Network Defense Essentials NDE Ultimate Exam, Exams of Technology

The Network Defense Essentials NDE Ultimate Exam focuses on cybersecurity fundamentals related to network defense. Topics include threat detection, firewalls, intrusion prevention systems, and security best practices. This exam helps candidates develop skills needed to protect network environments.

Typology: Exams

2025/2026

Available from 04/25/2026

nicky-jone
nicky-jone 🇮🇳

2.9

(43)

28K documents

1 / 86

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Defense Essentials NDE Ultimate
Exam
**Question 1.** Which of the following best describes the primary goal of the confidentiality principle in
network defense?
A) Ensuring systems are always operational
B) Preventing unauthorized disclosure of information
C) Detecting intrusions in real time
D) Verifying the identity of users
Answer: B
Explanation: Confidentiality focuses on protecting data from being accessed by unauthorized parties,
ensuring that only those with proper clearance can view the information.
**Question 2.** In the CIA triad, the “integrity” component primarily protects against which of the
following threats?
A) Data loss due to hardware failure
B) Unauthorized modification of data
C) Denial of service attacks
D) Eavesdropping on network traffic
Answer: B
Explanation: Integrity ensures that data remains accurate and unaltered unless changes are authorized
and properly logged.
**Question 3.** Which of the following challenges is most commonly associated with maintaining
availability in modern cloud environments?
A) Key management complexity
B) Scaling resources to meet demand spikes
C) Lack of encryption standards
D) Physical theft of servers
Answer: B
Explanation: Cloud services must dynamically allocate resources to handle variable workloads; failure to
scale can lead to downtime, affecting availability.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56

Partial preview of the text

Download Network Defense Essentials NDE Ultimate Exam and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which of the following best describes the primary goal of the confidentiality principle in network defense? A) Ensuring systems are always operational B) Preventing unauthorized disclosure of information C) Detecting intrusions in real time D) Verifying the identity of users Answer: B Explanation: Confidentiality focuses on protecting data from being accessed by unauthorized parties, ensuring that only those with proper clearance can view the information. Question 2. In the CIA triad, the “integrity” component primarily protects against which of the following threats? A) Data loss due to hardware failure B) Unauthorized modification of data C) Denial of service attacks D) Eavesdropping on network traffic Answer: B Explanation: Integrity ensures that data remains accurate and unaltered unless changes are authorized and properly logged. Question 3. Which of the following challenges is most commonly associated with maintaining availability in modern cloud environments? A) Key management complexity B) Scaling resources to meet demand spikes C) Lack of encryption standards D) Physical theft of servers Answer: B Explanation: Cloud services must dynamically allocate resources to handle variable workloads; failure to scale can lead to downtime, affecting availability.

Exam

Question 4. The NIST Cybersecurity Framework is an example of which type of security framework? A) Regulatory compliance framework B) Risk management framework C) Information assurance framework D) Incident response framework Answer: C Explanation: NIST’s framework provides guidelines for protecting information assets and is widely used as an IA (Information Assurance) reference. Question 5. Which administrative control would most effectively reduce the risk of social engineering attacks? A) Installing a hardware firewall B) Conducting periodic security awareness training C) Implementing VLAN segmentation D) Deploying an intrusion prevention system Answer: B Explanation: Security awareness training educates employees on recognizing and responding to social engineering attempts, thereby reducing risk. Question 6. Which of the following is a physical security control? A) Role‑Based Access Control (RBAC) B) Biometric authentication C) Security guard patrols D) Encryption of data at rest Answer: C Explanation: Physical controls involve tangible measures such as security personnel, locks, and barriers to protect assets. Question 7. Which protocol provides secure remote command‑line access to a network device?

Exam

A) Individual users directly B) Groups of users based on job function C) All users by default D) Devices rather than users Answer: B Explanation: RBAC assigns permissions to roles (e.g., “Network Engineer”), and users acquire those permissions by being assigned the role. Question 11. Which IAM process ensures that a user’s access rights are removed promptly when they leave the organization? A) Provisioning B) Authentication C) De‑provisioning D) Authorization Answer: C Explanation: De‑provisioning revokes access and disables accounts when an employee departs, reducing insider threat risk. Question 12. Multi‑Factor Authentication (MFA) typically requires which combination of factors? A) Two passwords B) Something you know and something you have C) Two biometric scans D) Username and password only Answer: B Explanation: MFA combines at least two categories: knowledge (password), possession (token), or inherence (biometrics) to strengthen authentication. Question 13. Which technology allows a user to log in once and gain access to multiple applications without re‑entering credentials?

Exam

A) LDAP

B) SSO (Single Sign‑On) C) RADIUS D) TACACS+ Answer: B Explanation: SSO authenticates the user a single time and then provides a token or ticket for subsequent access to other services. Question 14. The principle of “least privilege” primarily applies to which security function? A) Encryption algorithm selection B) Access control and authorization C) Physical barrier design D) Network bandwidth allocation Answer: B Explanation: Least privilege ensures users receive only the permissions necessary to perform their duties, minimizing potential misuse. Question 15. Which of the following is a regulatory framework that mandates protection of personal data of EU citizens? A) HIPAA B) PCI‑DSS C) GDPR D) SOX Answer: C Explanation: The General Data Protection Regulation (GDPR) sets strict rules for handling personal data of individuals in the European Union. Question 16. Under HIPAA, which of the following is considered a “covered entity”? A) A cloud service provider hosting medical records

Exam

B) Security fence with anti‑climb features C) Network segmentation D) Data loss prevention software Answer: B Explanation: A sturdy fence with anti‑climb measures is a physical barrier that deters and delays unauthorized physical access. Question 20. A “man‑trap” is an example of which type of physical security control? A) Environmental control B) Technical control C) Administrative control D) Access control device Answer: D Explanation: A man‑trap restricts passage to one person at a time, verifying credentials before allowing entry, thus serving as an access control mechanism. Question 21. Which environmental control protects server rooms from overheating? A) Fire suppression system B) UPS (Uninterruptible Power Supply) C) HVAC (Heating, Ventilation, and Air Conditioning) D) CCTV monitoring Answer: C Explanation: HVAC systems regulate temperature and humidity, preventing equipment failure due to heat. Question 22. What is the primary purpose of a UPS in a data center? A) To filter network traffic B) To provide temporary power during outages C) To encrypt data at rest

Exam

D) To monitor user activity logs Answer: B Explanation: An Uninterruptible Power Supply supplies backup power, allowing graceful shutdown or continuation of operations during power loss. Question 23. Which network segmentation technique uses logical separation at Layer 2? A) Physical cabling separation B) VLANs (Virtual LANs) C) Subnetting with different IP ranges D) Application‑level firewalls Answer: B Explanation: VLANs tag frames with a VLAN ID, creating separate broadcast domains within the same physical switch infrastructure. Question 24. A /24 subnet mask provides how many usable host IP addresses? A) 254 B) 256 C) 255 D) 252 Answer: A Explanation: A /24 subnet has 256 total addresses; subtracting network and broadcast addresses leaves 254 usable host addresses. Question 25. Which firewall type inspects the state of active connections and makes decisions based on session context? A) Packet‑filtering firewall B) Stateful inspection firewall C) Proxy (application‑level) firewall D) Next‑Generation Firewall (NGFW)

Exam

Explanation: Anomaly‑based detection flags traffic that differs from established normal patterns, catching unknown attacks. Question 29. A honeypot is primarily used to: A) Accelerate network throughput B) Store encrypted backups C) Attract and study attacker behavior D) Provide load balancing for web servers Answer: C Explanation: Honeypots simulate vulnerable systems to lure attackers, allowing defenders to observe tactics without risking production assets. Question 30. Which proxy type operates at the application layer and can cache web content for faster retrieval? A) Transparent proxy B) Reverse proxy C) Forward proxy D) SOCKS proxy Answer: B Explanation: A reverse proxy sits in front of web servers, handling client requests, caching content, and providing load balancing and security functions. Question 31. Which VPN protocol uses IPSec for encryption and is commonly employed for site‑to‑site connections? A) PPTP B) L2TP/IPSec C) SSL/TLS VPN D) GRE Answer: B

Exam

Explanation: L2TP combined with IPSec provides strong encryption and is widely used for secure tunnel creation between sites. Question 32. SIEM systems primarily provide which capability? A) Packet forwarding B) Real‑time log aggregation, correlation, and alerting C) Physical access control D) Endpoint malware scanning Answer: B Explanation: Security Information and Event Management (SIEM) collects logs from multiple sources, correlates events, and generates alerts for potential incidents. Question 33. In virtualization, the hypervisor’s main security responsibility is to: A) Encrypt all VM traffic automatically B) Isolate VMs from each other and the host OS C) Provide DNS services to VMs D) Manage user passwords for VMs Answer: B Explanation: The hypervisor enforces isolation, ensuring that one VM cannot interfere with another or the underlying host. Question 34. Which cloud service model delivers a complete application over the internet, requiring minimal client‑side management? A) IaaS (Infrastructure as a Service) B) PaaS (Platform as a Service) C) SaaS (Software as a Service) D) DaaS (Desktop as a Service) Answer: C

Exam

Explanation: WPA introduced TKIP, which dynamically generates keys for each packet, improving over the static key of WEP. Question 38. The 802.1X standard is primarily used for which wireless security function? A) Encrypting data frames B) Authenticating users or devices before network access C) Hiding SSID broadcast D) Managing channel selection Answer: B Explanation: 802.1X provides port‑based network access control, requiring authentication (e.g., via EAP) before granting network connectivity. Question 39. Which Wi‑Fi frequency band offers the longest range but lower data rates? A) 2.4 GHz B) 5 GHz C) 6 GHz D) 60 GHz Answer: A Explanation: The 2.4 GHz band penetrates walls better and travels farther, but it provides lower throughput compared to higher‑frequency bands. Question 40. A rogue access point is best detected by: A) Monitoring DHCP lease tables for unknown MAC addresses B) Scanning for open ports on the internet C) Checking DNS query logs for unusual domains D) Reviewing firewall rule sets for outbound traffic Answer: A Explanation: Rogue APs often broadcast unauthorized MAC addresses; comparing observed MACs against authorized lists in DHCP or wireless controllers can reveal them.

Exam

Question 41. Which mobile communication technology is most vulnerable to “bluejacking” attacks? A) NFC B) Wi‑Fi Direct C) Bluetooth D) LTE Answer: C Explanation: Bluejacking exploits Bluetooth’s ability to send unsolicited messages to nearby devices that have Bluetooth enabled and discoverable. Question 42. Mobile Device Management (MDM) can enforce which of the following security controls? A) Physical lock of the building entrance B) Remote wipe of lost or stolen devices C) Encryption of network backbone routers D) Implementation of IDS signatures Answer: B Explanation: MDM solutions can remotely erase data on a device, mitigating data loss if the device is compromised or misplaced. Question 43. In a BYOD program, which approach best balances user privacy with corporate security? A) Installing a full‑disk encryption tool that the user cannot disable B) Using a containerized workspace that separates corporate data from personal apps C) Requiring users to share their personal passwords with IT D) Monitoring all personal app usage on the device Answer: B Explanation: Containerization creates a secure, isolated environment for corporate data, preserving user privacy for personal applications.

Exam

Question 47. In asymmetric cryptography, the public key is used to: A) Decrypt data encrypted with the private key B) Encrypt data that only the private key can decrypt C) Generate a hash of the plaintext D) Sign digital certificates Answer: B Explanation: The public key encrypts data; only the corresponding private key can decrypt it, ensuring confidentiality. Question 48. Which hash algorithm is considered insecure for new applications due to collision vulnerabilities? A) SHA‑ 256 B) SHA‑ 3 C) MD D) SHA‑ 512 Answer: C Explanation: MD5 is vulnerable to collision attacks where two different inputs produce the same hash, making it unsuitable for security‑critical purposes. Question 49. A digital certificate issued by a trusted Certificate Authority (CA) primarily provides which security service? A) Data compression B) Authentication of the certificate holder’s identity C) Network address translation D) Physical device shielding Answer: B Explanation: Certificates bind a public key to an entity’s verified identity, enabling authentication and trust in TLS/SSL sessions.

Exam

Question 50. Which PKI component is responsible for verifying certificate requests before they are signed? A) Certificate Authority (CA) B) Registration Authority (RA) C) Online Certificate Status Protocol (OCSP) responder D) Certificate Revocation List (CRL) publisher Answer: B Explanation: The RA validates the identity of a requester and approves the issuance of a certificate, acting as a front‑end to the CA. Question 51. Data‑at‑rest encryption primarily protects data against which threat? A) Eavesdropping on network traffic B) Unauthorized physical theft of storage media C) Man‑in‑the‑middle attacks D) DNS spoofing Answer: B Explanation: Encryption of data stored on disks or backups mitigates the risk if the media is stolen or improperly accessed. Question 52. Which backup strategy captures only the data that changed since the last full backup? A) Full backup B) Incremental backup C) Differential backup D) Mirror backup Answer: B Explanation: Incremental backups record changes since the most recent backup of any type, minimizing storage and time.

Exam

Question 56. Which cryptographic mode provides both confidentiality and integrity for data encryption? A) ECB (Electronic Codebook) B] CBC (Cipher Block Chaining) C) GCM (Galois/Counter Mode) D) OFB (Output Feedback) Answer: C Explanation: GCM combines encryption with a built-in authentication tag, delivering authenticated encryption. Question 57. Which of the following best describes a “sandbox” in a security context? A) A physical isolated network segment for critical servers B) A virtual environment used to execute untrusted code safely C) A list of approved software applications D) A type of firewall rule set Answer: B Explanation: Sandboxing runs potentially malicious code in a controlled, isolated environment to prevent impact on the host system. Question 58. In a secure software development lifecycle (SDLC), which phase includes threat modeling? A) Requirements gathering B) Design C) Implementation D) Maintenance Answer: B Explanation: Threat modeling is performed during the design phase to identify potential risks and incorporate mitigations early.

Exam

Question 59. Which type of attack exploits a weakness in the way a web application validates user input, allowing execution of arbitrary commands on the server? A) SQL injection B) Cross‑site scripting (XSS) C) Command injection D) Man‑in‑the‑middle (MITM) Answer: C Explanation: Command injection occurs when input is not properly sanitized, permitting attackers to inject system commands that the server executes. Question 60. Which of the following is a primary benefit of using a Next‑Generation Firewall (NGFW) over a traditional firewall? A) Ability to route OSPF traffic B) Deep packet inspection with application awareness and integrated IPS C) Automatic generation of DHCP leases D) Support for IPv4 only Answer: B Explanation: NGFWs combine traditional firewall capabilities with deep packet inspection, application control, and intrusion prevention. Question 61. Which authentication protocol uses a challenge‑response mechanism based on a shared secret and timestamps to prevent replay attacks? A) Kerberos B) NTLM C) RADIUS D) LDAP Answer: A Explanation: Kerberos issues time‑limited tickets after a client proves knowledge of a secret, mitigating replay attacks.