# NETWORK SECURITY COMPREHENSIVE
EXAM REVIEW
## 200+ PRACTICE QUESTIONS WITH DETAILED
RATIONALES
### 2026/2027 EDITION | ALIGNED WITH
COMPTIA SECURITY+ SY0-701 & CND
OBJECTIVES
## SECTION I: NETWORK SECURITY FUNDAMENTALS &
ARCHITECTURE
### Questions 1-35
**Question 1**
Which of the following BEST describes the goal of implementing a defense-in-
depth security strategy?
A) Installing multiple firewalls from different vendors
B) Using multiple layers of security controls to protect assets
C) Implementing the most expensive security solutions available
D) Focusing all security efforts on perimeter defense
**Answer: B**
,2|Page
**Rationale:** Defense-in-depth uses multiple overlapping security layers
(perimeter, network, host, application, data) so that if one layer fails, others still
protect the asset . This approach recognizes that no single control is sufficient.
---
**Question 2**
A security architect is designing a network with a "zero trust" architecture. Which
principle is MOST fundamental to this approach?
A) Trust all internal network traffic by default
B) Never trust any user or device, always verify
C) Encrypt all data regardless of sensitivity
D) Implement the strongest perimeter firewall possible
**Answer: B**
**Rationale:** Zero trust assumes no implicit trust is granted to users or devices,
regardless of their location . Every access request must be authenticated,
authorized, and continuously validated. This is a key shift from traditional
perimeter-based security models.
---
**Question 3**
,3|Page
Which of the following is a physical security control that protects network
infrastructure?
A) Firewall rules
B) Access control vestibule (mantrap)
C) Intrusion detection system
D) Encryption
**Answer: B**
**Rationale:** Physical controls include locks, biometric readers, access control
vestibules (mantraps), security cameras, and guards that protect physical access to
facilities . Firewall rules and IDS are technical controls; encryption is a
cryptographic control.
---
**Question 4**
In the context of the CIA triad, which concept ensures that data is accessible to
authorized users when needed?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
, 4|Page
**Answer: C**
**Rationale:** Availability ensures that data and systems are accessible to
authorized users when needed . This is achieved through redundancy, backup
systems, and disaster recovery planning. Availability is one of the three pillars of
the CIA triad.
---
**Question 5**
What is the primary purpose of network segmentation?
A) To increase network speed
B) To reduce the attack surface and limit lateral movement
C) To simplify network management
D) To reduce hardware costs
**Answer: B**
**Rationale:** Network segmentation divides a network into smaller logical
segments, limiting the spread of threats and restricting access between segments .
This significantly reduces the attack surface and prevents lateral movement by
attackers.
---