CNDA Cheat Sheet 2026
The 30 highest-yield CNDA facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
100 questions
240 min time limit
70.00% to pass
- Which VPN deployment concern is addressed by using multi-factor authentication (MFA) at the VPN gateway? → Credential theft or stolen VPN credentials enabling unauthorized access
- What is the purpose of a 'stateful failover' configuration in a firewall cluster? → To replicate connection state tables so sessions survive a failover without dropping
- What distinguishes a next-generation firewall (NGFW) from a traditional stateful firewall? → NGFW adds application-layer inspection, user identity awareness, and integrated IPS
- In a zero-trust architecture, what is the guiding principle for granting network access? → Never trust, always verify regardless of location
- What is a 'playbook' in the context of incident response? → A documented, step-by-step procedure for responding to a specific type of incident
- A CNDA wants to protect against unauthorized wireless access points. Which control is MOST appropriate? → Deploying a wireless intrusion prevention system (WIPS)
- A CNDA is designing a DMZ. Which traffic flow is considered best practice? → Internet → Firewall → DMZ → Firewall → Internal
- Which fundamental cryptographic weakness made WEP completely broken and unsuitable for use? → Short 24-bit Initialization Vector reuse with RC4
- Which firewall type inspects the full context of a TCP session rather than individual packets? → Stateful inspection firewall
- A wireless IDS (WIDS) has flagged a large number of deauthentication frames targeting all clients on an AP. What is the most likely intent of this activity? → Forcing clients to reassociate to capture the 4-way WPA2 handshake
- Which vulnerability management concept involves knowing exactly what software is running in your environment? → Asset inventory and Software Bill of Materials (SBOM)
- Under HIPAA, what category of information must healthcare organizations protect? → Protected Health Information (PHI) that identifies individuals
- During containment of a network intrusion, which action BEST preserves evidence while limiting damage? → Isolate the system on a quarantine network while capturing memory and disk images
- Which IDS/IPS detection method identifies attacks by comparing traffic to known bad patterns? → Signature-based detection
- WPS PIN authentication was deprecated primarily because of which vulnerability? → PINs could be brute-forced in under 11,000 attempts due to split-PIN validation
- What does CVSS (Common Vulnerability Scoring System) measure? → The severity and characteristics of a software vulnerability on a 0-10 scale
- A CNDA is evaluating VPN protocols. Which modern protocol is known for minimal codebase, high performance, and use of state-of-the-art cryptography? → WireGuard
- What is the role of IKE (Internet Key Exchange) in an IPsec VPN? → To negotiate and establish the Security Associations (SAs) and exchange keys
- A WIDS alert indicates 'beacon flooding' on the wireless network. What is the primary impact of this attack? → Denial of service by overwhelming client scanning queues with thousands of fake SSIDs
- In a wireless enterprise environment, 802.1X authentication relies on which three-party model? → Supplicant, Authenticator, Authentication Server
- Which encryption protocol replaced TKIP in WPA2 and provides stronger confidentiality through AES in counter mode? → CCMP (Counter Mode CBC-MAC Protocol)
- A network architect wants to prevent lateral movement after a breach. Which technique is MOST effective? → Implementing micro-segmentation with strict ACLs
- What is an attack surface reduction strategy that a CNDA would implement to minimize vulnerability exposure? → Disabling unnecessary services, ports, and protocols across all systems
- In network architecture, what does 'East-West traffic' refer to? → Traffic between servers within the same data center or cloud environment
- Which log source is MOST valuable for detecting privilege escalation on a Windows system? → Windows Security Event Log (Event ID 4672 - Special Privileges Assigned)
- Which symmetric encryption algorithm is recommended for IPsec VPN in modern CNDA implementations due to its security and performance? → AES-256
- A network architect wants to isolate guest Wi-Fi users from the corporate LAN. Which design approach is most effective? → Assign guest users to a separate VLAN with ACLs blocking internal subnets
- Which vulnerability management practice involves grouping systems by criticality and applying different patching SLAs to each group? → Risk-based patch prioritization
- Which of the following BEST describes a software-defined perimeter (SDP)? → A dynamic, identity-based access control that hides resources until authenticated
- What does the concept of 'network resilience' mean in the context of CNDA? → The capacity to withstand and recover from disruptions while maintaining security
Turn these facts into recall: