














































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Network Defense Essentials NDE Ultimate Exam focuses on cybersecurity fundamentals related to network defense. Topics include threat detection, firewalls, intrusion prevention systems, and security best practices. This exam helps candidates develop skills needed to protect network environments.
Typology: Exams
1 / 86
This page cannot be seen from the preview
Don't miss anything!















































































Question 1. Which of the following best describes the primary goal of the confidentiality principle in network defense? A) Ensuring systems are always operational B) Preventing unauthorized disclosure of information C) Detecting intrusions in real time D) Verifying the identity of users Answer: B Explanation: Confidentiality focuses on protecting data from being accessed by unauthorized parties, ensuring that only those with proper clearance can view the information. Question 2. In the CIA triad, the “integrity” component primarily protects against which of the following threats? A) Data loss due to hardware failure B) Unauthorized modification of data C) Denial of service attacks D) Eavesdropping on network traffic Answer: B Explanation: Integrity ensures that data remains accurate and unaltered unless changes are authorized and properly logged. Question 3. Which of the following challenges is most commonly associated with maintaining availability in modern cloud environments? A) Key management complexity B) Scaling resources to meet demand spikes C) Lack of encryption standards D) Physical theft of servers Answer: B Explanation: Cloud services must dynamically allocate resources to handle variable workloads; failure to scale can lead to downtime, affecting availability.
Question 4. The NIST Cybersecurity Framework is an example of which type of security framework? A) Regulatory compliance framework B) Risk management framework C) Information assurance framework D) Incident response framework Answer: C Explanation: NIST’s framework provides guidelines for protecting information assets and is widely used as an IA (Information Assurance) reference. Question 5. Which administrative control would most effectively reduce the risk of social engineering attacks? A) Installing a hardware firewall B) Conducting periodic security awareness training C) Implementing VLAN segmentation D) Deploying an intrusion prevention system Answer: B Explanation: Security awareness training educates employees on recognizing and responding to social engineering attempts, thereby reducing risk. Question 6. Which of the following is a physical security control? A) Role‑Based Access Control (RBAC) B) Biometric authentication C) Security guard patrols D) Encryption of data at rest Answer: C Explanation: Physical controls involve tangible measures such as security personnel, locks, and barriers to protect assets. Question 7. Which protocol provides secure remote command‑line access to a network device?
A) Individual users directly B) Groups of users based on job function C) All users by default D) Devices rather than users Answer: B Explanation: RBAC assigns permissions to roles (e.g., “Network Engineer”), and users acquire those permissions by being assigned the role. Question 11. Which IAM process ensures that a user’s access rights are removed promptly when they leave the organization? A) Provisioning B) Authentication C) De‑provisioning D) Authorization Answer: C Explanation: De‑provisioning revokes access and disables accounts when an employee departs, reducing insider threat risk. Question 12. Multi‑Factor Authentication (MFA) typically requires which combination of factors? A) Two passwords B) Something you know and something you have C) Two biometric scans D) Username and password only Answer: B Explanation: MFA combines at least two categories: knowledge (password), possession (token), or inherence (biometrics) to strengthen authentication. Question 13. Which technology allows a user to log in once and gain access to multiple applications without re‑entering credentials?
B) SSO (Single Sign‑On) C) RADIUS D) TACACS+ Answer: B Explanation: SSO authenticates the user a single time and then provides a token or ticket for subsequent access to other services. Question 14. The principle of “least privilege” primarily applies to which security function? A) Encryption algorithm selection B) Access control and authorization C) Physical barrier design D) Network bandwidth allocation Answer: B Explanation: Least privilege ensures users receive only the permissions necessary to perform their duties, minimizing potential misuse. Question 15. Which of the following is a regulatory framework that mandates protection of personal data of EU citizens? A) HIPAA B) PCI‑DSS C) GDPR D) SOX Answer: C Explanation: The General Data Protection Regulation (GDPR) sets strict rules for handling personal data of individuals in the European Union. Question 16. Under HIPAA, which of the following is considered a “covered entity”? A) A cloud service provider hosting medical records
B) Security fence with anti‑climb features C) Network segmentation D) Data loss prevention software Answer: B Explanation: A sturdy fence with anti‑climb measures is a physical barrier that deters and delays unauthorized physical access. Question 20. A “man‑trap” is an example of which type of physical security control? A) Environmental control B) Technical control C) Administrative control D) Access control device Answer: D Explanation: A man‑trap restricts passage to one person at a time, verifying credentials before allowing entry, thus serving as an access control mechanism. Question 21. Which environmental control protects server rooms from overheating? A) Fire suppression system B) UPS (Uninterruptible Power Supply) C) HVAC (Heating, Ventilation, and Air Conditioning) D) CCTV monitoring Answer: C Explanation: HVAC systems regulate temperature and humidity, preventing equipment failure due to heat. Question 22. What is the primary purpose of a UPS in a data center? A) To filter network traffic B) To provide temporary power during outages C) To encrypt data at rest
D) To monitor user activity logs Answer: B Explanation: An Uninterruptible Power Supply supplies backup power, allowing graceful shutdown or continuation of operations during power loss. Question 23. Which network segmentation technique uses logical separation at Layer 2? A) Physical cabling separation B) VLANs (Virtual LANs) C) Subnetting with different IP ranges D) Application‑level firewalls Answer: B Explanation: VLANs tag frames with a VLAN ID, creating separate broadcast domains within the same physical switch infrastructure. Question 24. A /24 subnet mask provides how many usable host IP addresses? A) 254 B) 256 C) 255 D) 252 Answer: A Explanation: A /24 subnet has 256 total addresses; subtracting network and broadcast addresses leaves 254 usable host addresses. Question 25. Which firewall type inspects the state of active connections and makes decisions based on session context? A) Packet‑filtering firewall B) Stateful inspection firewall C) Proxy (application‑level) firewall D) Next‑Generation Firewall (NGFW)
Explanation: Anomaly‑based detection flags traffic that differs from established normal patterns, catching unknown attacks. Question 29. A honeypot is primarily used to: A) Accelerate network throughput B) Store encrypted backups C) Attract and study attacker behavior D) Provide load balancing for web servers Answer: C Explanation: Honeypots simulate vulnerable systems to lure attackers, allowing defenders to observe tactics without risking production assets. Question 30. Which proxy type operates at the application layer and can cache web content for faster retrieval? A) Transparent proxy B) Reverse proxy C) Forward proxy D) SOCKS proxy Answer: B Explanation: A reverse proxy sits in front of web servers, handling client requests, caching content, and providing load balancing and security functions. Question 31. Which VPN protocol uses IPSec for encryption and is commonly employed for site‑to‑site connections? A) PPTP B) L2TP/IPSec C) SSL/TLS VPN D) GRE Answer: B
Explanation: L2TP combined with IPSec provides strong encryption and is widely used for secure tunnel creation between sites. Question 32. SIEM systems primarily provide which capability? A) Packet forwarding B) Real‑time log aggregation, correlation, and alerting C) Physical access control D) Endpoint malware scanning Answer: B Explanation: Security Information and Event Management (SIEM) collects logs from multiple sources, correlates events, and generates alerts for potential incidents. Question 33. In virtualization, the hypervisor’s main security responsibility is to: A) Encrypt all VM traffic automatically B) Isolate VMs from each other and the host OS C) Provide DNS services to VMs D) Manage user passwords for VMs Answer: B Explanation: The hypervisor enforces isolation, ensuring that one VM cannot interfere with another or the underlying host. Question 34. Which cloud service model delivers a complete application over the internet, requiring minimal client‑side management? A) IaaS (Infrastructure as a Service) B) PaaS (Platform as a Service) C) SaaS (Software as a Service) D) DaaS (Desktop as a Service) Answer: C
Explanation: WPA introduced TKIP, which dynamically generates keys for each packet, improving over the static key of WEP. Question 38. The 802.1X standard is primarily used for which wireless security function? A) Encrypting data frames B) Authenticating users or devices before network access C) Hiding SSID broadcast D) Managing channel selection Answer: B Explanation: 802.1X provides port‑based network access control, requiring authentication (e.g., via EAP) before granting network connectivity. Question 39. Which Wi‑Fi frequency band offers the longest range but lower data rates? A) 2.4 GHz B) 5 GHz C) 6 GHz D) 60 GHz Answer: A Explanation: The 2.4 GHz band penetrates walls better and travels farther, but it provides lower throughput compared to higher‑frequency bands. Question 40. A rogue access point is best detected by: A) Monitoring DHCP lease tables for unknown MAC addresses B) Scanning for open ports on the internet C) Checking DNS query logs for unusual domains D) Reviewing firewall rule sets for outbound traffic Answer: A Explanation: Rogue APs often broadcast unauthorized MAC addresses; comparing observed MACs against authorized lists in DHCP or wireless controllers can reveal them.
Question 41. Which mobile communication technology is most vulnerable to “bluejacking” attacks? A) NFC B) Wi‑Fi Direct C) Bluetooth D) LTE Answer: C Explanation: Bluejacking exploits Bluetooth’s ability to send unsolicited messages to nearby devices that have Bluetooth enabled and discoverable. Question 42. Mobile Device Management (MDM) can enforce which of the following security controls? A) Physical lock of the building entrance B) Remote wipe of lost or stolen devices C) Encryption of network backbone routers D) Implementation of IDS signatures Answer: B Explanation: MDM solutions can remotely erase data on a device, mitigating data loss if the device is compromised or misplaced. Question 43. In a BYOD program, which approach best balances user privacy with corporate security? A) Installing a full‑disk encryption tool that the user cannot disable B) Using a containerized workspace that separates corporate data from personal apps C) Requiring users to share their personal passwords with IT D) Monitoring all personal app usage on the device Answer: B Explanation: Containerization creates a secure, isolated environment for corporate data, preserving user privacy for personal applications.
Question 47. In asymmetric cryptography, the public key is used to: A) Decrypt data encrypted with the private key B) Encrypt data that only the private key can decrypt C) Generate a hash of the plaintext D) Sign digital certificates Answer: B Explanation: The public key encrypts data; only the corresponding private key can decrypt it, ensuring confidentiality. Question 48. Which hash algorithm is considered insecure for new applications due to collision vulnerabilities? A) SHA‑ 256 B) SHA‑ 3 C) MD D) SHA‑ 512 Answer: C Explanation: MD5 is vulnerable to collision attacks where two different inputs produce the same hash, making it unsuitable for security‑critical purposes. Question 49. A digital certificate issued by a trusted Certificate Authority (CA) primarily provides which security service? A) Data compression B) Authentication of the certificate holder’s identity C) Network address translation D) Physical device shielding Answer: B Explanation: Certificates bind a public key to an entity’s verified identity, enabling authentication and trust in TLS/SSL sessions.
Question 50. Which PKI component is responsible for verifying certificate requests before they are signed? A) Certificate Authority (CA) B) Registration Authority (RA) C) Online Certificate Status Protocol (OCSP) responder D) Certificate Revocation List (CRL) publisher Answer: B Explanation: The RA validates the identity of a requester and approves the issuance of a certificate, acting as a front‑end to the CA. Question 51. Data‑at‑rest encryption primarily protects data against which threat? A) Eavesdropping on network traffic B) Unauthorized physical theft of storage media C) Man‑in‑the‑middle attacks D) DNS spoofing Answer: B Explanation: Encryption of data stored on disks or backups mitigates the risk if the media is stolen or improperly accessed. Question 52. Which backup strategy captures only the data that changed since the last full backup? A) Full backup B) Incremental backup C) Differential backup D) Mirror backup Answer: B Explanation: Incremental backups record changes since the most recent backup of any type, minimizing storage and time.
Question 56. Which cryptographic mode provides both confidentiality and integrity for data encryption? A) ECB (Electronic Codebook) B] CBC (Cipher Block Chaining) C) GCM (Galois/Counter Mode) D) OFB (Output Feedback) Answer: C Explanation: GCM combines encryption with a built-in authentication tag, delivering authenticated encryption. Question 57. Which of the following best describes a “sandbox” in a security context? A) A physical isolated network segment for critical servers B) A virtual environment used to execute untrusted code safely C) A list of approved software applications D) A type of firewall rule set Answer: B Explanation: Sandboxing runs potentially malicious code in a controlled, isolated environment to prevent impact on the host system. Question 58. In a secure software development lifecycle (SDLC), which phase includes threat modeling? A) Requirements gathering B) Design C) Implementation D) Maintenance Answer: B Explanation: Threat modeling is performed during the design phase to identify potential risks and incorporate mitigations early.
Question 59. Which type of attack exploits a weakness in the way a web application validates user input, allowing execution of arbitrary commands on the server? A) SQL injection B) Cross‑site scripting (XSS) C) Command injection D) Man‑in‑the‑middle (MITM) Answer: C Explanation: Command injection occurs when input is not properly sanitized, permitting attackers to inject system commands that the server executes. Question 60. Which of the following is a primary benefit of using a Next‑Generation Firewall (NGFW) over a traditional firewall? A) Ability to route OSPF traffic B) Deep packet inspection with application awareness and integrated IPS C) Automatic generation of DHCP leases D) Support for IPv4 only Answer: B Explanation: NGFWs combine traditional firewall capabilities with deep packet inspection, application control, and intrusion prevention. Question 61. Which authentication protocol uses a challenge‑response mechanism based on a shared secret and timestamps to prevent replay attacks? A) Kerberos B) NTLM C) RADIUS D) LDAP Answer: A Explanation: Kerberos issues time‑limited tickets after a client proves knowledge of a secret, mitigating replay attacks.