networking

1. A user receives an email with a malicious link. They click it, and malware installs. The malware attempts to connect to a command-and-control server on port 443 (HTTPS). The firewall allows the connection. Later, the malware steals documents from the local drive. Which layer most clearly failed or was absent?

A) Behavioral antivirus (it did not stop the outbound connection or theft)
B) Network segmentation (local drive theft is unrelated to network isolation)
C) Firewall (it should have blocked port 443)
D) Encryption (disk encryption would have prevented theft)

2. Which of the following defines a behavioral-based method of AV?

A) Compares file "fingerprints" (hashes) to a database of known malware.
B) Monitors running programs for malicious actions in real time
C) Looks for suspicious code patterns or behaviors

3. A small office has one router with default credentials, one flat Wi-Fi network, and no backups. An attacker compromises a smart speaker on the guest network. Which statement describes the likely outcome without any best practices applied?

A) Encryption on the file server will prevent the attacker from reading any stolen data
B) The smart speaker cannot reach the file server because IoT devices are isolated by default
C) The firewall will automatically block the smart speaker’s outbound traffic
D) The attacker can use the smart speaker to scan and attack employee laptops on the same network

4. A firewall blocks traffic based on predefined rules. Which scenario best demonstrates a limitation of a traditional stateful firewall?

A) It blocks outgoing traffic on port 4444, stopping a virus from exfiltrating data.
B) It blocks an incoming connection from an unknown IP address on port 22.
C) It allows email traffic on port 25 but cannot inspect the attachment for malware.
D) It logs repeated failed login attempts but takes no action.

5. A company uses WPA3 encryption for Wi-Fi and HTTPS for all web traffic. An attacker captures network packets from the coffee shop next door. Which statement is true?

A) The firewall would have blocked the packet capture attempt
B) Encryption at rest (BitLocker) would prevent the attacker from capturing packets
C) The attacker cannot read the content of HTTPS traffic but can see which websites were visited.
D) The attacker can read all emails because WPA3 only protects the Wi-Fi password

6. Which statement accurately distinguishes between symmetric and asymmetric encryption?

A) Symmetric uses one key and is faster; asymmetric uses two keys and is slower.
B) Symmetric requires a digital certificate; asymmetric does not
C) Symmetric is used only for data in transit; asymmetric is used only for data at rest
D) Symmetric uses two keys and is faster; asymmetric uses one key and is slower

7. A security team finds that a zero-day exploit successfully executed on a workstation. The firewall did not block the initial infection because the traffic used port 443. What is the most likely reason the attack succeeded despite the firewall?

A) The firewall was configured to block all HTTPS traffic
B) The firewall only filters inbound traffic, not outbound
C) The firewall does not inspect the payload of encrypted allowed traffic by default
D) The antivirus deleted the firewall rules

8. A small business has a firewall, antivirus, and full-disk encryption. An employee falls for a phishing email and enters their password into a fake login page. The attacker uses that password to log into the company VPN remotely. Which layer failed or was missing?

A) Multi-factor authentication (missing)
B) Encryption (did not protect the password)
C) Firewall (allowed VPN traffic)
D) Antivirus (did not scan the email attachment)

9. An organization wants to recover from a ransomware attack without paying the ransom. Which backup strategy is most effective against ransomware that also encrypts network-attached backups?

A) Cloud backups with automatic sync every hour
B) External hard drive always connected to the file server
C) Backups stored on a separate VLAN with read-only access
D) Offline backups following the 3-2-1 rule

10. An IT administrator wants to protect against a scenario where a compromised employee laptop is used to attack other devices on the same network. Which two best practices together most directly mitigate this?

A) VPN for remote access + offline backups
B) Default credential change + logging and monitoring
C) Antivirus (signature-based) + disabling unused ports
D) Network segmentation + Principle of Least Privilege

11. Which of the following best explains why the Principle of Least Privilege (PoLP) limits the damage of a compromised account?

A) It prevents all outgoing traffic from the compromised device
B) It restricts the compromised account to only the access necessary for its role.
C) It ensures the firewall blocks known malicious IP addresses
D) It automatically enables encryption on all files the account touches

12. A network administrator wants to prevent an attacker from moving from a compromised smart TV to the finance department’s server. Which best practice directly addresses this?

A) Disabling unused ports on the firewall
B) Changing default credentials on the smart TV
C) Network segmentation using VLANs
D) Enabling MFA on the finance server

13. Which of the following defines a heuristic-based method of AV?

A) Looks for suspicious code patterns or behaviors
B) Monitors running programs for malicious actions in real time
C) Looks for suspicious code patterns or behaviors
D) Compares file "fingerprints" (hashes) to a database of known malware.

14. Which combination of security layers would most effectively stop a zero-day ransomware attack that arrives via an encrypted HTTPS connection?

A) Firewall blocking port 80 + heuristic antivirus + MFA
B) Firewall allowing port 443 + behavioral antivirus + disk encryption
C) Firewall allowing all outbound traffic + signature-based antivirus + offline backups
D) Firewall blocking port 443 + signature-based antivirus

15. A network engineer says, "We don't need to disable unused ports because our firewall blocks all traffic by default anyway." What is the flaw in this reasoning?

A) Disabling unused ports on the firewall is identical to disabling services on a server
B) Firewalls cannot block traffic on ports below 1024
C) Unused ports automatically encrypt traffic, which the firewall cannot inspect
D) A firewall only blocks traffic; it does not reduce the attack surface of the device itself

16. A network administrator runs a vulnerability scan and discovers that the router has UPnP enabled, Telnet on port 23 open, and the default admin password still active. Which of these poses the most immediate critical risk?

A) Telnet on port 23 open
B) Lack of logging
C) Default admin password
D) UPnP enabled

17. Which of the following is a limitation that symmetric and asymmetric encryption share?

A) Both can be broken by heuristic analysis
B) Neither protects against data theft at the endpoint if malware captures the decryption key
C) Both require the sender and receiver to share the same key in advance
D) Neither can be used for data in transit

18. Which statement correctly compares the role of a hardware firewall versus a software firewall?

A) A hardware firewall uses symmetric encryption; a software firewall uses asymmetric encryption.
B) A hardware firewall cannot block ports; a software firewall can.
C) A hardware firewall typically sits at the network perimeter; a software firewall protects an individual computer.
D) A hardware firewall protects only one device; a software firewall protects an entire network.

19. Which of the following defines a signature-based method of AV?

A) Looks for suspicious code patterns or behaviors
B) Monitors running programs for malicious actions in real time
C) Compares file "fingerprints" (hashes) to a database of known malware.

20. A security analyst reviews firewall logs and sees repeated outbound connection attempts from a workstation to an unknown IP address on port 4444, all of which were blocked. No malware signature was detected. What is the most accurate interpretation?

A) The firewall failed because it allowed the initial infection
B) Encryption was bypassed because port 4444 is
C) The firewall successfully prevented data exfiltration despite a possible infection
D) The antivirus failed because it did not block port 4444.

21. A company has implemented disk encryption (BitLocker) on all laptops. An employee’s laptop is stolen while locked. Which statement best describes the protection provided?

A) The data remains unreadable without the decryption key, even if the hard drive is removed
B) Antivirus will delete the encrypted files to prevent data theft
C) The thief can bypass encryption by reinstalling the operating system
D) The thief cannot access any files because the firewall blocks remote connections.

22. Which statement best explains why behavioral-based antivirus can detect a zero-day virus that signature-based antivirus cannot?

A) Behavioral AV decrypts all network traffic before scanning.
B) Behavioral AV requires firewall rules to be disabled temporarily
C) Behavioral AV monitors running programs for suspicious actions, not just known patterns.
D) Behavioral AV compares file hashes to a cloud database updated every hour.

Created with That Quiz — the site for test creation and grading in math and other subjects.