What does the CISSP Communication & Network Security domain cover?

CISSP Communication & Network Security covers Domain 4 — communication and network security, including the OSI/TCP-IP models, secure protocols (IPsec, TLS), wireless security, and network attacks. Expect scenario-based questions on OSI & TCP/IP Models, Secure Network Components, Wireless Security (WPA3), IPsec & TLS, Network Attacks (DDoS, MITM), SDN & Network Segmentation.

Free CISSP Communication & Network Security Practice Test 2026 — Certified Information Systems Security Professional Questions

Q: How many Communication & Network Security practice questions are on this page?

This free practice set includes 6 CISSP Communication & Network Security questions with detailed explanations. Premium members get unlimited access to the full CISSP question bank with 1,345+ questions.

Q: Is this CISSP Communication & Network Security practice test free?

Yes. The practice test is completely free with no signup required. Instant scoring and detailed explanations on every question.

This free CISSP Communication & Network Security practice test covers Domain 4 — communication and network security, including the OSI/TCP-IP models, secure protocols (IPsec, TLS), wireless security, and network attacks. Each question includes a detailed explanation grounded in the official ISC2 CBK — perfect for CISSP exam prep.

Key Topics in CISSP Communication & Network Security

OSI & TCP/IP Models
Secure Network Components
Wireless Security (WPA3)
IPsec & TLS
Network Attacks (DDoS, MITM)
SDN & Network Segmentation

6 Free CISSP Communication & Network Security Practice Questions with Answers

Sample Question 1 — Communication and Network Security

Your organization is migrating to a cloud-based infrastructure. A crucial element is securing communication between on-premises systems and cloud resources. Which approach best balances security and operational efficiency?

A. Implement a site-to-site VPN with strong authentication and encryption. (Correct answer)
B. Rely solely on the cloud provider's security features and controls.
C. Establish a direct network connection between the on-premises network and the cloud, bypassing VPNs for speed.
D. Use a hybrid approach with VPN for sensitive data and direct connections for less critical traffic, without proper security controls.

Correct answer: A

Explanation: A site-to-site VPN provides a secure, encrypted tunnel for communication between networks, mitigating risks associated with public internet transit. Option B is risky, relying entirely on a third party. Option C is insecure, exposing data to potential attacks. Option D is partially correct regarding hybrid approaches but lacks the crucial element of applying appropriate security controls to all communication channels.

Sample Question 2 — Communication and Network Security

Your organization experiences a significant increase in DDoS attacks. Which strategic response best mitigates future risks and aligns with a layered security approach?

A. Invest solely in advanced firewall technology.
B. Implement a comprehensive DDoS mitigation service from a reputable provider. (Correct answer)
C. Increase network bandwidth to absorb the attacks.
D. Rely on internal IT staff to develop a custom DDoS mitigation solution.

Correct answer: B

Explanation: A DDoS mitigation service from a reputable provider offers specialized expertise and scalable protection against various attack vectors. Option A is insufficient on its own. Option C is a short-sighted approach that doesn't address the root cause. Option D lacks the expertise and resources required for effective DDoS mitigation.

Sample Question 3 — Communication and Network Security

Following a data breach investigation, you discover that malicious actors exploited a vulnerability in a legacy application accessible via a publicly facing web server. What is the MOST effective long-term strategic solution?

A. Immediately patch the vulnerability in the legacy application.
B. Replace the legacy application with a more secure, modern equivalent. (Correct answer)
C. Increase the firewall's logging capabilities to detect future intrusions.
D. Implement stricter access control lists (ACLs) on the web server.

Correct answer: B

Explanation: Replacing legacy applications is a strategic approach to eliminating known security vulnerabilities associated with outdated technology. Option A is tactical and doesn't address the underlying problem of the vulnerable application. Option C and D are tactical solutions addressing symptoms, not the root cause.

Sample Question 4 — Communication and Network Security

Your organization is considering implementing a new VoIP system. What is the MOST critical security consideration during the planning phase?

A. Ensuring sufficient network bandwidth.
B. Selecting a VoIP vendor with strong security certifications. (Correct answer)
C. Configuring call recording features.
D. Training employees on proper VoIP etiquette.

Correct answer: B

Explanation: Selecting a vendor with strong security certifications ensures the system's underlying security is robust and addresses potential vulnerabilities. While all options are important, vendor security is the most critical strategic element in the planning phase. Other elements are operational details.

Sample Question 5 — Communication and Network Security

You suspect an insider threat is exfiltrating sensitive data via removable media. What is the BEST long-term strategic solution?

A. Increase monitoring of employee computer activity.
B. Implement data loss prevention (DLP) tools.
C. Enforce a stricter policy on removable media use, including encryption and strong access controls. (Correct answer)
D. Conduct more rigorous background checks on employees.

Correct answer: C

Explanation: In cybersecurity management and certification contexts (such as CISSP, CISM, or CASP+), a 'strategic' solution refers to a high-level, long-term approach that begins with policy and governance. Option C is the most comprehensive strategic choice because it combines administrative controls (stricter policy) with technical controls (encryption and strong access controls). While Data Loss Prevention (DLP) tools (Option B) are highly effective technical measures for detecting and blocking data exfiltration, they are often considered a component of a broader strategy rather than the strategy itself. Furthermore, Option C specifically addresses the 'removable media' vector mentioned in the question by establishing the rules (policy) and the technical boundaries (access controls and encryption) for that specific threat. In many professional exams, when 'strategic' is used, the answer that includes policy and a framework for enforcement is preferred over a specific tool implementation.

Sample Question 6 — Communication and Network Security

Your organization needs to improve its wireless network security. Which strategic approach is MOST effective?

A. Disabling SSID broadcasting.
B. Implementing strong encryption (WPA3) and robust password policies.
C. Regularly updating wireless access point firmware.
D. Implementing a combination of strong encryption, robust password policies, access point firmware updates, and regular security audits. (Correct answer)

Correct answer: D

Explanation: A layered security approach is best. Each of the options A-C contribute to wireless security, but option D provides the most comprehensive and resilient security posture.

About the CISSP / Certified Information Systems Security Professional Exam

Questions: 100–150 (CAT format, ISC2)
Time: 3 hours (CAT)
Passing score: 700 / 1000
Cost: $749 USD
Validity: 3 years (renew with 120 CPEs)
Provider: ISC2

Other CISSP Practice Domains

Start the free CISSP Communication & Network Security practice test now | 10-question quick start | All CISSP domains