Latest 312-38 Exam Dumps EC-COUNCIL Exam from Training Expert ExamsLabs
Pass EC-COUNCIL EC-Council Certified Network Defender CND PDF Dumps | Recently Updated 171 Questions
Understanding functional and technical aspects of Certified Network Defender Business Principles and Practices
The following will be discussed in ECCOUNCIL EC 312-38 dumps:
- Verify and document that design requirements are met including coverage, throughput, roaming, and connectivity with a post-implementation validation survey (CHAPTER 12)
- Protocol and spectrum analyzers
- Best practices in secure management protocols (e.g. encrypted management HTTPS, SNMPv3, SSH2, VPN and password management)
- Understand interference mitigation options including removal of interference source or change of wireless channel usage
- Identify sources of RF interference from non-802.11 wireless devices based on the investigation of airtime and frequency utilization
- Wireless Intrusion Prevention System (WIPS) and/or rogue AP detection
- Perform application testing to validate WLAN performance (CHAPTER 12)
- Identify RF disruption from 802.11 wireless devices including contention vs. interference and causes/sources of both including co-channel contention (CCC), overlapping channels, and 802.11 wireless device proximity
- Network and service availability
- Locate and identify sources of RF interference (CHAPTER 12)
Prerequisites
The potential candidates must fulfill one of two options of eligibility criteria for this certification exam. The first thing is to complete the official training course, which can be taken as instructor-led training, academic learning, or online live training. The second variant is to opt for self-study. However, those who want to consider this option must have a minimum of two years of practical work experience in the domain of Information Technology. They should also have educational background that indicates a specialization in this area. To demonstrate this, they must submit a filled eligibility application form and pay the non-refundable application fee of $100.
Before you start the registration process, you should check if you qualify as one of the target audiences for this path. The intended candidates for EC-Council 312-38 are the security operators, network administrators, security analysts, network defense technicians, network security engineers, network security administrators, as well as any professionals who work with network operations.
NEW QUESTION 82
Which of the following statements best describes the consequences of the disaster recovery plan test?
- A. If no deficiencies were found during the test, then the test was probably flawed.
- B. If no deficiencies were found during the test, then the plan is probably perfect.
- C. The results of the test should be kept secret.
- D. The plan should not be changed no matter what the results of the test would be.
Answer: A
Explanation:
The chief objective of a disaster recovery plan is to provide a planned way to make decisions if a disruptive event occurs. The reason behind the disaster recovery plan test is to find flaws in the plan. Every plan has some weak points. After the test has been conducted, all parties are informed of the results and the plan is updated to reflect the new information.
NEW QUESTION 83
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
- A. Cain
- B. Dsniff
- C. LIDS
- D. Libnids
Answer: B
Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux operating system.
NEW QUESTION 84
Which of the following layers is closest to the end user?
- A. Application layer
- B. Session layer
- C. Presentation layer
- D. Physical layer
Answer: A
Explanation:
Explanation
NEW QUESTION 85
Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?
- A. Remediation
- B. Assessment
- C. Verification
- D. Mitigation
Answer: A
NEW QUESTION 86
Which of the following OSI layers establishes, manages, and terminates the connections between the local and remote applications?
- A. Session layer
- B. Application layer
- C. Data Link layer
- D. Network layer
Answer: A
Explanation:
The session layer of the OSI/RM controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls. Answer option C is incorrect. The Application Layer of TCP/IP model refers to the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application layer protocols are then encapsulated into one or more transport layer protocols, which in turn use lower layer protocols to affect actual data transfer. Answer option A is incorrect. The Data Link Layer is Layer 2 of the seven-layer OSI model of computer networking. It corresponds to or is part of the link layer of the TCP/IP reference model. The Data Link Layer is the protocol layer which transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment. The Data Link Layer provides the functional and procedural means to transfer data between network entities and might provide the means to detect and possibly correct errors that may occur in the Physical Layer. Examples of data link protocols are Ethernet for local area networks (multi-node), the Point-to-Point Protocol (PPP), HDLC, and ADCCP for point-to-point (dual-node) connections. Answer option B is incorrect. The network layer controls the operation of subnet, deciding which physical path the data should take, based on network conditions, priority of service, and other factors. Routers work on the Network layer of the OSI stack.
NEW QUESTION 87
Which of the following IEEE standards is an example of a DQDB access method?
- A. 802.6
- B. 802.3
- C. 802.4
- D. 802.5
Answer: A
NEW QUESTION 88
Which of the following policies is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly?
- A. Remote access policy
- B. Information protection policy
- C. Group policy
- D. Password policy
Answer: D
Explanation:
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. Password policies are account policies that are related to the users' accounts. Such policies are password-related settings that provide different constraints for the password's usage. Password policies can be configured to enforce users to provide passwords only in a specific way when they try to log on to their computers. These policies increase the effectiveness of the user's computers. Answer option C is incorrect. A group policy specifies how programs, network resources, and the operating system work for users and computers in an organization. Answer option A is incorrect. An information protection policy ensures that information is appropriately protected from modification or disclosure. Answer option B is incorrect. Remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.
NEW QUESTION 89
Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works.
The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred's supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred's boss wants a solution that will be placed on all computers throughout the company and monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. What type of solution does Fred's boss want to implement?
- A. Fred's boss wants to implement a HIDS solution.
- B. Fred's boss wants a NIDS implementation.
- C. Fred's boss wants to implement a HIPS solution.
- D. Fred's boss wants Fred to monitor a NIPS system.
Answer: A
NEW QUESTION 90
Which of the following OSI layers defines the electrical and physical specifications for devices?
- A. Physical layer
- B. Data link layer
- C. Presentation layer
- D. Transport layer
Answer: A
NEW QUESTION 91
CORRECT TEXT
Fill in the blank with the appropriate term. The ______________layer establishes, manages, and terminates the connections between the local and remote application.
Answer:
Explanation:
session
Explanation:
The session layer of the OSI/RM controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session check pointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls.
NEW QUESTION 92
Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other. How will they ensure the authenticity of their emails?
- A. Dan will use his public key to encrypt his mails while Alex will use Dan's digital signature to verify the authenticity of the mails.
- B. Dan will use his digital signature to sign his mails while Alex will use his private key to verify the authenticity of the mails.
- C. Dan will use his private key to encrypt his mails while Alex will use his digital signature to verify the authenticity of the mails.
- D. Dan will use his digital signature to sign his mails while Alex will use Dan's public key to verify the authencity of the mails.
Answer: D
NEW QUESTION 93
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?
- A. Bonk attack
- B. DDoS attack
- C. Buffer-overflow attack
- D. Smurf attack
Answer: B
Explanation:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack.
Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests.
Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:
stack-based buffer overflow attack:
Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow.
heap-based buffer overflow attack:
Heap-based overflow attack floods the memory space reserved for the programs.
Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-of-service (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.
NEW QUESTION 94
Which of the following steps are required in an idle scan of a closed port?
Each correct answer represents a part of the solution. Choose all that apply.
- A. In response to the SYN, the target sends a RST.
- B. The zombie's IP ID increases by only 1.
- C. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
- D. The attacker sends a SYN/ACK to the zombie.
- E. The zombie's IP ID increases by 2.
Answer: A,B,C,D
Explanation:
Following are the steps required in an idle scan of a closed port:
1.Probe the zombie's IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware of the SYN/ ACK, sends back a RST, thus disclosing its IP ID.
2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
3.Probe the zombie's IP ID again: The zombie's IP ID has increased by only 1 since step 1. So the port is closed.
NEW QUESTION 95
Which of the following UTP cables uses four pairs of twisted cable and provides transmission speeds of up to
16 Mbps?
- A. Category 5e
- B. Category 6
- C. Category 3
- D. Category 5
Answer: C
Explanation:
Category 3 type of UTP cable uses four pairs of twisted cable and provides transmission speeds of up to 16
Mbps. They are commonly used in Ethernet networks that operate at the speed of 10 Mbps. A higher speed is
also possible by these cables implementing the Fast Ethernet (100Base-T4) specifications. This cable is used
mainly for telephone systems.
Answer option C is incorrect. This category of UTP cable is the most commonly used cable in present day
networks. It consists of four twisted pairs and is used in those Ethernet networks that run at the speed of 100
Mbps. Category 5 cable can also provide a higher speed of up to 1000 Mbps.
Answer option A is incorrect. It is also known as Category 5 Enhanced cable. Its specification is the same as
category 5, but it has some enhanced features and is used in Ethernets that run at the speed of 1000 Mbps.
Answer option D is incorrect. This category of UTP cable is designed to support high-speed networks that run
at the speed of 1000 Mbps. It consists of four pairs of wire and uses all of them for data transmission. Category
6 provides more than twice the speed of Category 5e, but is also more expensive.
NEW QUESTION 96
Justine has been tasked by her supervisor to ensure that the company's physical security is on the same level as their logical security measures. She installs video cameras at all entrances and exits and installs badge access points for all doors. The last item she wants to install is a method to prevent unauthorized people piggybacking employees. What should she install to prevent piggybacking?
- A. Justine needs to install a biometrics station at each entrance
- B. Justine will need to install a revolving security door
- C. She should install a mantrap
- D. She should install a Thompson Trapdoor.
Answer: C
NEW QUESTION 97
Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer and logs activities of the network that is matched with the predefined signatures?
- A. KisMAC
- B. Snort
- C. Kismet
- D. Dsniff
Answer: B
Explanation:
Snort is an open source network intrusion prevention and detection system that operates as a network sniffer.
It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The three main modes in which Snort can be configured are as follows:
Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.
Packet logger mode: It logs the packets to the disk.
Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set.
Answer option A is incorrect. Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf.
Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
Answer option D is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff
802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks:
To identify networks by passively collecting packets
To detect standard named networks
To detect masked networks
To collect the presence of non-beaconing networks via data traffic
Answer option B is incorrect. KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared towards the network security professionals, and is not as novice-friendly as the similar applications. KisMAC will scan for networks passively on supported cards, including Apple's AirPort, AirPort Extreme, and many third-party cards. It will scan for networks actively on any card supported by Mac OS X itself.
Cracking of WEP and WPA keys, both by brute force, and exploiting flaws, such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and when packet reinsertion can be done with a supported card. The GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs, such as Wireshark.
NEW QUESTION 98
Which of the following types of coaxial cable is used for cable TV and cable modems?
- A. RG-62
- B. RG-8
- C. RG-58
- D. RG-59
Answer: D
Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option D is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet LAN
environment and often connects one wiring closet to another. It is also known as 10Base5 or ThickNet.
Answer option A is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio antennas.
Answer option C is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband signaling
and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.
NEW QUESTION 99
Which of the following is a free security-auditing tool for Linux?
- A. SATAN
- B. Nessus
- C. HPing
- D. SAINT
Answer: B
NEW QUESTION 100
Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?
- A. OSPF
- B. ICMP
- C. IGMP
- D. EGP
Answer: D
Explanation:
EGP stands for Exterior Gateway Protocol. It is used for exchanging routing information between two gateways in a network of autonomous systems. This protocol depends upon periodic polling with proper acknowledgements to confirm that network connections are up and running, and to request for routing updates.
Each router requests its neighbor at an interval of 120 to 480 seconds, for sending the routing table updates.
The neighbor host then responds by sending its routing table. EGP-2 is the latest version of EGP.
Answer option B is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another.
It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet.
Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks.
Answer option D is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols.
A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network.
NEW QUESTION 101
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?
- A. Snort is the best tool for their situation
- B. They need to use Nessus
- C. They can implement Wireshark
- D. They could use Tripwire
Answer: D
NEW QUESTION 102
Which of the following security models enable strict identity verification for every user or device attempting to access the network resources?
1. Zero-trust network model
2. Castle-and-Moat model
- A. 2 only
- B. 1 only
- C. None
- D. Both 1 and 2
Answer: B
NEW QUESTION 103
......
Understanding functional and technical aspects of Certified Network Defender Business Principles and Practices
The following will be discussed in ECCOUNCIL EC 312-38 dumps:
- Determine baseline traffic signatures for normal and suspicious network traffic
- Discuss log monitoring and analysis on Firewall
- Discuss Doâs and Donât in first response
- Evaluate CSP for Security before Consuming Cloud Service
- Discuss log monitoring and analysis on Web Servers
- Discuss security in Amazon Cloud (AWS)
- Learn to leverage/consume threat intelligence for proactive defense
- Understand the Insights of Cloud Security
- Understand wireless network fundamentals
- Understand wireless network encryption mechanisms
- Introduction to Business Continuity (BC) and Disaster Recovery (DR)
- Learn vulnerability assessment and scanning
- Learn to manage vulnerabilities through vulnerability management program
- Learn different Risk Management Frameworks (RMF)
- Understand logging concepts
- Discuss BC/DR Activities
- Discuss Security in Google Cloud Platform (GCP)
- Learn to conduct attack simulation
- Learn to identify Indicators of Exposures (IoE)
- Understand the need and advantages of network traffic monitoring
- Discuss log monitoring and analysis on Mac
- Describe incident handling and response process
- Discuss log monitoring and analysis on Linux
- Setting up the environment for network monitoring
- Discuss log monitoring and analysis on Windows systems
- Understand the Indicators of Threat Intelligence: Indicators of Compromise (IoCs) and Indicators of Attack (IoA)
- Understand the role of cyber threat intelligence in network defense
- Understand the attack surface analysis
- Understand the layers of Threat Intelligence
- Understand Cloud Computing Fundamentals
- Perform network monitoring and analysis for suspicious traffic using Wireshark
- Discuss various BC/DR Standards
- Understand different types of threat Intelligence
- Discuss and implement wireless network security measures
- Describe forensics investigation process
- Discuss general security best practices and tools for cloud security
- Understand risk management concepts
- Learn to manage risk though risk management program
- Discuss centralized log monitoring and analysis
- Explain Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
- Understand incident response concept
- Understand the role of first responder in incident response
- Discuss security in Microsoft Azure Cloud
- Understand and visualize your attack surface
- Understand wireless network authentication methods
- Learn to reduce the attack surface
- Discuss network performance and bandwidth monitoring concepts
- Discuss log monitoring and analysis on Routers
Updated Test Engine to Practice 312-38 Dumps & Practice Exam: https://www.examslabs.com/EC-COUNCIL/CertifiedEthicalHacker/best-312-38-exam-dumps.html
Dumps Collection 312-38 Test Engine Dumps Training With 171 Questions: https://drive.google.com/open?id=1mMU9Eu6u_kXfC9Fa6lDVBAfGSYGyN_bk