🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
312-38
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
312-38 EC-Council Coming Soon

ECCouncil CND

The EC‑Council Certified Network Defender (CND) exam validates expertise in network security fundamentals, perimeter defenses, endpoint protection, application and data safeguards, and identity‑access management for enterprise environments.

240
Minutes
100
Questions
70/100
Passing Score
$999
Exam Cost

Who Should Take This

Network administrators, security engineers, and IT professionals with at least two years of hands‑on experience in managing enterprise networks should pursue the CND certification to deepen their defensive skill set, align with industry standards, and advance toward senior security leadership roles.

What's Covered

1 Network Security Fundamentals
2 Network Perimeter Security
3 Endpoint and Host Security
4 Application and Data Security
5 Identity and Access Management
6 Network Traffic Monitoring and Analysis
7 Wireless and Virtual Network Security
8 Cloud Network Security
9 Incident Response and Business Continuity
10 Risk Management and Compliance

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

60 learning goals
1 Network Security Fundamentals
2 topics

Defense-in-depth architecture

  • Apply defense-in-depth architecture by designing layered security controls spanning network perimeter internal segments endpoints and applications.
  • Apply network security policy development including acceptable use remote access BYOD and incident response policies aligned with business requirements.
  • Analyze network topology to identify security zone boundaries trust levels and traffic flow patterns requiring protective controls.
  • Design network security architecture incorporating zero-trust principles microsegmentation and software-defined perimeters for modern environments.

Network protocols and threats

  • Apply network protocol analysis to identify security implications of TCP UDP ICMP DNS DHCP ARP and routing protocols in enterprise environments.
  • Analyze network attack techniques including ARP spoofing DNS poisoning VLAN hopping STP manipulation and routing protocol attacks for defensive planning.
2 Network Perimeter Security
2 topics

Firewall and gateway security

  • Apply next-generation firewall configuration including application-aware rules SSL inspection threat intelligence feeds and user-identity-based policies.
  • Apply IDS and IPS deployment including signature-based and anomaly-based detection rule tuning alert management and inline versus passive sensor placement.
  • Apply UTM and secure web gateway configuration including URL filtering malware scanning data loss prevention and SSL decryption policy management.
  • Analyze firewall rule sets to identify shadowed rules overly permissive access policy conflicts and optimization opportunities for improved posture.
  • Apply email security gateway configuration including SPF DKIM DMARC anti-phishing sandboxing and attachment filtering for inbound threat prevention.

VPN and remote access

  • Apply VPN configuration including IPSec IKEv2 SSL/TLS site-to-site and remote access tunnels with appropriate encryption and key exchange protocols.
  • Apply network access control including 802.1X RADIUS authentication posture assessment and remediation policies for connecting devices.
  • Apply ZTNA and SASE configuration to replace traditional VPN with identity-aware application-level access for remote and hybrid workforces.
  • Analyze remote access security posture to identify split-tunneling risks weak VPN configurations and unauthorized access pathways requiring remediation.
3 Endpoint and Host Security
2 topics

Operating system hardening

  • Apply Windows server hardening using Group Policy CIS benchmarks service account lockdown privileged access workstations and attack surface reduction rules.
  • Apply Linux server hardening including kernel parameter tuning SELinux enforcement SSH key-only authentication and mandatory access control policies.
  • Apply endpoint detection and response deployment including agent configuration threat hunting query development and automated response action setup.
  • Apply application whitelisting and execution control policies to prevent unauthorized software from running on servers and workstations.

Patch and vulnerability management

  • Apply enterprise patch management using WSUS SCCM Intune or third-party tools to deploy test and verify security updates across infrastructure.
  • Apply vulnerability management lifecycle including scheduled scanning risk-based prioritization by CVSS and asset criticality and exception handling.
  • Analyze vulnerability management metrics to identify patching gaps systemic weaknesses and risk trends requiring program improvements.
4 Application and Data Security
2 topics

Application security controls

  • Apply web application firewall configuration including OWASP Core Rule Set virtual patching rate limiting and false positive tuning for protection.
  • Apply database security including access control encryption auditing activity monitoring and query parameterization to protect data stores.
  • Apply API security controls including authentication rate limiting input validation and API gateway configuration for microservice environments.
  • Analyze application traffic patterns to identify anomalous behavior potential data exfiltration SQL injection attempts and unauthorized API access.

Data protection

  • Apply data classification policies and DLP controls to prevent unauthorized transmission of sensitive data across email web endpoints and removable media.
  • Apply encryption for data at rest and in transit including TLS certificate management disk encryption key management and database column-level encryption.
  • Apply data backup and recovery procedures including 3-2-1 strategy immutable backups air-gapped storage and regular restoration testing.
  • Design data protection strategies incorporating classification encryption DLP backup and retention aligned with regulatory compliance requirements.
5 Identity and Access Management
1 topic

Authentication and authorization

  • Apply enterprise IAM including Active Directory group policies RBAC implementation privileged access management and service account governance.
  • Apply MFA deployment across VPN email cloud applications and administrative access using FIDO2 TOTP and certificate-based authentication.
  • Apply PAM solutions to secure privileged accounts implement just-in-time access session recording and credential vaulting for administrative users.
  • Analyze IAM configurations to identify excessive permissions orphaned accounts stale credentials and privilege escalation paths requiring remediation.
6 Network Traffic Monitoring and Analysis
1 topic

SIEM and log management

  • Apply SIEM deployment including log source integration correlation rule creation dashboard configuration and alert threshold tuning for threat detection.
  • Apply network traffic analysis using NetFlow sFlow deep packet inspection and full packet capture to identify anomalous communication patterns.
  • Apply network baseline establishment and deviation detection to identify unauthorized protocols unusual traffic volumes and suspicious connections.
  • Apply threat hunting queries using SIEM and EDR data to proactively identify undetected threats lateral movement and data staging activities.
  • Analyze correlated security events across network endpoint and application logs to reconstruct attack timelines and identify threat actor TTPs.
7 Wireless and Virtual Network Security
2 topics

Wireless network defense

  • Apply enterprise wireless security including WPA3-Enterprise 802.1X RADIUS integration certificate-based EAP and wireless intrusion detection systems.
  • Apply rogue AP detection and containment using WIDS wireless monitoring tools and network-based detection for unauthorized access point prevention.
  • Analyze wireless network security posture to identify weak encryption misconfigured authentication client isolation gaps and coverage vulnerabilities.

Virtualization and container security

  • Apply virtualization security including hypervisor hardening VM isolation resource limits and virtual switch security configuration for VMware and Hyper-V.
  • Apply container security including image scanning runtime protection Kubernetes RBAC network policies and pod security standards for workload hardening.
  • Analyze virtual and containerized environments to identify escape vulnerabilities overly permissive configurations and east-west traffic risks.
8 Cloud Network Security
1 topic

Cloud infrastructure defense

  • Apply cloud network security including VPC design security groups NACLs transit gateway and cloud WAF configuration across AWS Azure and GCP.
  • Apply cloud IAM security including least-privilege policies service account management cross-account access controls and identity federation setup.
  • Apply cloud monitoring using CloudTrail Azure Monitor GCP Audit Logs and cloud-native SIEM to detect unauthorized access and configuration drift.
  • Apply CSPM tools to continuously assess cloud configuration compliance detect misconfigurations and auto-remediate common security issues.
  • Design cloud-native defense strategy incorporating CSPM CWPP CASB cloud firewalls and shared responsibility model implementation.
9 Incident Response and Business Continuity
2 topics

Network incident response

  • Apply network incident detection using IDS alerts SIEM correlation NetFlow analysis and anomaly detection to identify active compromises.
  • Apply network containment techniques including port shutdown VLAN isolation DNS sinkholing firewall rule injection and BGP blackholing.
  • Apply network forensic evidence collection including packet capture log preservation and traffic analysis for post-incident investigation support.
  • Analyze network incident artifacts to determine attack scope compromised systems exfiltrated data and recommend recovery and hardening measures.

Business continuity

  • Apply network disaster recovery including redundant architecture failover testing backup validation and RTO RPO verification procedures.
  • Design network resilience strategy incorporating redundant paths load balancing geographic distribution and automated failover for business continuity.
10 Risk Management and Compliance
1 topic

Network risk and governance

  • Apply risk assessment methodologies to evaluate network threats vulnerabilities and business impact for security investment prioritization.
  • Apply compliance controls for PCI-DSS HIPAA SOX and GDPR network security requirements including segmentation logging and access controls.
  • Analyze network security audit findings to develop remediation plans track control effectiveness and report risk posture to management.
  • Design comprehensive network defense program incorporating continuous monitoring threat intelligence vulnerability management and compliance automation.

Scope

Included Topics

  • All domains in EC-Council CND covering network defense architecture perimeter security endpoint hardening monitoring incident response and cloud network security.
  • Network perimeter defense including NGFW IDS/IPS VPN NAC and UTM deployment and configuration.
  • Endpoint and host security including OS hardening patch management EDR deployment and vulnerability management.
  • Network monitoring including SIEM deployment log management traffic analysis and baseline deviation detection.
  • Cloud network security including VPC design cloud IAM CSPM and shared responsibility model implementation.
  • Network incident response containment and business continuity planning for enterprise environments.

Not Covered

  • Offensive penetration testing and exploitation techniques covered by CEH and CPENT.
  • Digital forensics evidence collection and malware reverse engineering covered by CHFI.
  • Application source code security review and secure development covered by CASE and ECSP.
  • Executive security program governance and board-level risk communication covered by CCISO.
  • Threat intelligence platform management and indicator lifecycle covered by CTIA.

Official Exam Page

Learn more at EC-Council

Visit

312-38 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

EC-Council®, CEH®, and all EC-Council certification marks are registered trademarks of the International Council of Electronic Commerce Consultants. EC-Council does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.