)
- D. Data Link Layer (Layer 2)
Explanation: IPsec encrypts packets at the IP level, which resides on the Network Layer.
Question 3: How does a network-based Intrusion Prevention System (IPS) differ from an Intrusion Detection System (IDS)?
- A. IDS blocks traffic, while IPS only logs.
- B. IDS monitors and alerts on suspicious traffic, while IPS actively blocks or drops malicious traffic in real-time. β (correct answer)
- C. IDS runs only on clients; IPS runs on routers.
- D. There is no difference.
Explanation: IPS sits in-line with network traffic to take direct action, whereas IDS acts out-of-band to monitor.
Question 4: What is the purpose of DNSSEC (Domain Name System Security Extensions)?
- A. To encrypt DNS queries to protect user privacy.
- B. To cryptographically sign DNS records, protecting clients from DNS spoofing and cache poisoning attacks by verifying data integrity. β (correct answer)
- C. To speed up DNS resolution times.
- D. To balance network traffic across servers.
Explanation: DNSSEC uses public-key cryptography to authenticate DNS query answers, verifying they originate from the correct zone.
Question 5: What is the difference between a symmetric and an asymmetric firewall configuration?
- A. Symmetric uses the same rules for inbound and outbound traffic, while Asymmetric uses separate rule blocks. β (correct answer)
- B. Symmetric firewalls only block SQL traffic.
- C. Asymmetric is faster and uses less CPU memory.
- D. Symmetric firewalls are hardware-based only.
Explanation: Symmetric rule design applies uniform filters, but most modern setups utilize asymmetric rules to allow free outbound requests.
Question 6: Which OSI layer is responsible for routing packets across different subnets?
- A. Physical Layer
- B. Network Layer (Layer 3) β (correct answer)
- C. Session Layer
- D. Presentation Layer
Explanation: Layer 3 handles IP routing, directing packets between source and destination networks.
Question 7: What is the function of Network Address Translation (NAT)?
- A. Encrypting data frames.
- B. Mapping multiple private IP addresses inside a local network to a single public IP address before sending traffic to the internet. β (correct answer)
- C. Translating domain names to IP addresses.
- D. Allocating DHCP ranges.
Explanation: NAT conserves IPv4 space and hides internal IP layouts from external networks.
Question 8: What is the difference between a Virtual Private Network (VPN) split-tunneling and full-tunneling configuration?
- A. Split-tunneling is only used on mobile devices.
- B. Split-tunneling routes only specific corporate traffic through the encrypted VPN, while other internet traffic goes direct. Full-tunneling routes all traffic through the VPN. β (correct answer)
- C. Full-tunneling is slower and deprecated.
- D. Split-tunneling does not encrypt payloads.
Explanation: Split-tunneling saves company bandwidth by avoiding routing personal video or web traffic through corporate networks.
Question 9: Which port is standard for unencrypted HTTP traffic?
- A. 443
- B. 80 β (correct answer)
- C. 21
- D. 22
Explanation: Port 80 is the global default port for standard unencrypted Web traffic.
Question 10: How does a Distributed Denial of Service (DDoS) attack differ from a standard DoS?
- A. DDoS is executed from a single fast computer.
- B. DDoS floods the target system using a massive network of distributed, compromised devices (botnet) simultaneously. β (correct answer)
- C. DDoS targets only databases.
- D. DDoS does not send packets.
Explanation: DDoS botnets scale attack volumes, making source-based IP blocking highly difficult.
Question 11: In TLS handshakes, what is the role of the Client Hello message?
- A. Establishing a database connection.
- B. Initiating the handshake by sending client capabilities (TLS versions, cipher suites, random bytes) to the server. β (correct answer)
- C. Sending the client's private key.
- D. Verifying the server's certificate.
Explanation: Client Hello is the initial packet in TLS, negotiating connection parameters.
Question 12: Which protocol handles allocating dynamic IP addresses to devices when they connect to a network?
- A. DNS
- B. DHCP β (correct answer)
- C. ARP
- D. ICMP
Explanation: Dynamic Host Configuration Protocol (DHCP) automates IP configuration for network hosts.
Question 13: What is the function of the Address Resolution Protocol (ARP)?
- A. Translating URLs to IP addresses.
- B. Mapping IP addresses to physical hardware MAC addresses on a local subnet. β (correct answer)
- C. Encrypting TCP segments.
- D. Filtering firewall ports.
Explanation: ARP matches layer-3 logical addresses to layer-2 physical network interface cards.
Question 14: What is the security advantage of WPA3 over WPA2 in wireless networking?
- A. WPA3 increases router ranges by 50%.
- B. WPA3 replaces PSK with SAE (Simultaneous Authentication of Equals), protecting against offline dictionary password cracking attacks. β (correct answer)
- C. WPA3 operates only on 5GHz frequencies.
- D. WPA3 does not require passwords.
Explanation: SAE protocol guarantees forward secrecy, preventing hackers from decrypting past captured handshakes.
Question 15: What is a 'Firewall'?
- A. A tool to speed up CPU clocks.
- B. A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. β (correct answer)
- C. A database caching script.
- D. A local server backup.
Explanation: Firewalls block unauthorized access, acting as boundaries between networks.
Question 16: What does the 'Subnet Mask' define?
- A. The name of the router.
- B. The boundary separating the network ID portion from the host ID portion of an IP address. β (correct answer)
- C. The encryption key.
- D. The firewall rules list.
Explanation: Subnet masks (e.g. 255.255.255.0) dictate which IPs reside inside the local subnet range.
Question 17: What is a 'Man-in-the-Middle' (MitM) attack vector on open Wi-Fi?
- A. Attacking the DNS database server directly.
- B. An attacker setting up a rogue access point (Evil Twin) to intercept, log, and manipulate user traffic. β (correct answer)
- C. Modifying local database settings.
- D. Deleting files on the client hard drive.
Explanation: Evil Twins mimic legitimate hotspots, capturing unencrypted HTTP data from connected clients.
Question 18: Which protocol is used to securely download web pages, encrypting all traffic between browsers and servers?
- A. HTTP
- B. HTTPS β (correct answer)
- C. FTP
- D. SMTP
Explanation: HTTPS runs HTTP over SSL/TLS, protecting passwords and data from network sniffing.
Question 19: What does an IP address block like 10.0.0.0/8 represent?
- A. A list of public domains.
- B. A private class A network range reserved for internal subnets under RFC 1918. β (correct answer)
- C. An encrypted IP list.
- D. An invalid routing table.
Explanation: RFC 1918 reserves 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 for private LANs.
Question 20: What is the purpose of a DMZ (Demilitarized Zone) in network architecture?
- A. To store database backups.
- B. A physical or logical subnetwork that exposes external-facing services (like web servers) to the untrusted internet, isolating internal networks. β (correct answer)
- C. To accelerate local file sharing.
- D. To disable firewall rules.
Explanation: If a web server in the DMZ is compromised, the internal LAN remains shielded behind firewalls.
Question 21: Which protocol is used by the 'ping' command to test host reachability?
- A. TCP
- B. ICMP β (correct answer)
- C. UDP
- D. ARP
Explanation: Internet Control Message Protocol (ICMP) handles echo request and reply messages.
Question 22: What is a 'Port' in network protocols?
- A. A physical USB connector on the laptop.
- B. A logical channel endpoint identifier (0 to 65535) used to route network packets to specific applications or services. β (correct answer)
- C. A database index.
- D. A server operating system.
Explanation: Ports direct packets (e.g. port 80 to Web, 22 to SSH) once they reach the host IP.
Question 23: How does a proxy server differ from a NAT gateway?
- A. Proxy operates on Layer 3, while NAT works on Layer 7.
- B. A proxy server intercepts and evaluates application-layer requests (acting on behalf of clients), whereas NAT translates network-layer IP headers. β (correct answer)
- C. NAT is slower and deprecated.
- D. Proxies do not hide client IPs.
Explanation: Proxies can filter, cache, and modify HTTP headers. NAT acts at network layers dynamically.
Question 24: What does a 'Port Scanner' (like Nmap) do?
- A. It compiles source code files.
- B. It probes target IP addresses for active, listening network ports, identifying running services and OS details. β (correct answer)
- C. It encrypts connection headers.
- D. It deletes session cookies.
Explanation: Port scanning maps network surfaces, locating potential entries or unpatched daemons.
Question 25: What is BGP (Border Gateway Protocol) spoofing?
- A. Hacking DNS databases.
- B. Maliciously advertising incorrect IP routing paths between autonomous systems, redirecting global internet traffic. β (correct answer)
- C. Creating multiple Wi-Fi access points.
- D. Flooding local switch networks.
Explanation: BGP lacks built-in authentication, allowing rogue routing advertisements to hijack global traffic paths.
Question 26: What does the 'OSI Model' do?
- A. It styles web layouts.
- B. It provides a conceptual framework standardizing network communication functions into seven distinct layers. β (correct answer)
- C. It manages SQL database tables.
- D. It restarts system routers.
Explanation: OSI standardizes protocols, from physical copper wires to application-layer HTTP.
Question 27: Which transport protocol guarantees packet delivery and ordering using handshakes and sequence numbers?
- A. UDP
- B. TCP β (correct answer)
- C. ICMP
- D. IP
Explanation: Transmission Control Protocol (TCP) is connection-oriented, managing packet retries on loss.
Question 28: What is MAC Address Spoofing?
- A. Modifying IP routing rules.
- B. Changing the hardware MAC address of a network interface to impersonate an authorized device on a local network. β (correct answer)
- C. Encrypting Wi-Fi passwords.
- D. Deleting database log files.
Explanation: Spoofing allows attackers to bypass MAC-filtering rules on router switches.
Question 29: What is the function of the Application Layer in the OSI model?
- A. Converting data to electrical signals.
- B. Providing network interfaces and protocols (like HTTP, SMTP, FTP) directly to end-user software applications. β (correct answer)
- C. Formatting data bytes into JSON.
- D. Managing socket connections.
Explanation: Layer 7 sits at the top of the stack, interacting with user-facing applications.
Question 30: What is the difference between LAN and WAN?
- A. LAN is for databases, WAN is for files.
- B. LAN covers a small geographic area (office/home), while WAN spans large geographic areas (cities/countries/globe). β (correct answer)
- C. LAN is wireless, while WAN is wired only.
- D. LAN is slower than WAN.
Explanation: Local Area Networks (LAN) connect local hosts; Wide Area Networks (WAN) connect LANs globally.