Free GSEC Networking Practice Test 2026 — GIAC Security Essentials Questions

This free GSEC Networking practice test covers TCP/IP fundamentals, the OSI model, subnetting, common protocols, and packet analysis with Wireshark and tcpdump. Each question includes a detailed explanation written from a hands-on security practitioner's perspective — perfect for building your open-book index for the real GIAC Security Essentials exam.

Key Topics in GSEC Networking

6 Free GSEC Networking Practice Questions with Answers

Sample Question 1 — Networking

Which of the following actions would be most effective in preventing ARP spoofing attacks on a corporate network?

  1. A. Implementing dynamic ARP inspection (DAI) on network switches. (Correct answer)
  2. B. Using static IP addresses for all devices in the network.
  3. C. Enabling port mirroring on all switch ports.
  4. D. Configuring a VLAN for each department.

Correct answer: A

Explanation: Implementing dynamic ARP inspection (DAI) on network switches is the most effective way to prevent ARP spoofing attacks. DAI validates ARP packets on the network and ensures they match the correct IP-to-MAC address bindings. Option B, using static IP addresses, does not prevent ARP spoofing as the attack targets MAC address resolution. Option C, enabling port mirroring, is useful for monitoring traffic but does not prevent spoofing. Option D, configuring VLANs, helps segment the network but does not specifically address ARP spoofing.

Sample Question 2 — Networking

An organization wants to ensure that only authorized devices can connect to its Wi-Fi network. Which of the following methods provides the most secure solution?

  1. A. Using MAC address filtering on the wireless access points.
  2. B. Implementing WPA2-Enterprise with RADIUS authentication. (Correct answer)
  3. C. Disabling SSID broadcasting.
  4. D. Using a pre-shared key (PSK) with WPA2-Personal.

Correct answer: B

Explanation: Implementing WPA2-Enterprise with RADIUS authentication provides the most secure solution by requiring individual authentication credentials for each user, typically using certificates or credentials stored in a directory service. Option A, MAC address filtering, can be bypassed by MAC address spoofing. Option C, disabling SSID broadcasting, provides obscurity but not security against determined attackers. Option D, using a pre-shared key (PSK), is less secure than WPA2-Enterprise because it uses a shared password for all users.

Sample Question 3 — Networking

During a security audit, it was found that several devices on the network are using outdated firmware. What is the most effective way to address this issue?

  1. A. Block all outgoing traffic from these devices until they are updated.
  2. B. Schedule regular automated firmware updates for all devices. (Correct answer)
  3. C. Isolate the devices on a separate VLAN until they are updated.
  4. D. Send a notification to users to manually update their device firmware.

Correct answer: B

Explanation: Scheduling regular automated firmware updates for all devices is the most effective way to ensure devices remain up-to-date and secure against vulnerabilities. Option A, blocking traffic, could disrupt operations and is not a sustainable solution. Option C, isolating devices on a VLAN, does not address the underlying issue of outdated firmware. Option D, sending notifications, relies on user compliance and is less reliable than an automated solution.

Sample Question 4 — Networking

To prevent data exfiltration through DNS tunneling, which of the following measures should be implemented?

  1. A. Enabling DNSSEC on all DNS servers.
  2. B. Configuring a firewall to block all outbound DNS requests.
  3. C. Monitoring DNS traffic for unusual patterns and anomalies. (Correct answer)
  4. D. Using a proxy server to handle all DNS requests.

Correct answer: C

Explanation: Monitoring DNS traffic for unusual patterns and anomalies is an effective way to detect and prevent DNS tunneling, which often involves irregular DNS request patterns. Option A, enabling DNSSEC, secures DNS data integrity but does not prevent tunneling. Option B, blocking all outbound DNS requests, would disrupt normal network operations. Option D, using a proxy server, does not inherently prevent DNS tunneling without additional monitoring and filtering.

Sample Question 5 — Networking

What is the primary purpose of implementing a demilitarized zone (DMZ) in a network architecture?

  1. A. To provide a secure area for internal users to access the internet.
  2. B. To separate the internal network from external threats while allowing public access to certain services. (Correct answer)
  3. C. To host all internal applications and databases securely.
  4. D. To encrypt all outbound and inbound traffic for enhanced security.

Correct answer: B

Explanation: The primary purpose of implementing a DMZ is to separate the internal network from external threats while allowing public access to certain services, such as web and email servers, without exposing the internal network. Option A is incorrect as the DMZ is not intended solely for internal user internet access. Option C is incorrect because internal applications and databases are typically hosted on the internal network, not in the DMZ. Option D is incorrect as encryption is not the primary function of a DMZ; it focuses on network segmentation and controlled access.

Sample Question 6 — Networking

A company has implemented a new firewall to protect its network. During a routine check, a security analyst discovers that users are unable to access a critical web application hosted externally. Which of the following firewall rules is most likely causing this issue?

  1. A. Allow outbound traffic on port 80 and 443.
  2. B. Block all inbound traffic except on port 22.
  3. C. Allow inbound traffic on ports 80 and 443.
  4. D. Block outbound traffic on port 80 and 443. (Correct answer)

Correct answer: D

Explanation: The correct answer is D. Blocking outbound traffic on ports 80 and 443 would prevent users from accessing web applications, as these ports are commonly used for HTTP and HTTPS traffic. Option A is incorrect because allowing outbound traffic on these ports is necessary for web access. Option B is incorrect because it pertains to inbound traffic, not outbound, and port 22 is used for SSH, not web applications. Option C is incorrect because allowing inbound traffic does not affect users accessing external applications.

How to Study GSEC Networking

Drill these GSEC Networking practice questions repeatedly and update your study index after each session. Focus on building a fast lookup path from the GIAC term to your book page — this is what separates passing and failing GSEC scores. Pair this practice test with hands-on labs whenever possible; GSEC validates real-world skills, not just memorization.

About the GSEC Exam

Other GSEC Topic Areas

Start the free GSEC Networking practice test now | 10-question quick start | All GSEC topic areas | GSEC Cheat Sheet