Certified Network Defender

Course Code : 312-38

EC-Council’s Certified Network Defender (CIND) is an essential vendor-neutral network security certification for every IT and systems administrator who needs to operate with a secure mindset.

Students will learn the critical skills required to defend their networks and operating environments across local networks, endpoints, cloud infrastructure, applications, OT, and mobile. They will also acquire knowledge of effective proper log analysis, network traffic monitoring, basic investigation and response, as well as business continuity and disaster recovery. Additionally, they will dive into threats, analyzing the attack surface, and studying threat prediction and threat intelligence as it relates to their administration and defense responsibilities.

Often referred to as blue-teaming, CINDs will be able to apply defense and countermeasure strategies in their organizations, playing a critical role not only in attack prevention but also in detection, response, and remediation as they configure networks and systems to operate securely. The CIND program will cover the concepts and fortify skills through hands-on practice across over 100+ labs delivered on live target machines.


At the end of this course, you will be able to:

  • Planning and administering network security for organizations
  • Recognizing security risks, threats, and vulnerabilities
  • Ensuring compliance with regulatory standards
  • Designing and implementing network security policies
  • Applying security principles in distributed and mobile computing environments
  • Implementing Identity and Access Management, encryption, and network segmentation
  • Managing Windows and Linux Security Administration
  • Addressing security risks in mobile devices and lot
  • Implementing strong data security techniques
  • Managing security in virtualization technologies and cloud platforms
  • Implementing wireless network security
  • Conducting risk and vulnerability assessments
  • Providing first response to security incidents
  • Identifying Indicators of Compromise and Attack
  • Integrating threat intelligence for proactive defense
  • Conducting Attack Surface Analysis
  • Assisting in Business Continuity and Disaster Recovery planning
  • Monitoring network traffic and performing log management
  • Managing proxy, content filtering, and troubleshooting network issues
  • Hardening security of endpoints and selecting firewall solutions
  • Configuring IDS/IPS for enhanced security
  • Maintaining an inventory of network devices
  • Providing security awareness guidance and training
  • Managing AAA for network devices
  • Reviewing audit logs and analyzing security anomalies
  • Maintaining and configuring security platforms
  • Evaluating security products and operations procedures
  • Identifying and classifying organizational assets
  • Implementing system integrity monitoring tools
  • Understanding EDR/XDR and UEBA solutions
  • Conducting PIA processes for privacy assessment
  • Collaborating on threat hunting and incident response
  • Understanding SOAR platforms in cybersecurity operations
  • Integrating Zero Trust principles into security architectures
  • Staying updated on emerging cyber threats
  • Understanding the role of Al/ML in cyber defense.


To be eligible to challenge the EC-Council CND certification examination, the candidate has two options:

  1. Attend Official Network Security Training by EC-Council:
  • Candidates who have completed an official EC-Council training either at an Accredited Training Center, via the iClass platform, or at an approved academic institution are eligible to challenge the relevant EC-Council exam without going through the application process.


  1. Attempt the Exam without Official EC-Council Training:
  • Candidates who wish to attempt the CND v2 exam without official network security training must meet the following requirements:
  • Have at least 2 years of work experience in the Information Security domain. Submit an eligibility application form along with a non-refundable fee of USD 100.00
  • Students
  • IT Professionals
  • Other industry professionals planning a career in cybersecurity
  • Anyone who wants to start a career in blue team and network security.


● This module covers mechanisms of various attack techniques and hacking methodologies that attackers use to breach the security of an organization's networks.
● This module focuses on administrative aspects of network security. It covers the establishment of security policies, procedures, and best practices to maintain a secure network environment.
● This module covers the technical aspects of network security. It describes the concepts of access control, Identity and Access Management (IAM), cryptographic security techniques, and various network security devices and protocols.
● This module covers the security configuration of network perimeter devices such as firewalls, intrusion detection and intrusion protection systems (IDSS/IPSS), routers, switches, etc., for effective perimeter protection.
● This module covers various security features and secure configuration techniques used to secure Windows system.
● This module covers the Linux OS, its security features, and the various techniques to harden the OS security.
● This module covers securing the use of mobile devices under various mobile usage policies implemented and enforced in enterprises.
● This module covers the use of lot devices, the associated security challenges and risks, as well as appropriate security measures implemented to secure loT-enabled environments.
● This module covers various application security measures implemented to monitor, patch, and upgrade the installed applications constantly.
● This module covers various security measures implemented to secure an organization's data from prying eyes.
● This module covers virtualization concepts and technologies such as network virtualization, software-defined network, and network function virtualization and their security.
● This module covers the various aspects of enterprise cloud security that are important for an organization to securely store or process data on the cloud.
● This module covers various security measures and best practices used to secure wireless networks in enterprises.
● This module covers threat, bandwidth, and performance monitoring with the help of network traffic monitoring and analysis.
● This module covers threat detection with the help of log monitoring and analysis.
● This module covers the role of incident response and forensic investigation in an organization’s security
● This module covers concepts around business continuity and disaster recovery.
● This module covers various phases in implementing and executing an organization’s risk management program.
● This module covers concepts around visualizing, analyzing, and reducing the attack surface.
● The module covers leveraging threat intelligence capabilities for responding quickly, decisively and effectively to emerging threats.
Length of exam 4 hours
Number of questions 100 questions
Question format Multiple choice questions
Passing grade 60% to 85% (depending on which exam form is challenged)
Exam availability English
Testing center ECC-authorized testing center