CompTIA Network+ Network Security Practice Questions 2026
Master firewalls, VPNs, network attacks, and hardening techniques for the Network+ exam
What is Network Security on the Network+ Exam?
Network Security accounts for approximately 19% of the CompTIA Network+ exam. This domain tests your understanding of security concepts specific to network infrastructure, including secure protocols, network attacks, security devices, and hardening techniques that protect networks from threats.
Every network needs security measures at multiple layers. The exam tests your knowledge of firewalls, IDS/IPS, VPNs, authentication protocols (802.1X, RADIUS, TACACS+), and wireless security standards. You must understand both how to implement security controls and how to recognize and defend against common network attacks.
This domain provides foundational security knowledge that prepares you for CompTIA Security+ and other security certifications. Understanding network security is essential for any networking role, as breaches often exploit network-level vulnerabilities that proper security controls would have prevented.
Common Network Attacks and Defenses
| Attack | Description | Defense |
|---|---|---|
| ARP Spoofing | Fake ARP replies to intercept traffic | Dynamic ARP Inspection (DAI) |
| MAC Flooding | Overwhelm switch CAM table | Port security, MAC limiting |
| VLAN Hopping | Access unauthorized VLANs | Disable DTP, change native VLAN |
| DNS Poisoning | Corrupt DNS cache entries | DNSSEC, secure DNS servers |
| Rogue DHCP | Unauthorized DHCP server | DHCP snooping |
| Evil Twin | Fake wireless access point | 802.1X, wireless IDS |
| DDoS | Overwhelm with traffic volume | Rate limiting, DDoS mitigation |
Key Network Security Concepts
Firewall Types
Stateless packet filtering examines individual packets. Stateful inspection tracks connection state. NGFW adds application awareness and deep packet inspection. WAF protects web applications specifically.
VPN Technologies
IPSec uses IKE for key exchange, ESP for encryption/authentication, AH for authentication only. SSL/TLS VPNs are browser-based on port 443. Site-to-site VPNs connect entire networks; remote access VPNs connect individual users.
AAA Protocols
RADIUS (UDP 1812/1813) combines authentication and authorization. TACACS+ (TCP 49) separates all three AAA functions and encrypts the entire payload. 802.1X uses a RADIUS server for port-based access control.
Network Attacks
DDoS overwhelms with traffic. MITM intercepts communications. ARP spoofing redirects traffic. DNS poisoning corrupts name resolution. MAC flooding overflows switch tables. VLAN hopping crosses boundaries.
Secure Protocols
Replace insecure with secure: Telnet→SSH, HTTP→HTTPS, FTP→SFTP/FTPS, SNMPv1→SNMPv3, LDAP→LDAPS. Know the port numbers for both secure and insecure versions of each protocol.
Network Hardening
Disable unused ports and services. Enable port security with MAC limiting. Configure DHCP snooping, Dynamic ARP Inspection, and IP Source Guard. Change default credentials and disable unnecessary management protocols.
Sample Network Security Questions
Question 1
A network administrator notices that a switch's MAC address table is full of unknown entries and legitimate traffic is being flooded to all ports. What attack is occurring?
A) ARP spoofing
B) MAC flooding
C) VLAN hopping
D) DNS poisoning
Answer: B) MAC flooding — MAC flooding overwhelms a switch's CAM (Content Addressable Memory) table with fake MAC addresses. When the table is full, the switch falls back to hub behavior and floods all traffic to all ports, allowing the attacker to sniff traffic. Port security with MAC address limiting prevents this attack.
Question 2
A company needs to allow remote employees to securely access internal resources through a web browser without installing VPN client software. Which solution should be deployed?
A) IPSec tunnel mode VPN
B) L2TP/IPSec VPN
C) SSL/TLS VPN
D) GRE tunnel
Answer: C) SSL/TLS VPN — SSL/TLS VPNs are browser-based and do not require dedicated client software. They operate on port 443 and provide secure access through a web portal. IPSec and L2TP VPNs typically require client software installation.
Question 3
Which AAA protocol encrypts the entire packet payload and uses TCP for reliable transport?
A) RADIUS
B) TACACS+
C) Kerberos
D) LDAP
Answer: B) TACACS+ — TACACS+ uses TCP port 49 and encrypts the entire packet payload. RADIUS uses UDP (1812/1813) and only encrypts the password field. TACACS+ also separates authentication, authorization, and accounting into distinct processes for more granular control.
Study Tips for Network Security
- Create an attack/defense matrix: For each attack type, document how it works, what layer it targets, symptoms to look for, and the specific defense mechanism that prevents it.
- Compare secure vs insecure protocols: Make a two-column chart with insecure protocols on the left and their secure replacements on the right, including port numbers for both.
- Understand firewall rule processing: Practice writing ACL-style firewall rules with implicit deny. Know that rules are processed top-down and the first match wins.
- Know AAA thoroughly: Understand the three-party model of 802.1X (supplicant, authenticator, authentication server) and be able to compare RADIUS and TACACS+ features side by side.
Frequently Asked Questions
What types of firewalls are tested on Network+?
The Network+ covers stateless (packet filtering), stateful (tracks connections), NGFW (deep packet inspection + application awareness), and WAF (protects web applications). Know the differences and when to use each type.
What is the difference between IDS and IPS?
An IDS (Intrusion Detection System) monitors and alerts on suspicious traffic but does not block it. An IPS (Intrusion Prevention System) sits inline and can actively block malicious traffic. IDS is passive; IPS is active.
What network attacks should I know for Network+?
Key attacks include DDoS, man-in-the-middle (MITM), ARP spoofing/poisoning, DNS poisoning, MAC flooding, VLAN hopping, rogue DHCP, evil twin, deauthentication, and social engineering. Know attack methods and defenses.
What is 802.1X and how does it work?
802.1X is a port-based network access control protocol. It uses three components: the supplicant (client), authenticator (switch/AP), and authentication server (RADIUS). Devices must authenticate before gaining network access.
What is the difference between RADIUS and TACACS+?
RADIUS combines authentication and authorization, uses UDP (1812/1813), and encrypts only the password. TACACS+ separates AAA functions, uses TCP (49), and encrypts the entire payload. TACACS+ offers more granular control.
What VPN protocols should I know?
Know IPSec (IKE for key exchange, ESP for encryption, AH for authentication), SSL/TLS VPN (browser-based, port 443), and L2TP (often paired with IPSec). Understand site-to-site vs remote access VPN use cases.