CNDA Cheat Sheet 2026

The 30 highest-yield CNDA facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

100 questions
240 min time limit
70.00% to pass
  1. Which VPN deployment concern is addressed by using multi-factor authentication (MFA) at the VPN gateway? Credential theft or stolen VPN credentials enabling unauthorized access
  2. What is the purpose of a 'stateful failover' configuration in a firewall cluster? To replicate connection state tables so sessions survive a failover without dropping
  3. What distinguishes a next-generation firewall (NGFW) from a traditional stateful firewall? NGFW adds application-layer inspection, user identity awareness, and integrated IPS
  4. In a zero-trust architecture, what is the guiding principle for granting network access? Never trust, always verify regardless of location
  5. What is a 'playbook' in the context of incident response? A documented, step-by-step procedure for responding to a specific type of incident
  6. A CNDA wants to protect against unauthorized wireless access points. Which control is MOST appropriate? Deploying a wireless intrusion prevention system (WIPS)
  7. A CNDA is designing a DMZ. Which traffic flow is considered best practice? Internet → Firewall → DMZ → Firewall → Internal
  8. Which fundamental cryptographic weakness made WEP completely broken and unsuitable for use? Short 24-bit Initialization Vector reuse with RC4
  9. Which firewall type inspects the full context of a TCP session rather than individual packets? Stateful inspection firewall
  10. A wireless IDS (WIDS) has flagged a large number of deauthentication frames targeting all clients on an AP. What is the most likely intent of this activity? Forcing clients to reassociate to capture the 4-way WPA2 handshake
  11. Which vulnerability management concept involves knowing exactly what software is running in your environment? Asset inventory and Software Bill of Materials (SBOM)
  12. Under HIPAA, what category of information must healthcare organizations protect? Protected Health Information (PHI) that identifies individuals
  13. During containment of a network intrusion, which action BEST preserves evidence while limiting damage? Isolate the system on a quarantine network while capturing memory and disk images
  14. Which IDS/IPS detection method identifies attacks by comparing traffic to known bad patterns? Signature-based detection
  15. WPS PIN authentication was deprecated primarily because of which vulnerability? PINs could be brute-forced in under 11,000 attempts due to split-PIN validation
  16. What does CVSS (Common Vulnerability Scoring System) measure? The severity and characteristics of a software vulnerability on a 0-10 scale
  17. A CNDA is evaluating VPN protocols. Which modern protocol is known for minimal codebase, high performance, and use of state-of-the-art cryptography? WireGuard
  18. What is the role of IKE (Internet Key Exchange) in an IPsec VPN? To negotiate and establish the Security Associations (SAs) and exchange keys
  19. A WIDS alert indicates 'beacon flooding' on the wireless network. What is the primary impact of this attack? Denial of service by overwhelming client scanning queues with thousands of fake SSIDs
  20. In a wireless enterprise environment, 802.1X authentication relies on which three-party model? Supplicant, Authenticator, Authentication Server
  21. Which encryption protocol replaced TKIP in WPA2 and provides stronger confidentiality through AES in counter mode? CCMP (Counter Mode CBC-MAC Protocol)
  22. A network architect wants to prevent lateral movement after a breach. Which technique is MOST effective? Implementing micro-segmentation with strict ACLs
  23. What is an attack surface reduction strategy that a CNDA would implement to minimize vulnerability exposure? Disabling unnecessary services, ports, and protocols across all systems
  24. In network architecture, what does 'East-West traffic' refer to? Traffic between servers within the same data center or cloud environment
  25. Which log source is MOST valuable for detecting privilege escalation on a Windows system? Windows Security Event Log (Event ID 4672 - Special Privileges Assigned)
  26. Which symmetric encryption algorithm is recommended for IPsec VPN in modern CNDA implementations due to its security and performance? AES-256
  27. A network architect wants to isolate guest Wi-Fi users from the corporate LAN. Which design approach is most effective? Assign guest users to a separate VLAN with ACLs blocking internal subnets
  28. Which vulnerability management practice involves grouping systems by criticality and applying different patching SLAs to each group? Risk-based patch prioritization
  29. Which of the following BEST describes a software-defined perimeter (SDP)? A dynamic, identity-based access control that hides resources until authenticated
  30. What does the concept of 'network resilience' mean in the context of CNDA? The capacity to withstand and recover from disruptions while maintaining security
Turn these facts into recall: