MNSE Network Security Essentials Exam, Exams of Technology

The MNSE Network Security Essentials Exam validates essential knowledge of network security concepts, including firewalls, intrusion detection, VPNs, segmentation, and monitoring. Candidates demonstrate understanding of securing enterprise networks against common threats.

Typology: Exams

2025/2026

Available from 01/24/2026

shilpi-jain-2
shilpi-jain-2 🇮🇳

1

(1)

25K documents

1 / 85

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
MNSE Network Security Essentials Exam
**Question 1.** Which OSI layer is primarily responsible for endtoend encryption such as
TLS/SSL?
A) Physical
B) Data Link
C) Network
D) Presentation
Answer: D
Explanation: The Presentation layer (Layer 6) handles data translation and encryption, including
TLS/SSL.
**Question 2.** In IPv6, what is the length of the address field?
A) 32 bits
B) 64 bits
C) 128 bits
D) 256 bits
Answer: C
Explanation: IPv6 addresses are 128 bits long, allowing a vastly larger address space than IPv4.
**Question 3.** Which TCP/UDP port is used by DNS over TCP for zone transfers?
A) 53
B) 67
C) 80
D) 443
Answer: A
Explanation: DNS uses port 53 for both UDP (queries) and TCP (zone transfers and large
responses).
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55

Partial preview of the text

Download MNSE Network Security Essentials Exam and more Exams Technology in PDF only on Docsity!

Question 1. Which OSI layer is primarily responsible for end‑to‑end encryption such as TLS/SSL? A) Physical B) Data Link C) Network D) Presentation Answer: D Explanation: The Presentation layer (Layer 6) handles data translation and encryption, including TLS/SSL. Question 2. In IPv6, what is the length of the address field? A) 32 bits B) 64 bits C) 128 bits D) 256 bits Answer: C Explanation: IPv6 addresses are 128 bits long, allowing a vastly larger address space than IPv4. Question 3. Which TCP/UDP port is used by DNS over TCP for zone transfers? A) 53 B) 67 C) 80 D) 443 Answer: A Explanation: DNS uses port 53 for both UDP (queries) and TCP (zone transfers and large responses).

Question 4. A /24 subnet mask provides how many usable host IP addresses? A) 254 B) 256 C) 252 D) 255 Answer: A Explanation: A /24 network has 256 total addresses; subtract network and broadcast addresses leaves 254 usable hosts. Question 5. Which component of the CIA triad is primarily addressed by redundancy and load‑balancing? A) Confidentiality B) Integrity C) Availability D) Authentication Answer: C Explanation: Redundancy and load‑balancing improve system availability, ensuring services remain accessible. Question 6. In a defense‑in‑depth model, which of the following is the outermost layer? A) Host‑based firewall B) Application security C) Perimeter firewall D) Encryption at rest Answer: C Explanation: Perimeter firewalls constitute the first line of defense, protecting the network edge.

Explanation: The Web Setup Wizard is the first‑time configuration tool for basic parameters. Question 10. A Feature Key in a firewall appliance is primarily used to: A) Unlock hardware ports B) Enable licensed security services (e.g., IPS, GAV) C) Reset the admin password D) Perform firmware upgrades Answer: B Explanation: Feature Keys grant access to optional, subscription‑based security services. Question 11. Which method is safest for preserving a firewall’s configuration before a major upgrade? A) Exporting the running config via CLI and storing on a USB drive B) Taking a screenshot of the web UI C) Copy‑and‑paste the config into a text editor D) Relying on automatic cloud backup Answer: A Explanation: Exporting the configuration file ensures an exact, restorable copy. Question 12. Which management interface provides granular command‑line control and scripting capabilities? A) Web UI B) Mobile App C) CLI (Command Line Interface) D) SNMP Manager Answer: C

Explanation: The CLI allows detailed configuration, automation, and troubleshooting beyond the web UI. Question 13. Role‑Based Administration primarily helps to: A) Increase firewall throughput B) Separate duties and limit user permissions C) Reduce hardware costs D) Enable VPN tunneling Answer: B Explanation: RBAC assigns specific rights to admins, enforcing the principle of least privilege. Question 14. When downgrading firmware, which risk is most likely? A) Loss of licensed features B) Increase in CPU performance C) Automatic re‑enrollment of devices D) Expansion of the NAT table size Answer: A Explanation: Older firmware may not support newer licensed features, causing them to become unavailable. Question 15. In a firewall, a “Trusted” interface is typically used for: A) Internet‑facing traffic B) DMZ servers C) Internal LAN segments D) Guest Wi‑Fi Answer: C Explanation: Trusted interfaces connect to internal, protected networks.

Question 19. NAT Loopback allows internal clients to access a public‑facing service using: A) The internal IP address only B) The public IP address of the service C) The DNS server’s IP address D) A VPN tunnel Answer: B Explanation: NAT Loopback (hairpinning) translates the public IP back to the internal server for internal clients. Question 20. Which routing protocol exchanges full routing tables only when a change occurs, reducing bandwidth usage? A) RIP B) OSPF C) BGP D) EIGRP Answer: D Explanation: EIGRP uses Diffusing Update Algorithm (DUA) to send incremental updates only when topology changes. Question 21. In a Multi‑WAN failover configuration, the primary link is defined by: A) Lowest latency metric B) Highest bandwidth metric C) Primary/Secondary designation in the WAN order list D) Random selection algorithm Answer: C

Explanation: The WAN order list determines which interface is primary; if it fails, the secondary takes over. Question 22. SD‑WAN path selection can be based on: A) MAC address only B) Application‑aware policies such as latency, jitter, and packet loss C) Fixed static routes only D) Physical cable length Answer: B Explanation: SD‑WAN uses real‑time performance metrics to steer traffic per application requirements. Question 23. When configuring the firewall’s built‑in DHCP server, which option provides automatic DNS server information to clients? A) Option 3 (Router) B) Option 6 (Domain Name Server) C) Option 15 (Domain Name) D) Option 42 (NTP Server) Answer: B Explanation: DHCP Option 6 delivers DNS server addresses to requesting clients. Question 24. DNS forwarding on a firewall is primarily used to: A) Block all DNS queries B) Resolve external domain names using a specified upstream DNS server C) Provide internal DNS zones only D) Encrypt DNS traffic with TLS Answer: B

Answer: A Explanation: Schedules enable time‑based activation or deactivation of policies. Question 28. Enabling logging on a firewall policy provides: A) Increased throughput B) Detailed records of matched traffic for audit and troubleshooting C) Automatic remediation of threats D) Encryption of all traffic Answer: B Explanation: Logging captures session details, useful for forensics and monitoring. Question 29. Which proxy action is required to inspect HTTPS traffic for malware? A) HTTP Proxy (Transparent) B) SSL‑Inspection (HTTPS Proxy) with certificate installation C) FTP Proxy D) SMTP Proxy Answer: B Explanation: SSL‑Inspection decrypts HTTPS traffic, allowing DPI and malware scanning. Question 30. Deep Packet Inspection (DPI) primarily operates at which OSI layer? A) Layer 1 (Physical) B) Layer 2 (Data Link) C) Layer 3 (Network) D) Layer 7 (Application) Answer: D Explanation: DPI examines payload content, which resides at the Application layer.

Question 31. In a content rule, “Domain Name Rules” are used to: A) Block IP addresses only B) Filter traffic based on fully qualified domain names (FQDN) C) Restrict MAC addresses D) Enforce VLAN tagging Answer: B Explanation: Domain Name Rules match against DNS‑resolved FQDNs for URL filtering. Question 32. Which proxy action is essential for scanning inbound SMTP attachments for viruses? A) FTP Proxy B) HTTP Proxy C) SMTP Proxy with content inspection enabled D) DNS Proxy Answer: C Explanation: The SMTP proxy can inspect email content and attachments for malware. Question 33. Gateway AntiVirus (GAV) primarily protects against: A) Unauthorized IP addresses B) Malicious files transferred via HTTP, FTP, SMTP, and SMB C) DDoS attacks D) Weak passwords Answer: B Explanation: GAV scans files crossing the firewall for known malware signatures.

A) Blocking all inbound traffic by default B) Sending suspicious files to a sandbox for dynamic analysis C) Disabling SSL/TLS D) Limiting bandwidth to 1 Mbps Answer: B Explanation: APT Blocker uses sandboxing to detect advanced threats that bypass signature‑based detection. Question 38. Geolocation filtering works by: A) Inspecting packet payload for country codes B) Matching source or destination IP addresses to geographic databases C) Using DNS queries only D) Requiring VPN tunnels for foreign traffic Answer: B Explanation: Geolocation maps IP ranges to countries, enabling block/allow decisions based on location. Question 39. Local authentication on a firewall stores user credentials in: A) An external RADIUS server B) The device’s internal user database C) Cloud Active Directory D) A third‑party LDAP directory Answer: B Explanation: Local authentication relies on the firewall’s own user account repository. Question 40. Which external authentication protocol uses UDP port 1812 for authentication requests?

A) LDAP

B) RADIUS

C) TACACS+

D) Kerberos Answer: B Explanation: RADIUS uses UDP 1812 (authentication) and 1813 (accounting) by default. Question 41. The Authentication Portal (Captive Portal) is typically presented to: A) VPN clients only B) Users attempting to access the Internet from an unauthenticated network segment C) Administrators configuring the firewall D. Internal servers for patch management Answer: B Explanation: Captive portals intercept web traffic of unauthenticated users, prompting login before granting access. Question 42. Single Sign‑On (SSO) agents simplify user experience by: A) Requiring a separate password for each firewall service B) Allowing users to authenticate once and gain access to multiple resources without re‑entering credentials C) Disabling MFA D) Encrypting all traffic with a single key Answer: B Explanation: SSO provides credential reuse across integrated services after an initial login. Question 43. Multi‑Factor Authentication (MFA) enhances security by: A) Using only a strong password

A) Unified policy distribution B) Individual device firmware upgrades from a single pane C) Increased per‑device throughput D) Centralized logging and reporting Answer: C Explanation: Central management does not affect the hardware throughput of each firewall. Question 47. When configuring a static route, the “next‑hop” address must be: A) The destination network’s broadcast address B) An IP address reachable on the firewall’s directly connected interface C) The same as the destination IP D) A MAC address of the target host Answer: B Explanation: The next‑hop must be reachable via a directly connected interface to forward traffic correctly. Question 48. Which protocol is commonly used for secure remote management of a firewall’s CLI? A) Telnet B) FTP C) SSH D. HTTP Answer: C Explanation: SSH provides encrypted command‑line access, unlike plaintext Telnet. Question 49. A firewall’s “policy precedence” is determined by: A) The order of policies in the list (top‑down)

B) The highest port number used C) The amount of RAM allocated D. The firmware version Answer: A Explanation: Policies are evaluated sequentially; the first matching rule takes effect. Question 50. Which of the following best describes a “stateless” packet filter? A) It tracks connection state and allows return traffic automatically B) It evaluates each packet in isolation, without memory of prior packets C) It inspects payload for viruses D. It performs SSL decryption Answer: B Explanation: Stateless filters have no session awareness; each packet is treated independently. Question 51. The primary purpose of a “DMZ” (demilitarized zone) in network design is to: A) Host internal user desktops B) Provide a buffer zone for publicly accessible services while protecting the internal network C. Store backup tapes D. Increase Wi‑Fi coverage Answer: B Explanation: DMZ isolates external‑facing servers, limiting exposure to the internal LAN. Question 52. Which of the following is an example of a “spoofing” attack? A) Sending a flood of SYN packets to exhaust a server B) Crafting packets with a forged source IP address to appear as if they originate from a trusted host

A. Random selection only B. Round‑robin, weighted, or latency‑based algorithms C. VLAN ID alone D. DNS server responses Answer: B Explanation: Load‑balancing uses algorithms (round‑robin, weighted, latency) to spread traffic across links. Question 56. Which DNS record type maps a domain name to an IPv6 address? A. A record B. AAAA record C. CNAME record D. MX record Answer: B Explanation: AAAA records store IPv6 addresses for a given hostname. Question 57. A firewall rule that denies traffic from 10.0.0.0/8 to any external address is an example of: A. Outbound filtering B. Inbound filtering C. VPN passthrough rule D. NAT rule Answer: A Explanation: The rule blocks traffic originating from the internal 10.0.0.0/8 network heading outward. Question 58. Which of the following is true about “stateful inspection” of FTP traffic?

A. It only inspects the control channel (port 21) B. It dynamically opens data‑channel ports based on the control session C. It blocks all FTP traffic by default D. It requires a separate proxy service for inspection Answer: B Explanation: Stateful FTP inspection tracks the control session to allow related dynamic data‑channel ports. Question 59. When configuring an IPS signature, the “action” set to “Detect” will: A. Drop the packet immediately B. Log the event but allow the traffic to pass C. Quarantine the host automatically D. Rewrite the packet payload Answer: B Explanation: “Detect” mode logs the intrusion attempt without interrupting the flow. Question 60. The primary purpose of the “WebBlocker” subscription is to: A. Provide antivirus scanning for web downloads B. Categorize and block URLs based on content categories C. Perform SSL termination for internal servers D. Manage DHCP leases Answer: B Explanation: WebBlocker supplies URL categorization for policy‑based web filtering. Question 61. Which firewall feature allows you to automatically block traffic from IPs that have generated a certain number of IDS alerts? A. Auto‑Blacklist (Dynamic Block List)