Home ExamRange Practice Tests

CND (312-38) Network Defense Simulation

Welcome to this technical scenario designed to test your understanding of foundational network defense methodologies. Analyze the infrastructure rollout below and identify the core strategy being applied.

Network Scenario

You are a Network Security Analyst tasked with securing a newly provisioned internal network segment intended for the Finance department (Subnet: 10.20.10.0/24). Before physically or logically routing traffic to this VLAN, you deploy a Next-Generation Firewall (NGFW) at the gateway.


You implement an implicit "Deny All" rule at the bottom of the ACL and configure explicit ingress rules permitting only essential encrypted traffic (TLS 1.3 over port 443) from authorized management subnets. This infrastructure change is completed before any hosts are migrated to the segment.

Traffic & Logs

Immediately after the routing is established and hosts are brought online, the firewall begins processing traffic. A baseline review of the logs shows the rules actively denying unapproved protocols:

[2023-11-04 08:14:22] ACTION: DROP | SRC: 10.10.50.23 (Guest_VLAN) | DST: 10.20.10.5 | PROTO: TCP | DPORT: 3389 (RDP) | RULE: Default_Deny_Inbound [2023-11-04 08:15:01] ACTION: ALLOW | SRC: 10.10.1.15 (IT_Mgmt) | DST: 10.20.10.5 | PROTO: TCP | DPORT: 443 (HTTPS) | RULE: Allow_IT_Mgmt_TLS [2023-11-04 08:22:15] ACTION: DROP | SRC: 192.168.1.100 (VPN) | DST: 10.20.10.10 | PROTO: UDP | DPORT: 161 (SNMP) | RULE: Default_Deny_Inbound

* The firewall is successfully filtering unauthorized internal traversal attempts before they reach the sensitive endpoints.

Question

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

Defender's Hint: Think about the timing of the control. Does a firewall wait for an attack to happen to respond, does it actively hunt for bad actors, or does it sit at the perimeter to stop unauthorized packets from entering in the first place?

Expert Analysis

1. What is happening in the network

The engineering team is establishing a secure boundary around a sensitive network segment (Finance). By placing an NGFW and utilizing a "Deny All" default stance, they are restricting traffic flow strictly to what is business-justified.


2. Identify behavior

This is the application of fundamental Access Control and Network Segmentation. The logs demonstrate the firewall functioning autonomously to drop unauthorized RDP and SNMP traffic based on predefined policies.


3. Why the correct answer is correct (D. Preventive approach)

In network defense, controls are categorized by their function. A Preventive control is designed to stop a vulnerability from being exploited or an attack from succeeding. Because the firewall blocks unauthorized packets before they reach the target, it prevents the potential compromise.


4. Why the others are wrong

5. Defensive Action

Deploy stateful inspection or Next-Generation Firewalls at all logical network boundaries. Enforce the principle of least privilege using strict ingress/egress filtering and default-deny ACLs.


MINI LESSON: Security Control Types

A mature defense-in-depth architecture utilizes a mix of control types:

  • Preventive: Firewalls, IPS, Encryption, MFA. (Stops the attack).
  • Detective: IDS, SIEM, Honeypots, Log Analysis. (Identifies the attack).
  • Corrective: Backups, Patching, Auto-isolation. (Fixes the damage/stops the spread).
  • Deterrent: Warning banners, visible cameras. (Discourages the attacker).

Enhance Your Defense-In-Depth Knowledge

Master the tools, protocols, and methodologies required to defend modern enterprise networks.

Explore more CND simulations