Certified Network Defender (CND)

Practice Exam Questions and Answers

To access the complete practice exam with detailed questions and

answers, follow these easy steps:
 Copy the URL below
 Paste it into your browser's address bar.
 Download your practice exam to start studying

https://www.preppool.com/test-prep/certified-network-defender-cnd-practice-exam/

Hit Us Email for Any Inquiry at: [email protected]

Visit our website for More Practice Exams :

https://www.preppool.com/

The Certified Network Defender (CND) exam evaluates a

candidate’s ability to protect, detect, and respond to
network security threats. This test covers Advanced
Persistent Threats (APTs), which involve stealthy, long-term
access to networks, requiring behavioral analysis for
detection. Forensic analysis is essential for investigating
security incidents, with tools like Wireshark playing a key
role in capturing network evidence.

Network anomaly detection focuses on identifying deviations

from normal traffic patterns, utilizing tools like Zeek to
detect unusual spikes in DNS requests or unauthorized
access attempts. Ransomware defense is another critical
component, emphasizing proactive strategies like regular
backups, email security awareness, and system isolation in
case of infection.

Threat hunting involves actively searching for hidden

security threats before they cause damage, leveraging
frameworks like MITRE ATT&CK to analyze adversary
 techniques. Network hardening strategies help strengthen
security by implementing multi-factor authentication,
disabling unnecessary services, and enforcing a “default
deny” firewall rule.

This CND exam ensures that security professionals possess

the expertise to safeguard networks against modern cyber
threats by combining proactive defense mechanisms,
forensic analysis, and incident response strategies to
maintain network integrity.

Sample Questions and Answers

 Which of the following best defines network security?

a) Protecting physical network cables
b) Ensuring only authorized users can access network
resources
c) Restricting access to a single network device
d) Blocking all inbound traffic
Answer: b) Ensuring only authorized users can access
network resources
Explanation: Network security involves implementing
policies, technologies, and practices to prevent unauthorized
access, data breaches, and cyber threats while ensuring
legitimate users can use the network.

 Which security principle ensures that data is only

accessible to authorized individuals?
a) Integrity
b) Availability
c) Confidentiality
d) Authentication
Answer: c) Confidentiality
Explanation: Confidentiality ensures that sensitive data is
not accessed by unauthorized individuals, often using
encryption and access control measures.
 What is the main purpose of a firewall in a network?
a) To analyze network performance
b) To restrict unauthorized access
c) To physically protect network devices
d) To enable all traffic flow
Answer: b) To restrict unauthorized access
Explanation: Firewalls monitor and control incoming and
outgoing traffic based on security rules, helping to block
malicious or unauthorized access attempts.

 Which of the following is a common network attack

that attempts to overwhelm a server with excessive
traffic?
a) Man-in-the-Middle attack
b) Denial-of-Service attack
c) SQL Injection
d) Phishing
Answer: b) Denial-of-Service attack
Explanation: A Denial-of-Service (DoS) attack floods a
server with requests, making it unavailable to legitimate
users.

 Which of the following is an example of social

engineering?
a) Exploiting a software vulnerability
b) Sending a phishing email to trick a user
c) Launching a brute-force attack
d) Using a packet sniffer to capture data
Answer: b) Sending a phishing email to trick a user
Explanation: Social engineering involves manipulating
individuals into divulging confidential information, such as
through phishing emails that trick users into providing login
credentials.

 A company is experiencing repeated brute-force

attacks on their network. Which security control
would best mitigate this?
a) Deploying a honeypot
b) Implementing strong password policies and account
lockout features
 c) Increasing bandwidth
d) Using static IP addresses
Answer: b) Implementing strong password policies and
account lockout features
Explanation: Brute-force attacks can be mitigated by
enforcing strong passwords, using multi-factor
authentication, and implementing account lockout policies
after multiple failed attempts.

 Which of the following is a primary function of an

Intrusion Detection System (IDS)?
a) Preventing all network attacks
b) Monitoring and alerting on suspicious activity
c) Encrypting sensitive data
d) Blocking unauthorized IP addresses
Answer: b) Monitoring and alerting on suspicious activity
Explanation: IDS monitors network traffic for malicious
activity and generates alerts but does not actively prevent
attacks.

 Which encryption protocol is commonly used to

secure VPN connections?
a) WEP
b) SSL/TLS
c) PPTP
d) IPSec
Answer: d) IPSec
Explanation: IPSec (Internet Protocol Security) is widely
used to secure VPN communications by encrypting data and
ensuring secure data transmission.

 What is the main purpose of using a proxy server in

network security?
a) To improve network speed
b) To filter and monitor internet traffic
c) To assign IP addresses dynamically
d) To store user credentials
Answer: b) To filter and monitor internet traffic
Explanation: Proxy servers act as intermediaries between
 users and the internet, filtering and monitoring traffic to
improve security.

 What is the first step in the incident response

process?
a) Containment
b) Eradication
c) Identification
d) Recovery
Answer: c) Identification
Explanation: The first step is identifying and confirming a
security incident before taking further action.

 Which of the following is an example of a physical

security control?
a) Firewall
b) Antivirus software
c) Biometric access control
d) Network segmentation
Answer: c) Biometric access control
Explanation: Physical security controls, such as biometric
authentication, prevent unauthorized physical access to
sensitive areas.

 Which framework is widely used for risk assessment

in cybersecurity?
a) ISO 27001
b) IEEE 802.11
c) HTML5
d) TCP/IP
Answer: a) ISO 27001
Explanation: ISO 27001 provides guidelines for information
security risk management and best practices.

 Which layer of the OSI model is responsible for end-

to-end encryption?
a) Data Link
b) Transport
 c) Network
d) Application
Answer: b) Transport
Explanation: The Transport Layer (Layer 4) is responsible
for encryption using protocols like TLS and SSL, ensuring
secure data transmission.

 What is the purpose of network segmentation?

a) To slow down network traffic
b) To divide a network into isolated segments for security
c) To prevent encryption
d) To allow unrestricted data flow
Answer: b) To divide a network into isolated segments for
security
Explanation: Network segmentation reduces the attack
surface by isolating sensitive systems, limiting lateral
movement in case of a breach.

 Which protocol is primarily used for secure remote

administration of network devices?
a) FTP
b) Telnet
c) SSH
d) HTTP
Answer: c) SSH
Explanation: SSH (Secure Shell) encrypts remote
administration sessions, unlike Telnet, which transmits data
in plaintext.

 Which attack involves intercepting and altering

communication between two parties?
a) DDoS
b) Man-in-the-Middle (MitM)
c) SQL Injection
d) Phishing
Answer: b) Man-in-the-Middle (MitM)
Explanation: MitM attacks involve intercepting
communication between two parties to steal or modify data.
 Which type of malware disguises itself as legitimate
software to gain access?
a) Worm
b) Trojan Horse
c) Ransomware
d) Rootkit
Answer: b) Trojan Horse
Explanation: Trojans appear legitimate but execute
malicious actions once installed.

 What is the best defense against ARP spoofing

attacks?
a) Using static IP addresses
b) Enabling dynamic ARP inspection
c) Blocking all ICMP traffic
d) Increasing firewall rules
Answer: b) Enabling dynamic ARP inspection
Explanation: Dynamic ARP Inspection (DAI) helps prevent
ARP spoofing by verifying ARP packets.

 Which of the following provides real-time monitoring

and blocking of suspicious network activity?
a) IDS
b) IPS
c) Honeypot
d) Packet Sniffer
Answer: b) IPS
Explanation: An Intrusion Prevention System (IPS) actively
blocks suspicious traffic, unlike an Intrusion Detection
System (IDS), which only alerts administrators.

 Which protocol is used for securing wireless

networks?
a) WEP
b) WPA2
c) Telnet
d) FTP
 Answer: b) WPA2
Explanation: WPA2 provides strong encryption for wireless
networks, unlike WEP, which is vulnerable to attacks.

 Which type of firewall filters traffic based on

predefined rules at the application layer?
a) Packet-filtering firewall
b) Stateful firewall
c) Web Application Firewall (WAF)
d) Proxy firewall
Answer: c) Web Application Firewall (WAF)
Explanation: A WAF specifically protects web applications
by filtering HTTP/S traffic and preventing attacks like SQL
injection and XSS.

