100+ Free CNDA Practice Questions
Pass your EC-Council Certified Network Defense Architect (CNDA, 312-99) exam on the first try — instant access, no signup required.
Which port and protocol does standard NTP enumeration target, and what reconnaissance value does it offer?
Explore More EC-Council Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
More From This Family
Videos and articles for deeper review.
Key Facts: CNDA Exam
125
Exam Questions
EC-Council CNDA 312-99 blueprint
4 hours
Exam Duration
EC-Council ECC Exam Center
70%
Passing Score
Cut score may vary by exam form
$550
Exam Voucher
EC-Council pricing
11
Content Domains
CEH-mirrored CNDA blueprint
Gov-only
Eligibility
Government / military / contractor
The EC-Council CNDA (312-99) is the government-track version of CEH: 125 multiple-choice questions, a 4-hour limit, a ~70% cut score, and a $550 exam voucher delivered through the ECC Exam Center. Eligibility is restricted — candidates must already hold CEH AND be employed by a U.S. government agency, the military, or a government contractor. CNDA mirrors the CEH content (footprinting, scanning, system hacking, web/wireless attacks, evasion, cryptography, and penetration testing) but emphasizes federal context such as DoDD 8140 baselines, NIST RMF, FedRAMP, and CMMC for DoD contractors.
Sample CNDA Practice Questions
Try these sample questions to test your CNDA exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1What eligibility requirement distinguishes the EC-Council CNDA (312-99) from the standard CEH credential?
2Under DoDD 8140 (which superseded DoDD 8570), CEH/CNDA is most often listed as a baseline for which workforce category?
3A federal contractor performs an authorized penetration test against a customer agency network. Which U.S. statute most directly governs unauthorized access if the engagement letter is exceeded?
4Which federal law primarily governs interception of electronic communications in transit (such as a sniffing wiretap) in the United States?
5Under FISMA, which NIST Special Publication describes the Risk Management Framework (RMF) used to authorize federal information systems?
6A federal agency selects security controls for a moderate-impact system. Which NIST publication is the authoritative control catalog?
7FedRAMP defines three impact levels for cloud services authorized for federal use. Which is the LOWEST authorization tier in current use?
8Within DoDD 8140, the role family that includes 'Information Assurance Technical' (IAT Levels I-III) primarily covers which job function?
9A government red team is profiling adversary TTPs. APT28 (Fancy Bear) is most commonly attributed to which nation-state sponsor?
10Which of the CIA triad properties is most directly violated when a government website is overwhelmed by a DDoS attack?
About the CNDA Exam
The Certified Network Defense Architect (CNDA, exam 312-99) is the EC-Council government-track restatement of CEH. The exam content mirrors CEH — ethics and legality, footprinting, scanning and enumeration, system hacking and malware, sniffing and session hijacking, DoS and social engineering, web server and web application hacking, wireless and mobile hacking, IDS/firewall/honeypot evasion, cryptography, and penetration testing — but the credential is restricted to candidates who already hold CEH and are employed by a U.S. government agency, the military, or a government contractor. CNDA is a recognized DoDD 8140 baseline credential for several CSSP and IAT roles.
Assessment
125 multiple-choice questions across 11 weighted domains delivered through the EC-Council ECC Exam Center; the same content as CEH framed for U.S. government and military personnel.
Time Limit
4 hours
Passing Score
70% (cut score may vary by exam form)
Exam Fee
$550 USD (EC-Council / ECC Exam Center)
CNDA Exam Content Outline
InfoSec & Ethical Hacking Fundamentals
CIA triad, ethics and legality (CFAA, Wiretap Act, SCA), FISMA, FedRAMP authorization tiers, NIST 800-37 RMF, NIST 800-53 controls, DoDD 8140 / 8570, IAT/IAM/CSSP/IASAE roles, threat actors (APT28/29/40)
Reconnaissance & Footprinting
OSINT with theHarvester, Maltego, Recon-ng, Shodan, Censys, FOCA; Google dorks; Whois; DNS enumeration with dnsrecon, fierce, dig and AXFR; banner grabbing
Scanning & Enumeration
Nmap (SYN, connect, UDP, version, OS detection, NSE), Masscan, SMB/SNMP/LDAP/NTP/Kerberos enumeration with smbclient, snmpwalk, enum4linux, ldapsearch, kerbrute
System Hacking & Malware
Windows/Linux privilege escalation, hashcat and John, Mimikatz LSASS dumping, DCSync, malware types, kernel and user-mode rootkits, steganography (steghide, exiftool, binwalk), Sysmon, Metasploit modules, SAM hive, fileless malware
Network Sniffing & Session Hijacking
Monitor/promiscuous mode, ARP poisoning, MAC flooding, DHCP starvation, MITM (Ettercap, Bettercap, MITM6), Responder LLMNR poisoning, TCP sequence prediction, Wireshark display filters
DoS & Social Engineering
Slowloris, SYN floods, hping3, LOIC/HOIC, amplification (DNS, NTP, memcached), Smurf, SYN cookies, phishing (whaling, smishing, vishing), pretexting, BEC, DMARC/SPF/DKIM
Web Server & Web App Hacking
Apache/Nginx/IIS hardening, web shells and IIS modules, OWASP Top 10, sqlmap, XSS variants, CSRF, SSRF and cloud metadata, file upload, Burp Suite Repeater/Intruder
Wireless & Mobile Hacking
Aircrack-ng, KRACK, WPA3 Dragonblood, monitor mode capture, Bluetooth attacks (bluesnarfing, BlueBorne, KNOB), Android Drozer/Frida/MobSF, iOS jailbreak
Evading IDS / Firewalls / Honeypots
Snort/Suricata bypass, Nmap fragmentation, payload encoding, ICMP and DNS tunneling, stateless vs stateful firewalls, honeypot interaction levels and Nmap NSE detection
Cryptography
AES (FIPS 197), RSA per NIST SP 800-131A, hash properties, MD5/SHA-1 deprecation, AES-GCM AEAD, TLS 1.3, PKI roles (CA/RA/VA), TLS_FALLBACK_SCSV
Penetration Testing
OSSTMM, PTES, NIST SP 800-115, Rules of Engagement, NIST SP 800-30 qualitative risk vs FAIR, NIST SP 800-61 IR, CMMC, RMF Authorize (ATO), federal pentest reporting
How to Pass the CNDA Exam
What You Need to Know
- Passing score: 70% (cut score may vary by exam form)
- Assessment: 125 multiple-choice questions across 11 weighted domains delivered through the EC-Council ECC Exam Center; the same content as CEH framed for U.S. government and military personnel.
- Time limit: 4 hours
- Exam fee: $550 USD
Keys to Passing
- Complete 500+ practice questions
- Score 80%+ consistently before scheduling
- Focus on highest-weighted sections
- Use our AI tutor for tough concepts
CNDA Study Tips from Top Performers
Frequently Asked Questions
What is the EC-Council CNDA exam?
CNDA (312-99) is the government-track restatement of CEH. The exam content mirrors CEH (footprinting, scanning, system hacking, web/wireless attacks, evasion, cryptography, and penetration testing) but the credential is restricted to candidates who already hold CEH and are employed by a U.S. government agency, the military, or a government contractor. CNDA is recognized on the DoDD 8140 baseline list.
How is CNDA different from CEH?
The exam objectives and difficulty are essentially the same as CEH. The difference is eligibility: CNDA requires both an active CEH and verified employment in a U.S. government agency, military service, or government-contracting organization. EC-Council uses CNDA branding for federal cyber workforce listings, especially for personnel filling DoDD 8140 baseline roles.
Who is eligible for the CNDA?
Candidates must already hold a current CEH credential AND be employed by a U.S. government agency, the military, or a government contractor. EC-Council verifies government-track eligibility through documentation before issuing the CNDA. Without this gov-track employment, candidates pursue the standard CEH instead.
How many questions are on the CNDA exam?
The CNDA 312-99 exam contains 125 multiple-choice questions and is delivered in a 4-hour session through the EC-Council ECC Exam Center (Pearson VUE network) or EC-Council Remote Proctoring. The cut score is approximately 70 percent and may vary by exam form.
How much does the CNDA exam cost?
The CNDA exam voucher costs $550 USD, the same as CEH. Many DoD organizations and government contractors fund the voucher and required CEH training as part of DoDD 8140 workforce qualification. Official EC-Council CEH iLearn/iWeek/MasterClass training packages typically run from $1,800 to $3,500 and include the voucher.
How long is the CNDA certification valid?
The CNDA credential is valid for 3 years under EC-Council's Continuing Education (ECE) program. Candidates must earn 120 ECE credits (typically through additional training, conference attendance, or higher EC-Council certifications) before the 3-year mark to maintain the credential.
How should I prepare for the CNDA exam?
Most candidates leverage their existing CEH preparation and add 30-60 hours of government-context review: NIST RMF (SP 800-37), the SP 800-53 control catalog, DoDD 8140 cyber workforce roles, FedRAMP authorization tiers, CMMC for DoD contractors, and federal pentest expectations from SP 800-115. Hands-on labs with theHarvester, Nmap, Burp Suite, Metasploit, hashcat, and aircrack-ng remain essential.