• Home
  • Articles
  • [Mar 07, 2024] 312-38 Free Exam Questions with Quality Guaranteed [Q44-Q59]

[Mar 07, 2024] 312-38 Free Exam Questions with Quality Guaranteed [Q44-Q59]

Share

[Mar 07, 2024] 312-38 Free Exam Questions with Quality Guaranteed

 312-38 Free Exam Files Downloaded Instantly


EC-Council Certified Network Defender (CND) is a professional certification program designed for network administrators and security professionals. EC-Council Certified Network Defender CND certification focuses on the skills and knowledge needed to protect, detect, and respond to network attacks. The EC-Council CND program covers the essential skills and knowledge required to defend against network-based attacks, including intrusion detection, packet analysis, and incident response.


The EC-Council Certified Network Defender (CND) certification exam is a valuable credential for IT professionals looking to advance their careers in cybersecurity. EC-Council Certified Network Defender CND certification demonstrates the candidate's expertise in network security and defense, which is highly valued by employers. EC-Council Certified Network Defender CND certification also provides the candidate with access to a global network of cybersecurity professionals, which can be useful for networking and career advancement.

 

NEW QUESTION # 44
Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?

  • A. Incremental backup
  • B. Normal Backup
  • C. Differential Backup
  • D. Full backup

Answer: A


NEW QUESTION # 45
Which of the following steps are required in an idle scan of a closed port?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
  • B. The zombie's IP ID increases by 2.
  • C. The zombie's IP ID increases by only 1.
  • D. The attacker sends a SYN/ACK to the zombie.
  • E. In response to the SYN, the target sends a RST.

Answer: A,C,D,E

Explanation:
Following are the steps required in an idle scan of a closed port:
1.Probe the zombie's IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware of the SYN/
ACK, sends back a RST, thus disclosing its IP ID.

2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The zombie ignores
the unsolicited RST, and the IP ID remains unchanged.

3.Probe the zombie's IP ID again: The zombie's IP ID has increased by only 1 since step 1. So the port is
closed.


NEW QUESTION # 46
DRAG DROP
Drag and drop the Response management plans to match up with their respective purposes.
Select and Place:

Answer:

Explanation:


NEW QUESTION # 47
FILL BLANK
Fill in the blank with the appropriate term.
The______________ model is a description framework for computer network protocols and is sometimes
called the Internet Model or the DoD Model.

Answer:

Explanation:
TCP/IP
Explanation:
The TCP/IP model is a description framework for computer network protocols. It describes a set of general
design guidelines and implementations of specific networking protocols to enable computers to communicate
over a network. TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed,
transmitted, routed and received at the destination. Protocols exist for a variety of different types of
communication services between computers. The TCP/IP Model is sometimes called the Internet Model or the
DoD Model.
The TCP/IP model has four unique layers as shown in the image. This layer architecture is often compared
with the seven-layer OSI Reference Model. The TCP/IP model and related protocols are maintained by the
Internet Engineering Task Force (IETF).


NEW QUESTION # 48
Which of the following is a software tool used in passive attacks for capturing network traffic?

  • A. Sniffer
  • B. Intrusion prevention system
  • C. Intrusion detection system
  • D. Warchalking

Answer: A

Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the
LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the
network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host.
This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal,
Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to
users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.
Answer option A is incorrect. An intrusion prevention system (IPS) is a network security device that monitors
network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or
prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all
other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that
monitors network and/or system activities for malicious activities or policy violations and produces reports to a
Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to
stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on
identifying possible incidents, logging information about them, attempting to stop them, and reporting them to
security administrators.
Answer option C is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.


NEW QUESTION # 49
Larry is responsible for the company's network consisting of 300 workstations and 25 servers.
After using a hosted email service for a year, the company wants to control the email internally.
Larry likes this idea because it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server outside of the company's internal firewall.
There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls. What logical area is Larry putting the new email server into?

  • A. He will put the email server in an IPsec zone.
  • B. Larry is going to put the email server in a hot-server zone.
  • C. He is going to place the server in a Demilitarized Zone (DMZ)
  • D. For security reasons, Larry is going to place the email server in the company's Logical Buffer Zone (LBZ).