 What is the primary purpose of VLANs in network

security?
a) To increase network speed
b) To separate different types of traffic for security
c) To replace physical firewalls
d) To store encryption keys
Answer: b) To separate different types of traffic for security
Explanation: VLANs logically segment networks, reducing
attack vectors and isolating sensitive systems.

 Which security measure helps prevent brute-force

attacks on SSH?
a) Disabling firewalls
b) Enabling password reuse
c) Using fail2ban or IP blocking
d) Allowing unlimited login attempts
Answer: c) Using fail2ban or IP blocking
Explanation: Fail2ban blocks IP addresses after multiple
failed login attempts, preventing brute-force attacks.

 Which type of DNS attack redirects users to malicious

websites?
a) DNS Poisoning
b) SYN Flood
 c) MAC Spoofing
d) Man-in-the-Browser
Answer: a) DNS Poisoning
Explanation: DNS poisoning corrupts DNS records,
redirecting users to fraudulent sites.

 Which step in incident response involves containing

the attack to prevent further damage?
a) Identification
b) Containment
c) Recovery
d) Eradication
Answer: b) Containment
Explanation: Containment isolates affected systems to limit
the attack’s impact before eradication.

 What is the main goal of digital forensics in

cybersecurity?
a) To prevent all cyber threats
b) To analyze security logs
c) To collect and analyze evidence of cyber incidents
d) To configure firewalls
Answer: c) To collect and analyze evidence of cyber
incidents
Explanation: Digital forensics involves gathering,
preserving, and analyzing data for legal or investigative
purposes.

 Which file system is commonly used for forensic

investigations due to its ability to log changes?
a) FAT32
b) NTFS
c) exFAT
d) EXT2
Answer: b) NTFS
Explanation: NTFS logs file changes and permissions,
aiding forensic investigations.
 What is the primary objective of a security audit?
a) To increase internet speed
b) To identify security vulnerabilities and compliance issues
c) To install new network hardware
d) To replace passwords
Answer: b) To identify security vulnerabilities and
compliance issues
Explanation: Security audits evaluate security policies,
compliance, and risk exposure.

 Which framework is commonly used for cybersecurity

risk management?
a) ITIL
b) NIST Cybersecurity Framework
c) Agile
d) ISO 50001
Answer: b) NIST Cybersecurity Framework
Explanation: The NIST framework helps organizations
manage and improve cybersecurity risk posture.

 Which regulation mandates the protection of

healthcare information in the U.S.?
a) GDPR
b) HIPAA
c) PCI DSS
d) ISO 27002
Answer: b) HIPAA
Explanation: HIPAA requires healthcare organizations to
protect patient data.

 Which of the following is a key security concern in

cloud computing?
a) Limited storage
b) Physical access to the server
c) Data confidentiality and access control
d) Inability to scale resources
Answer: c) Data confidentiality and access control
Explanation: Cloud environments pose security risks due to
 data being stored off-premises, requiring strong encryption
and access controls.

 Which cloud deployment model provides exclusive

access to a single organization?
a) Public cloud
b) Private cloud
c) Hybrid cloud
d) Community cloud
Answer: b) Private cloud
Explanation: A private cloud is dedicated to one
organization, offering greater control and security.

 What is a common risk associated with multi-tenant

cloud environments?
a) Higher hardware costs
b) Increased security from isolation
c) Data leakage due to improper segmentation
d) The inability to manage encryption
Answer: c) Data leakage due to improper segmentation
Explanation: Multi-tenant environments may be vulnerable
if proper isolation mechanisms are not in place.

 Which encryption method uses a single key for both

encryption and decryption?
a) Asymmetric encryption
b) Hashing
c) Symmetric encryption
d) Digital signatures
Answer: c) Symmetric encryption
Explanation: Symmetric encryption uses one key, making it
fast but requiring secure key distribution.

 What is the primary advantage of asymmetric

encryption?
a) Faster processing speed
b) A single key for encryption and decryption
c) No need for key distribution
d) Stronger security by using public and private keys
 Answer: d) Stronger security by using public and private
keys
Explanation: Asymmetric encryption uses key pairs
(public/private), enhancing security for data transmission.

 Which protocol ensures secure email communication

through encryption?
a) POP3
b) IMAP
c) SMTP
d) S/MIME
Answer: d) S/MIME
Explanation: S/MIME (Secure/Multipurpose Internet Mail
Extensions) provides encryption and authentication for
emails.

 Which VPN protocol provides the highest security by

encrypting both the authentication and data
transmission?
a) PPTP
b) L2TP
c) IPSec
d) HTTP
Answer: c) IPSec
Explanation: IPSec secures network communications by
encrypting data packets and authentication exchanges.

 What is the main benefit of using a VPN for remote

workers?
a) Faster internet speeds
b) Secure access to company resources over public networks
c) Avoiding antivirus software
d) Increased network congestion
Answer: b) Secure access to company resources over public
networks
Explanation: VPNs encrypt traffic, allowing remote users to
securely access internal resources.

 Which type of VPN requires client software to

establish a connection?
 a) Site-to-Site VPN
b) Client-to-Site VPN
c) Always-On VPN
d) Proxy VPN
Answer: b) Client-to-Site VPN
Explanation: A Client-to-Site VPN requires a user device to
establish a secure connection to the network.

 What is the primary purpose of network traffic

analysis?
a) To slow down network performance
b) To identify security threats and anomalies
c) To restrict internet usage
d) To install new network devices
Answer: b) To identify security threats and anomalies
Explanation: Traffic analysis helps detect unusual activity,
such as DDoS attacks and malware infections.

 Which tool is commonly used for packet sniffing and

network traffic analysis?
a) Wireshark
b) Metasploit
c) Nessus
d) Nmap
Answer: a) Wireshark
Explanation: Wireshark captures and analyzes network
packets for troubleshooting and security monitoring.

 Which technique helps detect and prevent insider

threats in a network?
a) Network segmentation
b) Endpoint encryption
c) User behavior analytics (UBA)
d) Disabling logging
Answer: c) User behavior analytics (UBA)
Explanation: UBA detects abnormal user activities that
may indicate insider threats.
 What is the primary function of Endpoint Detection
and Response (EDR) solutions?
a) To block all USB devices
b) To detect, investigate, and respond to threats on
endpoints
c) To remove all antivirus software
d) To monitor only network traffic
Answer: b) To detect, investigate, and respond to threats
on endpoints
Explanation: EDR solutions help identify and mitigate
threats at endpoint devices.

 Which technique is commonly used to prevent

malware execution?
a) Firewall logging
b) Application whitelisting
c) Network sniffing
d) Password complexity rules
Answer: b) Application whitelisting
Explanation: Whitelisting allows only approved applications
to run, reducing malware risks.

 What is a common sign of a botnet-infected endpoint?

a) Improved internet speed
b) Unusual outgoing traffic to unknown servers
c) Frequent antivirus updates
d) Decreased CPU usage
Answer: b) Unusual outgoing traffic to unknown servers
Explanation: Botnets communicate with command-and-
control (C2) servers, often causing abnormal network traffic.

 Which physical security control can help prevent

unauthorized access to network devices?
a) Biometric authentication
b) Wi-Fi encryption
c) Antivirus software
d) Intrusion detection systems
 Answer: a) Biometric authentication
Explanation: Biometric security (fingerprint or facial
recognition) prevents unauthorized access to secure areas.

 What is the most effective way to defend against

phishing attacks?
a) Installing firewalls
b) User training and email filtering
c) Using VPNs
d) Disabling web browsers
Answer: b) User training and email filtering
Explanation: Phishing is best prevented through security
awareness training and email filtering tools.

 Which security measure can prevent tailgating

attacks in a secure facility?
a) Password complexity rules
b) Multi-factor authentication
c) Security guards and badge access systems
d) VPN implementation
Answer: c) Security guards and badge access systems
Explanation: Tailgating occurs when unauthorized
individuals follow employees into restricted areas; badge
access controls mitigate this risk.