KeyTrain's Key Training — Network Security — free practice exam
24 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| IDS/IPS alerts | 17% |
| Port anomalies | 17% |
| Beaconing | 17% |
| ARP spoofing | 17% |
| DNS tunneling | 16% |
| Traffic inspection | 16% |
Sample practice questions
- An attacker on guest Wi-Fi intercepts traffic. BEST network segmentation fix?
- Which control detects DNS tunneling without full TLS break?
- A database server suddenly listens on port 3389 internally. BEST response?
- Which dataset BEST confirms beaconing vs user streaming video?
- DNS analytics show long random subdomains to a newly registered domain from one server. Action?
- Encrypted traffic to a newly registered domain spikes after a phishing click. BEST correlation?
- Exfil over DNS encodes data in TXT queries. BEST mitigation layer?
- Firewall logs show outbound TCP 4444 from a workstation to an unknown IP. What is this commonly associated with?
- A host contacts one IP every 60 seconds with 200-byte HTTPS posts. Likely behavior?
- IDS alerts on TLS encrypted traffic show 'possible C2' with no payload. Next action?
- IPS blocks legitimate ERP traffic after a signature update. BEST immediate step?
- IPS blocks a SQL injection attempt against a legacy app, but app logs show no WAF upstream. Concern?
- Long random subdomains query an unknown domain thousands of times per hour. Suspicion?
- Netflow shows large outbound transfers at 3 a.m. to a cloud storage API. Next step?
- Netflow shows micro-bursts on port 53 to many external IPs. Consider?
- NetFlow shows workstations initiating SMB(445) to hundreds of internal hosts at night. Likely?
- Proxy logs show failed CONNECT attempts every minute from malware sandbox?
- Proxy logs show 64-byte HTTPS posts every 60 seconds to a rare domain for one host. Interpretation?
- Repeated alerts from one internal host scanning many ports on the subnet. Classification?
- Security proposes TLS decryption for egress web traffic on corporate proxies. Main benefit?
- SOC needs visibility into TLS 1.3 east-west traffic. Practical approach?
- Which switch feature mitigates ARP spoofing on access ports?
- Users report SSL warnings only on Wi-Fi in one office. Wireshark on a laptop shows duplicate MAC for the gateway.…
- Users report SSL warnings only on the office Wi-Fi, not VPN. Suspected cause?