Answer: C


NEW QUESTION # 50
Which type of wireless network threats an attacker stakes out the area from a nearby location with a high gain amplifier drowning out the legitimate access point?

  • A. Rogue access point attack
  • B. Jamming signal attack
  • C. Unauthorized association
  • D. Ad Hoc Connection attack

Answer: B


NEW QUESTION # 51
Which of the following header fields in TCP/IP protocols involves Ping of Death attack?

  • A. TCP header field
  • B. SMTP header field
  • C. UDP header field
  • D. IP header field

Answer: A


NEW QUESTION # 52
Which of the following types of coaxial cable is used for cable TV and cable modems?

  • A. RG-62
  • B. RG-8
  • C. RG-58
  • D. RG-59

Answer: D

Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option A is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet
LAN environment and often connects one wiring closet to another. It is also known as 10Base5 or
ThickNet.
Answer option B is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio
antennas.
Answer option D is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband
signaling and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.


NEW QUESTION # 53
Which of the following is a protocol that describes an approach to providing "streamlined" support of OSI application services on top of TCP/IP-based networks for some constrained environments?

  • A. Dynamic Host Configuration Protocol
  • B. Internet Relay Chat Protocol
  • C. Network News Transfer Protocol
  • D. Lightweight Presentation Protocol

Answer: D

Explanation:
Lightweight Presentation Protocol (LPP) is a protocol that describes an approach to providing "streamlined" support of OSI application services on top of TCP/IP-based networks for some constrained environments. This protocol was initially derived from a requirement to run the ISO Common Management Information Protocol (CMIP) in TCP/IP-based networks. This protocol is designed for a particular class of OSI applications, namely those entities whose application context includes only an Association Control Service Element (ACSE) and a Remote Operations Service Element (ROSE). Answer option D is incorrect. The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Answer option A is incorrect. Answer option C is incorrect. Internet Relay Chat (IRC) is a chat service, which is a client-server protocol that supports real-time text chat between two or more users over a TCPIP network.


NEW QUESTION # 54
Which of the following tools is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen?

  • A. Adeona
  • B. Nessus
  • C. Snort
  • D. SAINT

Answer: A


NEW QUESTION # 55
Which of the following attacks combines dictionary and brute force attacks?

  • A. Phishing attack
  • B. Replay attack
  • C. Hybrid attack
  • D. Man-in-the-middle attack

Answer: C


NEW QUESTION # 56
FILL BLANK
Fill in the blank with the appropriate term. A _______________device is used for uniquely recognizing humans
based upon one or more intrinsic physical or behavioral traits.

Answer:

Explanation:
biometric
Explanation:
A biometric device is used for uniquely recognizing humans based upon one or more intrinsic, physical, or
behavioral traits.
Biometrics is used as a form of identity access management and access control. It is also used to identify
individuals in groups that are under surveillance. Biometric characteristics can be divided into two main
classes:
1. Physiological: These devices are related to the shape of the body. These are not limited to the fingerprint,
face recognition, DNA, hand and palm geometry, and iris recognition, which has largely replaced the retina and
odor/scent.
2. Behavioral: These are related to the behavior of a person. They are not limited to the typing rhythm, gait, and
voice.


NEW QUESTION # 57
Which of the following is an example of MAC model?

  • A. Clark-Beason integrity model
  • B. Access control matrix model
  • C. Bell-LaPadula model
  • D. Chinese Waterfall model

Answer: D


NEW QUESTION # 58
Which of the following is also known as stateful firewall?

  • A. PIX firewall
  • B. DMZ
  • C. Dynamic packet-filtering firewall
  • D. Stateless firewall

Answer: C


NEW QUESTION # 59
......

Q&As with Explanations Verified & Correct Answers: https://www.practicevce.com/EC-COUNCIL/312-38-practice-exam-dumps.html

Practice Exams and Training Solutions for Certifications: https://drive.google.com/open?id=1CFTRZCYKojSJlHsO8F0jxxEE0vjgUnvf

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam