• Home
  • Articles
  • 2022 Updated Verified 312-38 dumps Q&As - 100% Pass Guaranteed [Q34-Q56]

2022 Updated Verified 312-38 dumps Q&As - 100% Pass Guaranteed [Q34-Q56]

Share

2022 Updated Verified 312-38 dumps Q&As - 100% Pass Guaranteed

Provide Valid Dumps To Help You Prepare For EC-Council Certified Network Defender CND Exam


For more info read reference:

EC 312-38 Website

 

NEW QUESTION 34
Fred is a network technician working for Johnson Services, a temporary employment agency in Boston.
Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works.
The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred's supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred's boss wants a solution that will be placed on all computers throughout the company and monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. What type of solution does Fred's boss want to implement?

  • A. Fred's boss wants to implement a HIPS solution.
  • B. Fred's boss wants a NIDS implementation.
  • C. Fred's boss wants Fred to monitor a NIPS system.
  • D. Fred's boss wants to implement a HIDS solution.

Answer: D

 

NEW QUESTION 35
Which of the following types of cyberstalking damages the reputation of their victim and turns other people against them by setting up their own Websites, blogs, or user pages for this purpose?

  • A. False accusation
  • B. Attempts to gather information about the victim
  • C. False victimization
  • D. Encouraging others to harass the victim

Answer: A

Explanation:
In false accusations, many cyberstalkers try to damage the reputation of their victim and turn other people against them. They post false information about them on Websites. They may set up their own Websites, blogs, or user pages for this purpose. They post allegations about the victim to newsgroups, chat rooms, or other sites that allow public contributions.
Answer option D is incorrect. In false victimization, the cyberstalker claims that the victim is harassing him/her.
Answer option C is incorrect. In this type of cyberstalking, many cyberstalkers try to involve third parties in the harassment. They claim that the victim has harmed the stalker in some way, or may post the victim's name and telephone number in order to encourage others to join the pursuit.
Answer option B is incorrect. In an attempt to gather information, cyberstalkers may approach their victim's friends, family, and work colleagues to obtain personal information. They may advertise for information on the Internet. They often will monitor the victim's online activities and attempt to trace their IP address in an effort to gather more information about their victims.

 

NEW QUESTION 36
Which of the following is a management process that provides a framework to stimulate a rapid recovery, and the ability to react effectively to protect the interests of its brand, reputation and stakeholders?

  • A. response systems
  • B. patch management
  • C. None
  • D. log analysis
  • E. Business Continuity Management

Answer: E

 

NEW QUESTION 37
Which of the following OSI layers formats and encrypts data to be sent across the network?

  • A. Network layer
  • B. Transport layer
  • C. Physical layer
  • D. Presentation layer

Answer: D

 

NEW QUESTION 38
Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?

  • A. AirSnort
  • B. BackTrack
  • C. Ettercap
  • D. Aircrack

Answer: C

Explanation:
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. It is a free open source software. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis.
Answer option C is incorrect. BackTrack is a Linux distribution distributed as a Live CD, which is used for penetration testing. It allows users to include customizable scripts, additional tools and configurable kernels in personalized distributions. It contains various tools, such as Metasploit integration, RFMON injection capable wireless drivers, kismet, autoscan-network (network discovering and managing application), nmap, ettercap, wireshark (formerly known as Ethereal).
Answer option A is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer option D is incorrect. Aircrack is the fastest WEP/WPA cracking tool used for 802.11a/b/g WEP and WPA cracking.

 

NEW QUESTION 39
Adam works as a Professional Penetration Tester. A project has been assigned to him to test the vulnerabilities of the CISCO Router of Umbrella Inc. Adam finds out that HTTP Configuration Arbitrary Administrative Access Vulnerability exists in the router. By applying different password cracking tools, Adam gains access to the router. He analyzes the router config file and notices the following lines:
logging buffered errors
logging history critical
logging trap warnings
logging 10.0.1.103
By analyzing the above lines, Adam concludes that this router is logging at log level 4 to the syslog server 10.0.1.103. He decides to change the log level from 4 to 0.
Which of the following is the most likely reason of changing the log level?

  • A. Changing the log level from 4 to 0 will result in the termination of logging. This way the modification in the router is not sent to the syslog server.
  • B. By changing the log level, Adam can easily perform a SQL injection attack.
  • C. Changing the log level from 4 to 0 will result in the logging of only emergencies. This way the modification in the router is not sent to the syslog server.
  • D. Changing the log level grants access to the router as an Administrator.

Answer: C

Explanation:
The Router Log Level directive is used by the sys log server to specify the level of severity of the log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level. Eight different levels are present in the Log Level directive, which are shown below in order of their descending significance: Number Level Description 0emergEmergencies - system is unusable 1alertAction must be taken immediately 2critCritical Conditions 3errorError conditions 4warnWarning conditions 5notice Normal but significant condition 6infoInformational 7debug Debug-level messages Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when Log Level crit is specified, then messages with log levels of alert and emerg will also be reported.

 

NEW QUESTION 40
Which of the following statements best describes the consequences of the disaster recovery plan test?

  • A. The plan should not be changed no matter what the results of the test would be.
  • B. If no deficiencies were found during the test, then the plan is probably perfect.
  • C. The results of the test should be kept secret.
  • D. If no deficiencies were found during the test, then the test was probably flawed.

Answer: D

Explanation:
The chief objective of a disaster recovery plan is to provide a planned way to make decisions if a disruptive event occurs. The reason behind the disaster recovery plan test is to find flaws in the plan. Every plan has some weak points. After the test has been conducted, all parties are informed of the results and the plan is updated to reflect the new information.

 

NEW QUESTION 41
Which of the following is a network point that acts as an entrance to another network?

  • A. Bridge
  • B. Gateway
  • C. Hub
  • D. Receiver

Answer: B

 

NEW QUESTION 42
You are a professional Computer Hacking forensic investigator. You have been called to collect evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you review to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

  • A. Program logs
  • B. Web server logs
  • C. System logs
  • D. Event logs

Answer: A,C,D

Explanation:
Explanation
Explanation:
Evidences of buffer overflow and cookie snooping attacks can be traced from system logs, event logs, and program logs, depending on the type of overflow or cookie snooping attack executed and the error recovery method used by the hacker.
Answer option B is incorrect. Web server logs are used to investigate cross-site scripting attacks.

 

NEW QUESTION 43
Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching. Which type of network-based IDS is Sam implementing?

  • A. Behavior-based IDS
  • B. Signature-based IDS
  • C. Stateful protocol analysis
  • D. Anomaly-based IDS

Answer: B

 

NEW QUESTION 44
James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails. What should James use?

  • A. James can enforce mandatory HTTPS in the email clients to encrypt emails
  • B. James can use MD5 algorithm to encrypt all the emails
  • C. James should utilize the free OTP software package.
  • D. James could use PGP as a free option for encrypting the company's emails.

Answer: D

 

NEW QUESTION 45
Which of the following is a malicious program that looks like a normal program?

  • A. Virus
  • B. Impersonation
  • C. Trojan horse
  • D. Worm

Answer: C

 

NEW QUESTION 46
Which of the following types of coaxial cable is used for cable TV and cable modems?

  • A. RG-62
  • B. RG-59
  • C. RG-8
  • D. RG-58

Answer: B

Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option A is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet LAN environment and often connects one wiring closet to another. It is also known as 10Base5 or ThickNet.
Answer option B is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio antennas.
Answer option D is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband signaling and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.

 

NEW QUESTION 47
Which of the following tools is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen?

  • A. SAINT
  • B. Adeona
  • C. Nessus
  • D. Snort

Answer: B

Explanation:
Adeona is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen. All it takes is to
install the Adeona software client on the user's laptop, pick a password, and make it run in the background. If
at one point, the user's laptop gets stolen and is connected to the Internet, the Adeona software sends the
criminal's IP address. Using the Adeona Recovery, the IP address can then be retrieved. Knowing the IP
address helps in tracking the geographical location of the stolen device.
Answer option D is incorrect. Nessus is proprietary comprehensive vulnerability scanning software. It is free of
charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on tested
systems. It is capable of checking various types of vulnerabilities, some of which are as follows: Vulnerabilities
that allow a remote cracker to control or access sensitive data on a system Misconfiguration (e.g. open mail
relay, missing patches, etc), Default passwords, a few common passwords, and blank/absent passwords on
some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack. Denials of
service against the TCP/IP stack by using mangled packets
Answer option A is incorrect. SAINT stands for System Administrator's Integrated Network Tool. It is computer
software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.
The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it
finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain
unauthorized access, create a denial-of-service, or gain sensitive information about the network.
Answer option C is incorrect. Snort is an open source network intrusion detection system. The Snort
application analyzes network traffic in realtime mode. It performs packet sniffing, packet logging, protocol
analysis, and a content search to detect a variety of potential attacks.

 

NEW QUESTION 48
Identify the password cracking attempt involving precomputed hash values stored as plaintext and used to crack the password.

  • A. Rainbow table
  • B. Dictionary
  • C. Bruteforce
  • D. Hybrid

Answer: A

 

NEW QUESTION 49
Which of the following protocols is used in wireless networks?

  • A. ALOHA
  • B. CSMA/CD
  • C. CSMA/CA
  • D. CSMA

Answer: C

 

NEW QUESTION 50
This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b,
and 802.11g standards. The main features of these tools are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
This tool is known as __________.

  • A. NetStumbler
  • B. Kismet
  • C. Absinthe
  • D. THC-Scan

Answer: A

Explanation:
NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a,
802.11b, and 802.11g standards. The main features of NetStumbler are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion
detection system.
Answer option C is incorrect. THC-Scan is a war-dialing tool.
Answer option B is incorrect. Absinthe is an automated SQL injection tool.

 

NEW QUESTION 51
Based on which of the following registry key, the Windows Event log audit configurations are recorded?

  • A. HKEY_LOCAL_MACHINE\SYSTEM\Services\EventLog\ < ErrDev >
  • B. HKEY_LOCAL_MACHINE\CurrentControlSet\Services\EventLog\< ESENT >
  • C. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ < Event Log >
  • D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EventLog\ < EntAppsvc >

Answer: C

 

NEW QUESTION 52
What is the range for private ports?

  • A. 0 through 1023
  • B. 1024 through 49151
  • C. 49152 through 65535
  • D. Above 65535

Answer: C

 

NEW QUESTION 53
Which of the following is an intrusion detection system that monitors and analyzes the internals of a computing system rather than the network packets on its external interfaces?

  • A. HIDS
  • B. IPS
  • C. DMZ
  • D. NIDS

Answer: A

Explanation:
A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than the network packets on its external interfaces. A host-based Intrusion Detection System (HIDS) monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and checks that the contents of these appear as expected.
Answer option D is incorrect. A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect incoming shell codes in the same manner that an ordinary intrusion detection system does.
Answer option A is incorrect. IPS (Intrusion Prevention Systems), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of "intrusion prevention systems" are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. An IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct CRC, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.
Answer option C is incorrect. DMZ, or demilitarized zone, is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ rather than any other part of the network.

 

NEW QUESTION 54
If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company's Linux systems, which directory should he access?

  • A. /etc/login.defs
  • B. /etc/logrotate.conf
  • C. /etc/crontab
  • D. /etc/hosts.allow

Answer: A

 

NEW QUESTION 55
Which of the following is a term to describe the use of inert gases and chemical agents to extinguish a fire?

  • A. Gaseous fire suppression
  • B. Fire sprinkler
  • C. Fire suppression system
  • D. Fire alarm system

Answer: A

 

NEW QUESTION 56
......


Breaking down Evaluation Details

The EC-Council 312-38 exam is available in the multiple-choice form, presents a total of 100 questions, with a seat time of 4 hours. This test can be taken at ECC test centers across the globe and the full list of the learning objectives it addresses includes the following:

  • Enterprise, Virtual, Cloud, and Wireless Network Protection;
  • Incident Prediction;
  • Network Defense Management;
  • Network Perimeter Protection;
  • Incident Response;
  • Incident Detection;
  • Application and Data Protection;

To help improve your performance, it is critical to understand the exam topics in detail. Thus, the content covered in the certification test that will be measured includes the following:

  • Application & Data Protection: 13%

    This module evaluates the learners’ skills in explaining & implementing Application Blacklisting & Whitelisting, application sandboxing, application patch management, and web application firewall. It also covers their understanding of data security and its importance. The interested candidates should also be able to describe the encryption of data at rest and at transit implementation.

  • Network Defense Management: 10%

    This topic measures the ability of the candidates to describe important terminologies associated with network attacks as well as the skills in explaining different samples of the network-level, host-level, and application-level attack methods. Besides that, you should also be able to explain different samples of wireless network-specific attack methods.

  • Protection of Network Perimeter: 16%

    This subject area focuses on the individuals’ skills in explaining access control terminologies, models, principles, as well as cryptographic security methods. The applicants should also develop their competence in explaining the concepts of identity & access management.

  • Endpoint Protection: 15%

    This domain requires a good understanding of security concerns and Windows operating system. It also focuses on your ability to explain different features and components of Windows security, Windows User Account, and Password Management. The test takers also need to have an understanding of the Linux operating system and security concerns. They should possess the ability to explain Linux installation, Linux patching, and Linux operating system hardening methods.

  • Incident Prediction: 10%

    The last area covers the concepts of risk management and evaluates the students’ skills in managing risk through the risk management program and managing vulnerabilities through the vulnerability management program. It also covers their understanding of the cyber threat intelligence’s role in network defense and various threat intelligence types.

  • Incident Detection: 14%

    To deal with the following objective, the examinees will need to have an understanding of the requirements and benefits of network traffic monitoring and the ability to explain the concepts of bandwidth monitoring and network performance. It also covers their skills in explaining log monitoring & analysis on Mac, Linux, Web, Routers, and Firewall.

  • Enterprise Virtual, Wireless, and Cloud Network Protection: 12%

    The next part of the test requires that you have the ability to explain network virtualization security, software-defined network security, network function virtualization, and operating system virtualization security. It also requires that you possess the skills in explaining security guidelines, best practices, and recommendations for containers, Kubernetes, and dockers, among others.

 

Achieve Success in Actual 312-38 Exam 312-38 Exam Dumps: https://freedownload.prep4sures.top/312-38-real-sheets.html

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam