ICSI | CNSS Certified Network Security Specialist Questions and Answers

Technical and general Cyber Security questions. These questions are designed to help you prepare for a role as a Cyber Security Specialist. Our 100+ Cyber Security questions and answers focus on all aspects of Cyber Security subject and topics. These questions are chosen from a collection of most questions asked on Cyber Security. Practice, spend at least 1 hour daily for a month to learn and assimilate Cyber Security.

Subscribe to our youtube channel, to get discount.

Who should Practice these Cyber Security Questions

  • Anyone preparing for an aptitude test in Cyber Security
  • Anyone wishing to broaden their knowledge in Cyber Security
  • Anyone preparing for interviews
  • Everyone – Students and Experienced.

The section contains questions on cyber attack types, hacking, security protocols, social engineering, terminologies, network intrusion, firewalls, security skills, exploits and exploitation, generally CNSS Certified Network Security Specialist examinations.

Part 1: Network Security and Cyber Defence Quiz

  1. What is the acronym of URL.

Answer- Uniform Resource Locator

  1. The most desirable approach to security is one which is:

Answer- Layered and dynamic

  1. Which of the following is not one of the major classes of threats?

Answer- Online auction fraud

  1. Malware is NOT a common threat for systems.

Answer- False

  1. Server Message Block (SMB) protocol runs on which port?

Answer- 445

  1. Subnetting is used to split a network into smaller portions.

Answer- True

  1. Blocking attacks seek to accomplish what?

Answer- Prevent Legitimate users from accessing a system

  1. Trivial File Transfer Protocol (TFTP) runs on which port?


  1. Class A Ips with range 0-126 are reserved for multicasting.

Answer- False

  1. Which of the following is the best definition for non-repudiation?

Answer- Processes that verify which user performs what action

Part 2: Types of Attacks

  1. Which of the following best describes session hacking?

Answer- Taking control of communication link between two machines

  1. Which of the following is the best definition of a virus?

Answer- Software that self-replicates

  1. The most common session-hijacking is man in the middle attack

Answer- True

  1. What is Trojan horse?
  • Answer- Software that appears to be benign but really has some malicious purpose
  • Answer- Software that causes harm to your system
  1. The point of hijacking a connection is to exploit trust and gain access to a system

Answer- True

  1. What is danger inherent in IP spoofing attacks?

Answer- Many firewalls do not examine packets that seem to come from within the network

  1. Which of the following is the best definition of IP spoofing?

Answer- Sending a packet that appears to come from a trusted IP address

  1. To be protected against Ping of death attacks ensure that all operating systems are patched.

Answer- True

  1. Smurf attack is a popular DoS attack

Answer- True

Part 3: Fundamentals of Firewalls

  1. Why a stateful packet inspection firewall is less susceptible to spoofing attacks?

Answer- It examines the source IP of all packets

  1. Which type of firewall is considered the most secure?

Answer- Stateful packet inspection

  1. Which of the following are four basics types of Firewalls?

Answer- Packet Filtering, application gateway, circuit level, stateful packet inspection

  1. Which of the following is an advantage of the network host-based configuration?

Answer- It is inexpensive or free

  1. Which of the following is combination of firewalls?

Answer- Screened firewalls

  1. What is the most important security advantage to NAT

Answer- It blocks incoming ICMP packets

  1. What type of firewall requires client applications to be authorized to connect?

Answer- Application gateway

  1. A device that hides its internal IP addresses is called?

Answer- Proxy Server

  1. Which of the following can be shipped preconfigured?

Answer- Router-based firewalls

  1. Why might a proxy gateway be susceptible to a flood attack?

Answer- It allows multiple simultaneous connections

Part 4: Intrusion Detection Systems

  1. A series of ICMP packets sent to your ports in sequence might indicate what?

Answer- A ping flood

  1. IDS is an acronym for:

Answer- Intrusion-detection system

  1. A system that is set up for attracting and monitoring intruders is called?


  1. Specter aggressive mode tries to trace the attacker and gain its identity


  1. Which of the following is not a profiling strategy used in anomaly detection?

Answer- System monitoring

  1. What type of IDS is Snort?

Answer- Host based

  1. Specter is an advanced IDS System

Answer- False

  1. Attempting to attract intruders to a system setup for monitoring is called?

Answer- Intrusion banishment

  1. A profiling technique that monitors how applications use resources is called?

Answer- Executable profiling

  1. What is another term for preemptive blocking?

Answer-Banishment vigilance  

Part 5: Fundamentals of Encryption

  1. Which of the following is the symmetric key system using blocks?

Answer- DES

  1. Blowfish is an asymmetric stream cipher

Answer- False

  1. Which encryption algorithm uses a variable length symmetric key?


  1. Which of the following is an encryption method developed by three mathematicians?


  1. Which hashing algorithm do modern windows system use?


  1. What is a digital signature?

Answer- A piece of encrypted data added to other data to verify the sender

  1. What is the purpose of a certificate?

Answer- To validate the sender of a digital signature or software

  1. Which of the following encryption algorithms is a block cipher and uses the Rijndael algorithm?

Answer- AES

  1. Which of the following uses key sizes equal to 128, 192 and 256 bits?


  1. Secure Multipurpose Internet Mail Extensions (S/MIME) use X.509 certificates to secure e-mail communication


Part 6: Virtual Private Networks (VPN)

  1. The ESP Protocol provides data confidentiality and authentication.

Answer- True

  1. Which of the following is an important security feature in CHAP

Answer- It periodically re-authenticates

  1. Which authentication protocols are available under PPTP?

Answer- EAP,CHAP

  1. Which of the following is generally considered the least secure?

Answer- PAP

  1. What is the purpose of IKE?

Answer- Key exchange

  1. Which of the following is a weakness in PPTP?

Answer- No encryption

  1. Openswan is a VPN solution provided by CISCO.

Answer- False

  1. PPTP is based on which protocol?

Answer- PPP

  1. PPTP is an acronym for which of the following?

Answer- Point-to-Point Tunneling Protocol

  1. What does L2TP stand for?

Answer- Layer 2 Tuneling Protocol

Part 7: Operating System Hardening

  1. Which of the following best describes the registry

Answer- A database containing system settings

  1. What account lockout threshold does the NSA recommends?

Answer- 3 tries

  1. The command sudo find/-perm -4000 checks for the location of suid binaries

Answer- True

  1. What minimum password length does the NSA recommends?

Answer- 12

  1. What level of privileges all users must have?

Answer- Least possible

  1. What maximum password age does Microsoft recommend?

Answer- 42 days

  1. What type of encryption does EFS utilize?

Answer-Public key encryption

  1. What is the rule for unused services on any computer?

Answer- Turn them off

  1. A Linux system has a repository of packages available to be installed on the system

Answer- True

  1. What operating system requires periodic patches?

Answer- All

To get full access to the pdf file
Note: The pdf file contains over 200+ questions and it goes for  NGN(₦) 3000


Make Payment here: https://switchwebstudio.com/payment-page/


Ensure the form is filled correctly as pdf will be sent to your email address. For enquires: Contact us: https://switchwebstudio.com/contact-us/

Leave a Comment

Your email address will not be published. Required fields are marked *

View the best Divi Art & Photography layoutsGo
+ +