(NEWEST 2026) CYBERSECURITY ENGINEERING (CSE) EXAM COMPLETE
QUESTIONS AND 100% CORRECT ANSWERS
1. What is a firewall? A firewall is a network security device that monitors and
controls incoming and outgoing network traffic based on predetermined security
rules. It acts as a barrier between trusted internal networks and untrusted
external networks.
2. What is the difference between stateful and stateless firewalls? Stateful
firewalls track the state of active connections and make decisions based on
context and connection state. Stateless firewalls filter packets based solely on
individual packet information without considering connection context.
3. What is network segmentation? Network segmentation divides a computer
network into smaller parts or segments to improve security and performance.
Each segment operates as a separate network, limiting lateral movement during
breaches.
4. What is a DMZ in network security? A DMZ (Demilitarized Zone) is a
physical or logical subnetwork that contains and exposes an organization's
external-facing services to an untrusted network, usually the internet, while
keeping the internal network secure.
5. What is the OSI model? The OSI (Open Systems Interconnection) model is
a seven-layer conceptual framework that standardizes network communication
functions: Physical, Data Link, Network, Transport, Session, Presentation, and
Application layers.
6. What is a VLAN? A VLAN (Virtual Local Area Network) is a logical
grouping of devices on different physical LANs that communicate as if they
were on the same physical network, providing network segmentation and
improved security.
7. What is ARP spoofing? ARP spoofing is an attack where an attacker sends
falsified ARP messages over a local network, linking their MAC address with
the IP address of a legitimate device, allowing traffic interception.
,8. What is port scanning? Port scanning is a technique used to identify open
ports and services on a networked device. Attackers use it for reconnaissance,
while security professionals use it for vulnerability assessment.
9. What is an IDS? An IDS (Intrusion Detection System) monitors network
traffic for suspicious activity and policy violations, generating alerts when
potential threats are detected.
10. What is an IPS? An IPS (Intrusion Prevention System) monitors network
traffic like an IDS but can also take action to prevent detected threats by
blocking malicious traffic automatically.
11. What is the difference between IDS and IPS? IDS passively monitors and
alerts on threats, while IPS actively prevents threats by blocking or dropping
malicious traffic in real-time.
12. What is a honeypot? A honeypot is a decoy system designed to attract
attackers, allowing security teams to study attack methods and divert threats
from actual production systems.
13. What is network address translation (NAT)? NAT is a method of
remapping IP addresses by modifying network address information in packet
headers while in transit, typically used to conserve public IP addresses and hide
internal network structure.
14. What is a proxy server? A proxy server acts as an intermediary between
clients and other servers, forwarding requests and responses while providing
features like caching, filtering, and anonymity.
15. What is DNS poisoning? DNS poisoning (or DNS cache poisoning) is an
attack that corrupts DNS server data, causing the server to return incorrect IP
addresses and redirect traffic to malicious sites.
16. What is DNSSEC? DNSSEC (DNS Security Extensions) adds
cryptographic signatures to DNS data to ensure authenticity and integrity,
protecting against DNS spoofing and cache poisoning attacks.
17. What is a man-in-the-middle (MITM) attack? A MITM attack occurs
when an attacker secretly intercepts and potentially alters communications
between two parties who believe they are communicating directly with each
other.
18. What is SSL/TLS stripping? SSL/TLS stripping is an attack where an
attacker downgrades an HTTPS connection to HTTP, allowing them to intercept
unencrypted traffic between the victim and the server.
, 19. What is a DDoS attack? A DDoS (Distributed Denial of Service) attack
overwhelms a target system with traffic from multiple sources, making services
unavailable to legitimate users.
20. What are common DDoS mitigation techniques? Common techniques
include rate limiting, traffic filtering, load balancing, CDN services, anycast
routing, and specialized DDoS mitigation services that absorb attack traffic.
21. What is network sniffing? Network sniffing involves capturing and
analyzing network packets to monitor traffic. While legitimate for
troubleshooting, attackers use it to steal sensitive information.
22. What is Wireshark? Wireshark is an open-source network protocol
analyzer that captures and displays packet data in detail, used for network
troubleshooting and security analysis.
23. What is a VPN? A VPN (Virtual Private Network) creates an encrypted
tunnel over a public network, allowing secure remote access and protecting data
confidentiality and integrity.
24. What are the different types of VPNs? Main types include remote-access
VPNs (connect individual users to networks), site-to-site VPNs (connect entire
networks), and SSL/TLS VPNs (browser-based access).
25. What is IPSec? IPSec (Internet Protocol Security) is a protocol suite that
authenticates and encrypts IP packets, commonly used for VPN connections and
secure network communication.
26. What is the difference between tunnel mode and transport mode in
IPSec? Tunnel mode encrypts the entire IP packet and adds a new header, used
for site-to-site VPNs. Transport mode only encrypts the payload, used for end-
to-end communication.
27. What is a MAC address? A MAC (Media Access Control) address is a
unique hardware identifier assigned to network interfaces, used for
communication at the data link layer.
28. What is MAC filtering? MAC filtering is a security measure that allows or
denies network access based on device MAC addresses, though it can be
bypassed through MAC spoofing.
29. What is a subnet mask? A subnet mask divides an IP address into network
and host portions, defining which part identifies the network and which
identifies individual hosts.
QUESTIONS AND 100% CORRECT ANSWERS
1. What is a firewall? A firewall is a network security device that monitors and
controls incoming and outgoing network traffic based on predetermined security
rules. It acts as a barrier between trusted internal networks and untrusted
external networks.
2. What is the difference between stateful and stateless firewalls? Stateful
firewalls track the state of active connections and make decisions based on
context and connection state. Stateless firewalls filter packets based solely on
individual packet information without considering connection context.
3. What is network segmentation? Network segmentation divides a computer
network into smaller parts or segments to improve security and performance.
Each segment operates as a separate network, limiting lateral movement during
breaches.
4. What is a DMZ in network security? A DMZ (Demilitarized Zone) is a
physical or logical subnetwork that contains and exposes an organization's
external-facing services to an untrusted network, usually the internet, while
keeping the internal network secure.
5. What is the OSI model? The OSI (Open Systems Interconnection) model is
a seven-layer conceptual framework that standardizes network communication
functions: Physical, Data Link, Network, Transport, Session, Presentation, and
Application layers.
6. What is a VLAN? A VLAN (Virtual Local Area Network) is a logical
grouping of devices on different physical LANs that communicate as if they
were on the same physical network, providing network segmentation and
improved security.
7. What is ARP spoofing? ARP spoofing is an attack where an attacker sends
falsified ARP messages over a local network, linking their MAC address with
the IP address of a legitimate device, allowing traffic interception.
,8. What is port scanning? Port scanning is a technique used to identify open
ports and services on a networked device. Attackers use it for reconnaissance,
while security professionals use it for vulnerability assessment.
9. What is an IDS? An IDS (Intrusion Detection System) monitors network
traffic for suspicious activity and policy violations, generating alerts when
potential threats are detected.
10. What is an IPS? An IPS (Intrusion Prevention System) monitors network
traffic like an IDS but can also take action to prevent detected threats by
blocking malicious traffic automatically.
11. What is the difference between IDS and IPS? IDS passively monitors and
alerts on threats, while IPS actively prevents threats by blocking or dropping
malicious traffic in real-time.
12. What is a honeypot? A honeypot is a decoy system designed to attract
attackers, allowing security teams to study attack methods and divert threats
from actual production systems.
13. What is network address translation (NAT)? NAT is a method of
remapping IP addresses by modifying network address information in packet
headers while in transit, typically used to conserve public IP addresses and hide
internal network structure.
14. What is a proxy server? A proxy server acts as an intermediary between
clients and other servers, forwarding requests and responses while providing
features like caching, filtering, and anonymity.
15. What is DNS poisoning? DNS poisoning (or DNS cache poisoning) is an
attack that corrupts DNS server data, causing the server to return incorrect IP
addresses and redirect traffic to malicious sites.
16. What is DNSSEC? DNSSEC (DNS Security Extensions) adds
cryptographic signatures to DNS data to ensure authenticity and integrity,
protecting against DNS spoofing and cache poisoning attacks.
17. What is a man-in-the-middle (MITM) attack? A MITM attack occurs
when an attacker secretly intercepts and potentially alters communications
between two parties who believe they are communicating directly with each
other.
18. What is SSL/TLS stripping? SSL/TLS stripping is an attack where an
attacker downgrades an HTTPS connection to HTTP, allowing them to intercept
unencrypted traffic between the victim and the server.
, 19. What is a DDoS attack? A DDoS (Distributed Denial of Service) attack
overwhelms a target system with traffic from multiple sources, making services
unavailable to legitimate users.
20. What are common DDoS mitigation techniques? Common techniques
include rate limiting, traffic filtering, load balancing, CDN services, anycast
routing, and specialized DDoS mitigation services that absorb attack traffic.
21. What is network sniffing? Network sniffing involves capturing and
analyzing network packets to monitor traffic. While legitimate for
troubleshooting, attackers use it to steal sensitive information.
22. What is Wireshark? Wireshark is an open-source network protocol
analyzer that captures and displays packet data in detail, used for network
troubleshooting and security analysis.
23. What is a VPN? A VPN (Virtual Private Network) creates an encrypted
tunnel over a public network, allowing secure remote access and protecting data
confidentiality and integrity.
24. What are the different types of VPNs? Main types include remote-access
VPNs (connect individual users to networks), site-to-site VPNs (connect entire
networks), and SSL/TLS VPNs (browser-based access).
25. What is IPSec? IPSec (Internet Protocol Security) is a protocol suite that
authenticates and encrypts IP packets, commonly used for VPN connections and
secure network communication.
26. What is the difference between tunnel mode and transport mode in
IPSec? Tunnel mode encrypts the entire IP packet and adds a new header, used
for site-to-site VPNs. Transport mode only encrypts the payload, used for end-
to-end communication.
27. What is a MAC address? A MAC (Media Access Control) address is a
unique hardware identifier assigned to network interfaces, used for
communication at the data link layer.
28. What is MAC filtering? MAC filtering is a security measure that allows or
denies network access based on device MAC addresses, though it can be
bypassed through MAC spoofing.
29. What is a subnet mask? A subnet mask divides an IP address into network
and host portions, defining which part identifies the network and which
identifies individual hosts.