CompTIA Security+ Practice Questions: Network Security

6 free, exam-style CompTIA Security+ (SY0-701) practice questions covering Network Security. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.

🚀 Take the full CompTIA Security+ quiz 📘 CompTIA Security+ study guide

Q1. What is the PRIMARY purpose of NAC (Network Access Control)?

A.Block DDoS attacks
B.Enforce security policies on endpoints✓ Correct
C.Encrypt VPN traffic
D.Filter spam emails

Explanation: NAC checks device compliance (e.g., patch levels) before granting network access. Learn more.

Q2. Which protocol is used to securely manage network devices?

A.Telnet
B.SNMPv1
C.SSH✓ Correct
D.HTTP

Explanation: SSH encrypts remote management sessions, unlike clear-text Telnet. Learn more.

Q3. What is the PRIMARY purpose of a firewall?

A.Block malware
B.Filter network traffic✓ Correct
C.Encrypt emails
D.Manage passwords

Explanation: Firewalls enforce access policies by allowing/blocking traffic based on rules. Learn more.

Q4. Which protocol is vulnerable to VLAN hopping attacks?

A.STP
B.VTP
C.DTP✓ Correct
D.RSTP

Explanation: Dynamic Trunking Protocol (DTP) can be exploited to gain unauthorized VLAN access. Learn more.

Q5. Which control would BEST protect against DDoS attacks?

A.Antivirus
B.Load balancer with scrubbing✓ Correct
C.Disk encryption
D.Screen locks

Explanation: Cloud-based scrubbing centers filter malicious traffic before it reaches targets. Learn more.

Q6. Which network device operates at Layer 7 to filter traffic based on application-layer data?

A.Switch
B.Router
C.Web application firewall✓ Correct
D.Load balancer

Explanation: WAFs inspect HTTP/HTTPS traffic for SQLi, XSS, and other application-layer attacks. Learn more.