CNDA: Certified Network Defense Architect Sample Questions

Certified Network Defense Architect (CNDA) Sample Questions

Question 1 – A distributed multi-access network that combines a dual bus and distributed queuing to support integrated communications is known as which of the following?

A. Logical Link Control
B. Token Ring network
C. Distributed-queue dual-bus
D. CSMA/CA

Correct Answer: C

Question 2 – In which of the following architectures are tasks or workloads distributed between service providers and requesters?

A. Client-server computing
B. Peer-to-peer (P2P) computing
C. Client-server networking
D. Peer-to-peer networking

Correct Answer: AC

Question 3 – A multi-threaded and multi-connection toolkit for network configuration and information sharing, ______________________ is extremely fast and efficient.

Correct Answer: NetRanger

Explanation:

With NetRanger, you have the complete network configuration and information toolkit including Ping tool, Trace Route tool, Host Lookup tool, Internet time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool, manage dialup connections tool, and much more.

Question 4 – Devices for recognizing humans based on their physical or behavioral characteristics can be classified as _______________ devices.

Correct Answer: biometric

Explanation: Identification and access control are carried out by biometrics, as well as identification of individuals under surveillance. Its characteristics can be divided into two main classes:

Physiological: related to the shape of the body.
Behavioral: related to the behavior of a person.

Question 5 – In order to trace specific transactions over a network, which system analyzes the network traffic and can intercept and log data passing through it?

A. Wireless sniffer
B. Spectrum analyzer
C. Protocol analyzer
D. Performance Monitor

Correct Answer: AC

Explanation: Computer software or hardware that intercepts and logs information passing over a network (also known as a Protocol analyzer, packet analyzer, sniffer, or for network types, Ethernet sniffer and wireless sniffer) is known as a Protocol analyzer. Sniffer captures data streams across the network and, if necessary, decodes and analyzes their content in accordance with RFCs or other specifications.

Question 6 – Under which condition does the system enter ROM monitor mode?

A. The router does not have a configuration file.
B. There is a need to set operating parameters.
C. The user interrupts the boot sequence.
D. The router does not find a valid operating system image.

Correct Answer: DC

Explanation: In the event that the router cannot locate a valid operating system image, or if a user interrupts the boot process, ROM monitor mode is entered. A user can boot the device or perform diagnostic tests, from ROM monitor mode.

Question 7 – In a network of autonomous systems, which protocol is used to exchange routing information between two gateways?

A. IGMP
B. ICMP
C. EGP
D. OSPF

Correct Answer: C

Explanation: In this protocol, routing information is exchanged using the Exterior Gateway Protocol between two gateways in a network of autonomous systems. Periodic polling, accompanied by proper acknowledgments, is required to verify that network connections are operational and to request routing updates. At intervals ranging from 120 to 480 seconds, each router requests its neighbor to update its routing table. After receiving the neighbor’s routing table, the neighbor responds. EGP-2 is the latest version of EGP.

Question 8 – What is the 16-bit field associated with the source port number of the application program on the host sending the segment?

A. Sequence Number
B. Header Length
C. Acknowledgment Number
D. Source Port Address

Correct Answer: D

Explanation: The Source Port Address identifies the 16-bit source port number for the application program on the host that is sending the segment.

Question 9 – The majority of ______________________ attacks are carried out by remote attackers who attempt to gain access to a network that they are not authorized to access.

Correct Answer: Network reconnaissance

Explanation: Remote attackers engage in network reconnaissance to gain access or information about a network that they are not authorized or permitted to access.

Question 10 – Using TCP, SNA/NetBIOS traffic is transported between workstations and routers using the _____________.

Correct Answer: DCAP

Explanation: In order to address some deficiencies in the Data Link Switching Protocol (DLSw), the Data Link Switching Client Access Protocol (DCAP) was introduced. Due to the DLSw’s switch-to-switch nature, it cannot be implemented efficiently on the workstation due to issues related to scalability and efficiency.

Question 11 – Using his expertise as an ethical hacker, John has been assigned to test the security of www.we-are-secure.com. A tool is being used to crack wireless encryption keys, with the following description:

“This Linux-based tool extracts encryption keys and monitors transmissions passively, allowing it to crack WEP encryption. The WEP keys are decrypted using Ciphertext Only Attack, which captures approximately five to ten million packets.”

Which of the given tools is John using for cracking the wireless encryption keys?

A. PsPasswd
B. Kismet
C. AirSnort
D. Cain

Correct Answer: C

Question 12 – In what type of process does a problem get detected, the cause is found, damages are minimized, the problem is resolved, and each step of the response is documented for future reference?

A. Incident response
B. Incident handling
C. Incident management
D. Incident planning

Correct Answer: A

Question 13 – By monitoring environmental changes associated with combustion, which of the following can detect an unwanted fire presence?

A. Fire sprinkler
B. Fire suppression system
C. Fire alarm system
D. Gaseous fire suppression

Correct Answer: C

Question 14 – Rather than monitoring and analyzing network packets on the external interfaces of a computing system, which intrusion detection system monitors and analyzes its internals?

A. IPS
B. HIDS
C. DMZ
D. NIDS

Correct Answer: B

Question 15 – In which of the following types of VPNs does the Internet serve as its main backbone, allowing users, customers, and branch offices to access corporate network resources regardless of the network architecture used?

A. PPTP VPN
B. Remote access VPN
C. Extranet-based VPN
D. Intranet-based VPN

Correct Answer: C

Question 16 – An OSI application service that is “streamlined” on top of TCP/IP-based networks for constrained environments is described by which of the following protocols?

A. Network News Transfer Protocol
B. Lightweight Presentation Protocol
C. Internet Relay Chat Protocol
D. Dynamic Host Configuration Protocol

Correct Answer: B

Question 17 – As an administrator for a network at an investment bank, you are worried about individuals gaining access to the network and stealing data before you can detect their presence and shut them down. Which is the best way to address this issue?

A. Implement a strong password policy.
B. Implement a strong firewall.
C. Implement a honeypot.
D. Implement network-based antivirus.

Correct Answer: C

Question 18 – How does mass e-mailing, often with commercial content, occur when unwanted emails are sent to indiscriminate recipients in large quantities?

A. E-mail spam
B. Junk mail
C. Email spoofing
D. Email jamming

Correct Answer: AB

Question 19 – The ____________________ risk analysis evaluates the impact of an event on a company in order to derive a numerical value.

Correct Answer: quantitative

Explanation: Generally, quantitative risk analysis involves measuring the probability of achieving particular project objectives, quantifying the effects of risks on the whole project objective, and prioritizing risks based on their impact on the overall project risk. An analysis of quantitative risk involves calculating a numerical value for every risk event, as well as presenting a numerical approach to build decisions in the face of uncertainty.

Question 20 – Which tool runs on the Windows OS and analyzes iptables log messages for detecting port scans and other suspicious traffic?

A. Nmap
B. Hping
C. NetRanger
D. PSAD

Correct Answer: D

CNDA: Certified Network Defense Architect Sample Questions

Question 1 – A distributed multi-access network that combines a dual bus and distributed queuing to support integrated communications is known as which of the following?

Question 2 – In which of the following architectures are tasks or workloads distributed between service providers and requesters?

Question 3 – A multi-threaded and multi-connection toolkit for network configuration and information sharing, ______________________ is extremely fast and efficient.

Question 4 – Devices for recognizing humans based on their physical or behavioral characteristics can be classified as _______________ devices.

Question 5 – In order to trace specific transactions over a network, which system analyzes the network traffic and can intercept and log data passing through it?

Question 6 – Under which condition does the system enter ROM monitor mode?

Question 7 – In a network of autonomous systems, which protocol is used to exchange routing information between two gateways?

Question 8 – What is the 16-bit field associated with the source port number of the application program on the host sending the segment?

Question 9 – The majority of ______________________ attacks are carried out by remote attackers who attempt to gain access to a network that they are not authorized to access.

Question 10 – Using TCP, SNA/NetBIOS traffic is transported between workstations and routers using the _____________.

Question 11 – Using his expertise as an ethical hacker, John has been assigned to test the security of www.we-are-secure.com. A tool is being used to crack wireless encryption keys, with the following description:

“This Linux-based tool extracts encryption keys and monitors transmissions passively, allowing it to crack WEP encryption. The WEP keys are decrypted using Ciphertext Only Attack, which captures approximately five to ten million packets.”

Which of the given tools is John using for cracking the wireless encryption keys?

Question 12 – In what type of process does a problem get detected, the cause is found, damages are minimized, the problem is resolved, and each step of the response is documented for future reference?

Question 13 – By monitoring environmental changes associated with combustion, which of the following can detect an unwanted fire presence?

Question 14 – Rather than monitoring and analyzing network packets on the external interfaces of a computing system, which intrusion detection system monitors and analyzes its internals?

Question 15 – In which of the following types of VPNs does the Internet serve as its main backbone, allowing users, customers, and branch offices to access corporate network resources regardless of the network architecture used?

Question 16 – An OSI application service that is “streamlined” on top of TCP/IP-based networks for constrained environments is described by which of the following protocols?

Question 17 – As an administrator for a network at an investment bank, you are worried about individuals gaining access to the network and stealing data before you can detect their presence and shut them down. Which is the best way to address this issue?

Question 18 – How does mass e-mailing, often with commercial content, occur when unwanted emails are sent to indiscriminate recipients in large quantities?

Question 19 – The ____________________ risk analysis evaluates the impact of an event on a company in order to derive a numerical value.

Question 20 – Which tool runs on the Windows OS and analyzes iptables log messages for detecting port scans and other suspicious traffic?

Prepare for Assured Success