Certified Network Defense Architect (CNDA) Certification Exam Practice Test Questions And Correct Answers (Verified Answers) Plus Rationales 2026 Q&A | Instant Download Pdf
- Which of the following best defines a network defense architecture?
- The process of configuring firewalls
- The structured design of security controls to protect network
- The use of VPNs for remote access
- A single point of defense for network security
assets
Rationale: A network defense architecture integrates layered security
controls to protect data, applications, and infrastructure from attacks.
- What is the main purpose of defense-in-depth?
- To reduce system complexity
- To provide multiple layers of security to mitigate risk 1 / 4
- To simplify security management
- To eliminate the need for network monitoring
Rationale: Defense-in-depth ensures that if one security layer fails,
others continue to provide protection.
- In a Zero Trust Architecture, what is assumed about users and
- All are trusted after authentication
- None are trusted by default, even if inside the network
- All are trusted inside the corporate perimeter
- Trust is based on network location only
devices?
Rationale: Zero Trust assumes no inherent trust and continuously
verifies all connections.
- What is the primary purpose of network segmentation?
- Increase bandwidth
- Simplify routing
- Limit lateral movement of threats
- Enhance wireless access
Rationale: Segmentation isolates network zones, reducing the spread
of breaches.
- Which of the following is most effective in preventing ARP spoofing?
A. IDS
B. IPS
- Dynamic ARP Inspection (DAI) 2 / 4
- Port Mirroring
Rationale: Dynamic ARP Inspection validates ARP packets to prevent
spoofing.
- Which device inspects traffic at Layer 7 of the OSI model?
- Router
- Switch
- Next-Generation Firewall (NGFW)
- Load Balancer
Rationale: NGFWs analyze application-level traffic, providing deeper
inspection and control.
- Which protocol is primarily used for encrypting data in transit over
web traffic?
A. FTP
B. TLS
C. SMTP
D. SNMP
Rationale: TLS (Transport Layer Security) ensures confidentiality and
integrity of web communications.
- What does an Intrusion Prevention System (IPS) do that an Intrusion
- Detects anomalies
- Automatically blocks malicious activity
- Sends alerts 3 / 4
Detection System (IDS) does not?
- Monitors network logs
Rationale: An IPS actively prevents threats by blocking or dropping
malicious packets.
- What is a honeypot used for in a network defense strategy?
- Encrypting data
- Attracting attackers to study their behavior
- Speeding up network traffic
- Reducing bandwidth usage
Rationale: Honeypots lure attackers to controlled environments for
analysis.
- What does SIEM stand for?
- Security Internet Event Management
- Secure Information Event Management
- Security Information and Event Management
- System Integrity and Event Monitoring
Rationale: SIEM combines security event monitoring and information
management for correlation and analysis.
- Which of the following is an example of a network-based attack?
- SQL Injection
- DDoS
- Password Brute-Force
- Keylogging
- / 4