• Home
  • Articles
  • 2024 The Most Effective 312-38 with 232 Questions Answers [Q96-Q114]

2024 The Most Effective 312-38 with 232 Questions Answers [Q96-Q114]

Share

2024 The Most Effective 312-38 with 232 Questions Answers

Try Free and Start Using Realistic Verified 312-38 Dumps Instantly.

NEW QUESTION # 96
An administrator wants to monitor and inspect large amounts of traffic and detect unauthorized attempts from inside the organization, with the help of an IDS. They are not able to recognize the exact location to deploy the IDS sensor. Can you help him spot the location where the IDS sensor should be placed?

  • A. Location 2
  • B. Location 1
  • C. Location 4
  • D. Location 3

Answer: A


NEW QUESTION # 97
Which of the following protocols is used to exchange encrypted EDI messages via email?

  • A. S/MIME
  • B. HTTPS
  • C. HTTP
  • D. MIME

Answer: A


NEW QUESTION # 98
Which of the following security models enable strict identity verification for every user or device attempting to access the network resources?
1. Zero-trust network model
2. Castle-and-Moat model

  • A. 2 only
  • B. Both 1 and 2
  • C. None
  • D. 1 only

Answer: D


NEW QUESTION # 99
Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply.

  • A. Human resources
  • B. Technical representative
  • C. Lead investigator
  • D. Information security representative
  • E. Legal representative
  • F. Sales representative

Answer: A,B,C,D,E

Explanation:
Incident response is a process that detects a problem, determines the cause of an issue, minimizes the damages, resolves the problem, and documents each step of process for future reference. To perform all these roles, an incident response team is needed. The incident response team includes the following representatives who are involved in the incident response process: Lead investigator: The lead investigator is the manager of an incident response team. He is always involved in the creation of an incident response plan. The duties of a lead investigator are as follows:Keep the management updated.Ensure that the incident response moves smoothly and efficiently.Interview and interrogate the suspects and witnesses. Information security representative: The information security representative is a member of the incident response team who alerts the team about possible security safeguards that can impact their ability to respond to an incident. Legal representative: The legal representative is a member of the incident response team who ensures that the process follows all the laws during the response to an incident. Technical representative: Technical representative is a representative of the incident response team. More than one technician can be deployed to an incident. The duties of a technical representative are as follows:Perform forensic backups of the systems that are involved in an incident. Provide more information about the configuration of the network or system. Human resources: Human resources personnel ensure that the policies of the organization are enforced during the incident response process. They suspend access to a suspect if it is needed. Human resources personnel are closely related with the legal representatives and cover up the organization's legal responsibility.


NEW QUESTION # 100
Which of the following ranges of addresses can be used in the first octet of a Class B network address?

  • A. 224-255
  • B. 128-191
  • C. 0-127
  • D. 192-223

Answer: B

Explanation:
Explanation


NEW QUESTION # 101
Which of the following is a software tool used in passive attacks for capturing network traffic?

  • A. Intrusion detection system
  • B. Warchalking
  • C. Intrusion prevention system
  • D. Sniffer

Answer: D

Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host.
This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.
Answer option A is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.
Answer option C is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.


NEW QUESTION # 102
Which of the following flags is set when a closed port responds to an Xmas tree scan?

  • A. ACK
  • B. RST
  • C. PUSH
  • D. FIN

Answer: B


NEW QUESTION # 103
Which of the following organizations is responsible for managing the assignment of domain names and IP addresses?

  • A. ICANN
  • B. ISO
  • C. ANSI
  • D. W3C

Answer: A

Explanation:
ICANN stands for Internet Corporation for Assigned Names and Numbers. ICANN is responsible for managing the assignment of domain names and IP addresses. ICANN's tasks include responsibility for IP address space allocation, protocol identifier assignment, top-level domain name system management, and root server system management functions. Answer option A is incorrect. The International Organization for Standardization, widely known as ISO, is an international-standard-setting body composed of representatives from various national standards organizations. Founded on 23 February 1947, the organization promulgates worldwide proprietary industrial and commercial standards. It has its headquarters in Geneva, Switzerland. While ISO defines itself as a non-governmental organization, its ability to set standards that often become law, either through treaties or national standards, makes it more powerful than most nongovernmental organizations. In practice, ISO acts as a consortium with strong links to governments. Answer option C is incorrect. The World Wide Web Consortium (W3C) is an international industry consortium that develops common standards for the World Wide Web to promote its evolution and interoperability. It was founded in October 1994 by Tim Berners-Lee, the inventor of the Web, at the Massachusetts Institute of Technology, Laboratory for Computer Science [MIT/LCS] in collaboration with CERN, where the Web had originated , with support from DARPA and the European Commission. Answer option D is incorrect. ANSI (American National Standards Institute) is the primary organization for fostering the development of technology standards in the United States. ANSI works with industry groups and is the U.S. member of the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC). Long-established computer standards from ANSI include the American Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).


NEW QUESTION # 104
Sam, a network administrator is using Wireshark to monitor the network traffic of the organization.
He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view the traffic?

  • A. Tcp.flags==x0000
  • B. Tcp.flags==0000x
  • C. Tcp.flags==0x000
  • D. Tcp.flags==000x0

Answer: C


NEW QUESTION # 105
Which of the following commands is used for port scanning?

  • A. nc -v
  • B. nc -d
  • C. nc -t
  • D. nc -z

Answer: D

Explanation:
Explanation


NEW QUESTION # 106
Which of the following tools is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen?

  • A. Snort
  • B. Nessus
  • C. SAINT
  • D. Adeona

Answer: D

Explanation:
Adeona is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen. All it takes is to install the Adeona software client on the user's laptop, pick a password, and make it run in the background. If at one point, the user's laptop gets stolen and is connected to the Internet, the Adeona software sends the criminal's IP address. Using the Adeona Recovery, the IP address can then be retrieved. Knowing the IP address helps in tracking the geographical location of the stolen device. Answer option D is incorrect. Nessus is proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on tested systems. It is capable of checking various types of vulnerabilities, some of which are as follows:Vulnerabilities that allow a remote cracker to control or access sensitive data on a system Misconfiguration (e.g. open mail relay, missing patches, etc)Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.Denials of service against the TCP/IP stack by using mangled packets Answer option A is incorrect. SAINT stands for System Administrator's Integrated Network Tool. It is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities. The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-ofservice, or gain sensitive information about the network. Answer option C is incorrect. Snort is an open source network intrusion detection system. The Snort application analyzes network traffic in realtime mode. It performs packet sniffing, packet logging, protocol analysis, and a content search to detect a variety of potential attacks.


NEW QUESTION # 107
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

  • A. Continuity of Operations Plan
  • B. Business Continuity Plan
  • C. Disaster Recovery Plan
  • D. Contingency Plan

Answer: B

Explanation:
BCP is a strategy to minimize the consequence of the instability and to allow for the continuation of business processes. The goal of BCP is to minimize the effects of a disruptive event on a company, and is formed to avoid interruptions to normal business activity. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. Answer option C is incorrect. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option A is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.


NEW QUESTION # 108
You are using more than the safety of the existing network. You'll find a machine that is not in use as such, but is a software that emulates the operation of a sensitive database server. What is this?

  • A. Honey Pot
  • B. The polymorphic virus
  • C. Virus
  • D. None
  • E. The reactive IDS

Answer: A


NEW QUESTION # 109
John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1=2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1=2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?

  • A. Man-in-the-middle attack
  • B. Computer-based social engineering
  • C. Cookie poisoning
  • D. Cross site scripting

Answer: C

Explanation:
John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

For example:
The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1= 2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1= 2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price.
Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values:
Original cookie values:
LoggedIn= True
Username = Mark
Modified cookie values:
LoggedIn= True
Username = Admin
Now, after modifying the cookie values, the attacker can do the admin login.
Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site.
When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client- side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.


NEW QUESTION # 110
Token Ring is standardized by which of the following IEEE standards?

  • A. 802.1
  • B. 802.2
  • C. 802.4
  • D. 802.3

Answer: C


NEW QUESTION # 111
Fred is a network technician working for Johnson Services, a temporary employment agency in Boston.
Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works.
The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred's supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred's boss wants a solution that will be placed on all computers throughout the company and monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. What type of solution does Fred's boss want to implement?

  • A. Fred's boss wants to implement a HIPS solution.
  • B. Fred's boss wants to implement a HIDS solution.
  • C. Fred's boss wants a NIDS implementation.
  • D. Fred's boss wants Fred to monitor a NIPS system.

Answer: B


NEW QUESTION # 112
Which of the following network security controls can an administrator use to detect, deflect or study attempts to gain unauthorized access to information systems?

  • A. IDS/IPS
  • B. Network Protocol Analyzer
  • C. Proxy Server
  • D. Honeypot

Answer: D


NEW QUESTION # 113
Fill in the blanks with the appropriate terms. In L2TP ______________ tunnel mode, the ISP must support L2TP, whereas in L2TP tunnel mode, the ISP does not need to support L2TP.

Answer:

Explanation:
compulsory


NEW QUESTION # 114
......


The EC-Council Certified Network Defender (CND) certification exam is a globally recognized certification that validates the skills and knowledge of network administrators and cybersecurity professionals. 312-38 exam is designed to test the candidate's ability to secure, maintain and defend network infrastructures from cyber-attacks. EC-Council Certified Network Defender CND certification is offered by the International Council of E-Commerce Consultants (EC-Council), a leading provider of cybersecurity certifications and training.


The CND certification exam is divided into various sections, including network security, network defense, and security policies and procedures. 312-38 exam consists of 100 multiple-choice questions and is designed to test the candidate's knowledge of the various topics covered in the certification. 312-38 exam is administered online and can be taken at any time, making it convenient for professionals who are unable to attend traditional classroom training.

 

Download Free Latest Exam 312-38 Certified Sample Questions: https://theexamcerts.lead2passexam.com/EC-COUNCIL/valid-312-38-exam-dumps.html

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam