ExamRange
Home ExamRange Practice Tests

CND (312-38) Network Defense Simulation

This module evaluates your understanding of risk analysis methodologies in the context of network security planning. You will learn how defenders categorize and calculate risk to justify the implementation of network security controls like load balancers and DDoS mitigation services.

Network Scenario

You are a Network Security Analyst for a large e-commerce platform. Over the past 48 hours, the network edge router has dropped multiple bursts of UDP and SYN packets originating from diverse IP ranges. While the current edge firewall has handled the anomalous traffic, the security team fears a massive volumetric DDoS attack is imminent.

Before purchasing an expensive cloud-based DDoS scrubbing service, the Chief Information Security Officer (CISO) requires a formal risk assessment. The team is currently analyzing historical revenue data and calculating the Single Loss Expectancy (SLE) and Annualized Rate of Occurrence (ARO) to determine the exact financial impact of a 4-hour network outage.

Traffic & Logs

Excerpt from the Risk Assessment Calculation Worksheet (Asset Valuation):

[ASSET VALUATION - WEB CLUSTER 01] Asset: E-commerce Frontend Servers (IP: 10.0.5.10 - 10.0.5.20) Revenue Generation: $25,000 / hour Estimated Attack Duration (Historical Average): 4 hours Exposure Factor (EF): 100% (Total service unavailability) [RISK CALCULATION - DDoS Threat] Single Loss Expectancy (SLE): Asset Value x EF = $100,000 per incident Annualized Rate of Occurrence (ARO): 2.5 (estimated based on industry intel) Annualized Loss Expectancy (ALE): SLE x ARO = $250,000 / year [MITIGATION COST ANALYSIS] Cloud DDoS Mitigation Service (Annual Subscription): $85,000 / year Cost/Benefit Ratio: Positive. Proceed with implementation.

Question

Fill in the blank with the appropriate word. The ____________________ risk analysis process analyzes the effect of a risk event deriving a numerical value.
Hint: Look at the network logs provided. The team is calculating exact dollar amounts (SLE = $100,000, ALE = $250,000). Which type of analysis relies on hard numbers and financial metrics rather than subjective high/medium/low scales?

Expert Analysis

1. What is happening in the network

The network perimeter is seeing precursor indicators of a volumetric DDoS attack (UDP/SYN bursts). The defense team must justify the cost of implementing a new mitigation control (cloud scrubbing). To do this, they are mapping out exact financial losses expected if the attack succeeds.

2. Identify attack or behavior

The behavior shown in the logs is the execution of a quantitative risk assessment. The team is calculating Asset Value, Exposure Factor (EF), Single Loss Expectancy (SLE), and Annualized Loss Expectancy (ALE) based on potential network downtime.

3. Why the correct answer is correct

Quantitative risk analysis derives exact numerical values—usually monetary (dollars, euros, etc.) or specific time metrics (hours of downtime)—to determine the financial impact of a risk. Because the definition states it derives a "numerical value," quantitative is the only correct answer.

4. Why others are wrong

Qualitative: Uses subjective descriptors (e.g., High, Medium, Low) rather than hard numbers. It relies on expert intuition and scenarios rather than financial formulas.

Subjective: Another term that essentially aligns with qualitative analysis; it does not derive strict numerical/financial values.

Heuristic: This is a method used by IDS/IPS and antivirus systems to detect previously unknown malware or anomalous network traffic based on behavioral rules, not a risk analysis methodology.

5. Defensive action

By determining that a successful DDoS attack costs the company $250,000 annually (ALE), while the mitigation control costs only $85,000 annually, the security analyst has successfully justified the deployment of the Cloud DDoS Mitigation service to protect the network edge.

MINI LESSON: Risk Analysis in Network Defense

  • Quantitative Risk Analysis Formula Chain: AV (Asset Value) × EF (Exposure Factor) = SLE (Single Loss Expectancy). SLE × ARO (Annualized Rate of Occurrence) = ALE (Annualized Loss Expectancy).
  • When to use which: Use Qualitative for quick, initial triage of network risks when hard data is unavailable. Use Quantitative when dealing with highly valuable assets where management requires a cost-benefit analysis before approving security budget for firewalls, IPS, or redundancy measures.

Ready to level up your network defense skills?

Master threat analysis, risk mitigation, and traffic analysis.

Explore more CND simulations