[Sep 01, 2022] 312-38 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions [Q95-Q118]

4/5 - (1 vote)

[Sep 01, 2022] 312-38 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions

Pass 312-38 Exam – Real Test Engine PDF with 171 Questions

The EC-Council 312-38 is a mandatory exam for all candidates pursuing the EC-Council Certified Network Defender (CND) certification. This is a skill-based learning path that aims to create competent network administrators who can protect, detect, and respond to rampant security threats on computer networks.

Understanding functional and technical aspects of Certified Network Defender Business Principles and Practices

The following will be discussed in ECCOUNCIL EC 312-38 exam dumps:

Discus OS Virtualization Security
Discuss Windows Patch Management
Discuss User Access Management
Discuss Security Guidelines, recommendations and best practices for Dockers
Discuss the Security Risk and challenges associated with Enterprises mobile usage policies
Discuss Various Windows Security Features
Discuss Security Guidelines, recommendations and best practices for Containers
Discuss Windows Network Services and Protocol Security
Discuss IoT Security Tools and Best Practices
Discuss Windows Active Directory Security Best Practices
Discuss Data Destruction Concepts
Discuss the security in IoT-enabled Environments
Discus Network Virtualization (NV) Security
Discuss Security guidelines and tools for Android devices
Discuss Windows User Account and Password Management
Discuss Security Measures for IoT-enabled Environments
Discuss Common Mobile Usage Policies in Enterprises
Understand Security Challenges and risks associated with IoT-enabled environments
Discuss the implementation of Encryption of “Data at transit” in Email Delivery
Understand IoT Ecosystem and Communication models
Discuss and refer various standards, Initiatives and Efforts for IoT Security
Understand Window OS and Security Concerns
Discuss and implement various enterprise-level mobile security management Solutions
Discuss Software-Defined Network (SDN) Security
Discuss the implementation of data access controls
Discuss the implementation of Encryption of “Data at transit” between browser and web server
Discuss Data Masking ConceptsDiscuss data backup and retention
Discuss Windows Security Components
Understand IoT Devices, their need, and Application Areas
Discuss Network Function Virtualization (NFV) Security

Q95. Which of the following is an intrusion detection system that reads all incoming packets and tries to find suspicious patterns known as signatures or rules?

HIDS

IPS

DMZ

NIDS

A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect incoming shell codes in the same manner that an ordinary intrusion detection systems does. Answer option A is incorrect. A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than the network packets on its external interfaces. A host-based Intrusion Detection System (HIDS) monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and checks that the contents of these appear as expected. Answer option B is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Answer option C is incorrect. A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.

Q96. Which of the following VPN topologies establishes a persistent connection between an organization’s main office and its branch offices using a third-party network or the Internet?

Star

Point-to-Point

Full Mesh

Hub-and-Spoke

Q97. CORRECT TEXT
Fill in the blank with the appropriate term. A _______________device is used for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.

Q98. Which IEEE standard does wireless network use?

802.11

802.18

802.9

802.10

Q99. An organization needs to adhere to the______________rules for safeguarding and protecting the electronically stored health information of employees.

HI PA A

PCI DSS

ISEC

SOX

Q100. In which of the following attacks does an attacker use software that tries a large number of key combinations in order to get a password?

Buffer overflow

Brute force attack

Zero-day attack

Smurf attack

In a brute force attack, an attacker uses software that tries a large number of key combinations in order to get a password. To prevent such attacks, users should create passwords that are more difficult to guess, i.e., by using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations. Answer option D is incorrect. Smurf is an attack that generates significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. In such attacks, a perpetrator sends a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, which multiplies the traffic by the number of hosts responding. Answer option A is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. It helps an attacker not only to execute a malicious code on the target system but also to install backdoors on the target system for further attacks. All buffer overflow attacks are due to only sloppy programming or poor memory management by the application developers. The main types of buffer overflows are: Stack overflow Format string overflow Heap overflow Integer overflow Answer option C is incorrect. A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the mvulnerability. User awareness training is the most effective technique to mitigate such attacks.

Q101. Which of the following types of coaxial cable is used for cable TV and cable modems?

RG-62

RG-59

RG-58

RG-8

Q102. Which of the following ranges of addresses can be used in the first octet of a Class B network address?

224-255

128-191

0-127

192-223

Q103. What is the range for private ports?

49152 through 65535

1024 through 49151

Above 65535

0 through 1023

Q104. Which of the following is a network that supports mobile communications across an arbitrary number of wireless LANs and satellite coverage areas?

LAN

WAN

GAN

HAN

Q105. James wants to implement certain control measures to prevent denial-of-service attacks against the organization. Which of the following control measures can help James?

Strong passwords

Reduce the sessions time-out duration for the connection attempts

A honeypot in DMZ

Provide network-based anti-virus

Q106. John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for his
organization. For this, he needs to decide the appropriate devices and policies required to set up the network.
Which of the following phases of the incident handling process will help him accomplish the task?

Containment

Recovery

Preparation

Eradication

Q107. You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now,
you want to know the IP address of the sender so that you can analyze various information such as the actual
location, domain information, operating system being used, contact information, etc. of the email sender with
the help of various tools and resources. You also want to check whether this email is fake or real. You know
that analysis of email headers is a good starting point in such cases. The email header of the suspicious email
is given below:

What is the IP address of the sender of this email?

209.191.91.180

141.1.1.1

172.16.10.90

216.168.54.25

Q108. Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

Application layer

Internet layer

Link layer

Transport Layer

None

Q109. Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system?

SuperScan

Netscan

Hping

Nmap

Q110. Disaster Recovery is a _________.

Operation-centric strategy

Security-centric strategy

Data-centric strategy

Business-centric strategy

Q111. Which of the following is an open source implementation of the syslog protocol for Unix?

syslog-os

syslog Unix

syslog-ng

Unix-syslog

Q112. Which of the following ranges of addresses can be used in the first octet of a Class B network address?

224-255

128-191

0-127

192-223

Q113. John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:

Which of the following tools is John using to crack the wireless encryption keys?

Cain

PsPasswd

Kismet

AirSnort

Q114. Which of the following encryption techniques do digital signatures use?

MD5

RSA

Blowfish

IDEA

Q115. John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1=2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1=2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?

Computer-based social engineering

Man-in-the-middle attack

Cookie poisoning

Cross site scripting

Q116. Which of the following types of RAID is also known as disk striping?

RAID 0

RAID 2

RAID 1

RAID 3

Q117. Which of the following fields in the IPv6 header replaces the TTL field in the IPv4 header?

Next header

Traffic class

Hop limit

Version

Q118. With which of the following forms of acknowledgment can the sender be informed by the data receiver about all segments that have arrived successfully?

Block Acknowledgment

Negative Acknowledgment

Cumulative Acknowledgment

Selective Acknowledgment