[Feb 28, 2023] New EC-COUNCIL 312-38 Dumps with Test Engine and PDF (New Questions) [Q84-Q109]

[Feb 28, 2023] New EC-COUNCIL 312-38  Dumps with Test Engine and PDF (New Questions)

Pass Your 312-38 Exam Easily - Real 312-38 Practice Dump Updated

Recommended Training

So, let’s focus on the recommended online course for the CND 312-38 validation:

• Certified Network Defender (CND)

  The EC-Council offers one course with a corresponding name to help candidates study for the official 312-38 exam. This is the Certified Network Defender or CND training, which is an intensive, hands-on program that focuses on network security and other similar concepts. As a labor-intensive training that aligns with the latest skills, this class has been reorganized to reflect the current job roles and responsibilities of network administrators. It is intended to prepare candidates for advanced roles in this field by confirming their expertise in risk mitigation. With almost half of the course built around hands-on lab lessons, this program will be a vital tool to help you understand the learning objectives including endpoint protection, application & data protection, network perimeter protection, network defense management, and threat prediction among other skills. It’s worth mentioning that this training also includes three demo videos to help candidates gain a good grasp of the test details. These sections include the CND with Eric Reed, CND Meet Your Instructor, and iLabs Demo. Get the complete package today for $1,899 and validate your skills in the best way, and if you are still wondering what the full package contains, find the whole list below:

  • Official e-courseware (12-month access);
  • Instructor-led training modules (12-month access);
  • iLabs (6-month access);
  • Certificate of completion;
  • Exam voucher.

 

NEW QUESTION 84
Fill in the blank with the appropriate term. ______________ encryption is a type of encryption that uses two keys, i.e., a public key and a private key pair for data encryption. It is also known as public key encryption.

Answer:

Explanation:
Asymmetric

 

NEW QUESTION 85
Which of the following is a standard-based protocol that provides the highest level of VPN security?

• A. PPP
• B. IP
• C. L2TP
• D. IPSec

Answer: D

Explanation:
Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security.
IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password. IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP).
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide.
Answer option C is incorrect. Point-to-Point Protocol (PPP) is a remote access protocol commonly used to connect to the Internet. It supports compression and encryption and can be used to connect to a variety of networks. It can connect to a network running on the IPX, TCP/IP, or NetBEUI protocol. It supports multi- protocol and dynamic IP assignments. It is the default protocol for the Microsoft Dial-Up adapter.
Answer option A is incorrect. Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer of Point-to-Point Protocol (PPP) traffic between different networks. L2TP combines with IPSec to provide tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol packets across IP networks.

 

NEW QUESTION 86
Which of the following procedures is intended to provide security personnel to identify, mitigate, and recover from malware events, such as unauthorized access to systems or data, denial-of-service or unauthorized changes to the system hardware, software, or information?

• A. Cyber Incident Response Plan
• B. Crisis communications guidelines
• C. None
• D. disaster survival plan
• E. A resident of the emergency plan

Answer: A

 

NEW QUESTION 87
To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?

• A. Prudent policy
• B. Promiscuous policy
• C. Paranoid policy
• D. Permissive policy

Answer: A

 

NEW QUESTION 88
Drag and drop the terms to match with their descriptions.

Answer:

Explanation:

 

NEW QUESTION 89
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts.
Which of the following attacks is being used by Eve?

• A. Fire walking
• B. Session fixation
• C. Cross site scripting
• D. Replay

Answer: D

Explanation:
Eve is using Replay attack. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to the system. In this type of attack, the attacker does not know the actual password, but can simply replay the captured packet. Session tokens can be used to avoid replay attacks. Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different from Bob's computation.
Answer option C is incorrect. In the cross site scripting attack, an attacker tricks the user's computer into running code, which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Answer option B is incorrect. Firewalking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.
Answer option D is incorrect. In session fixation, an attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.

 

NEW QUESTION 90
Which protocol could choose the network administrator for the wireless network design, if he need to satisfied the minimum requirement of 2.4 GHz, 22 MHz of bandwidth, 2 Mbits/s stream for data rate and use DSSS for modulation.

• A. 802.11a
• B. 802.11n
• C. 802.11g
• D. 802.11b

Answer: D

 

NEW QUESTION 91
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

• A. Contingency plan
• B. Business continuity plan
• C. Continuity of Operations Plan
• D. Disaster recovery plan

Answer: A

Explanation:
A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen.
Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and
"triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption.
Answer option D is incorrect. It includes the plans and procedures documented that ensure the continuity of critical operations during any period where normal operations are impossible.
Answer option B is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity.
Answer option C is incorrect. Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. The BCP lifecycle is as follows:

 

NEW QUESTION 92
CORRECT TEXT
Fill in the blank with the appropriate term. A______________________ network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used for preventing the collision of data between two computers that want to send messages at the same time.

Answer:

Explanation:
Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second. Working: Empty information frames are constantly circulated on the ring. When a computer has a message to send, it adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is then observed by each successive workstation. If the workstation sees that it is the destination for the message, it copies the message from the frame and modifies the token back to 0.When the frame gets back to the originator, it sees that the token has been modified to 0 and that the message has been copied and received. It removes the message from the particular frame.The frame continues to circulate as an empty frame, ready to be taken by a workstation when it has a message to send.

 

NEW QUESTION 93
Which of the following is the full form of SAINT?

• A. Security Admin Integrated Network Tool
• B. System Administrators Integrated Network Tool
• C. System Automated Integrated Network Tool
• D. System Admin Integrated Network Tool

Answer: B

 

NEW QUESTION 94
Fill in the blank with the appropriate term. A _______________device is used for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.

Answer:

Explanation:
biometric

 

NEW QUESTION 95
Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and
capturing username and password?

• A. BackTrack
• B. Aircrack
• C. AirSnort
• D. Ettercap

Answer: D

Explanation:
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing. It is capable
of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping
against a number of common protocols. It is a free open source software. Ettercap supports active and passive
dissection of many protocols (including ciphered ones) and provides many features for network and host
analysis.
Answer option C is incorrect. BackTrack is a Linux distribution distributed as a Live CD, which is used for
penetration testing. It allows users to include customizable scripts, additional tools and configurable kernels in
personalized distributions. It contains various tools, such as Metasploit integration, RFMON injection capable
wireless drivers, kismet, autoscan-network (network discovering and managing application), nmap, ettercap,
wireshark (formerly known as Ethereal).
Answer option A is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption
keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures
approximately 5 to 10 million packets to decrypt the WEP keys. Answer option D is incorrect. Aircrack is the
fastest WEP/WPA cracking tool used for 802.11a/b/g WEP and WPA cracking.

 

NEW QUESTION 96
CORRECT TEXT
Fill in the blank with the appropriate term. ________________ is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

Answer:

Explanation:
Disaster recovery
Explanation:
Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

 

NEW QUESTION 97
Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?

• A. Network-based ID system
• B. Behavior-based ID system
• C. Signature-Based ID system
• D. Host-based ID system

Answer: D

 

NEW QUESTION 98
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

• A. Disaster Recovery Plan
• B. Continuity of Operations Plan
• C. Business Continuity Plan
• D. Contingency Plan

Answer: C

Explanation:
BCP is a strategy to minimize the consequence of the instability and to allow for the continuation of business processes. The goal of BCP is to minimize the effects of a disruptive event on a company, and is formed to avoid interruptions to normal business activity. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. Answer option C is incorrect. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option A is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.

 

NEW QUESTION 99
In which of the following transmission modes is communication bi-directional?

• A. Full-duplex mode
• B. Root mode
• C. Simplex mode
• D. Half-duplex mode

Answer: A

 

NEW QUESTION 100
Which of the following tools is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen?

• A. SAINT
• B. Adeona
• C. Snort
• D. Nessus

Answer: B

Explanation:
Adeona is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen. All it takes is to install the Adeona software client on the user's laptop, pick a password, and make it run in the background. If at one point, the user's laptop gets stolen and is connected to the Internet, the Adeona software sends the criminal's IP address. Using the Adeona Recovery, the IP address can then be retrieved. Knowing the IP address helps in tracking the geographical location of the stolen device. Answer option D is incorrect. Nessus is proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on tested systems. It is capable of checking various types of vulnerabilities, some of which are as follows:Vulnerabilities that allow a remote cracker to control or access sensitive data on a system Misconfiguration (e.g. open mail relay, missing patches, etc)Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.Denials of service against the TCP/IP stack by using mangled packets Answer option A is incorrect. SAINT stands for System Administrator's Integrated Network Tool. It is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities. The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-ofservice, or gain sensitive information about the network. Answer option C is incorrect. Snort is an open source network intrusion detection system. The Snort application analyzes network traffic in realtime mode. It performs packet sniffing, packet logging, protocol analysis, and a content search to detect a variety of potential attacks.

 

NEW QUESTION 101
Damian is the chief security officer of Enigma Electronics. To block intruders and prevent any environmental accidents, he needs to set a two-factor authenticated keypad lock at the entrance, rig a fire suppression system, and link any video cameras at various corridors to view the feeds in the surveillance room. What layer of network defense-in-depth strategy is he trying to follow?

• A. Physical
• B. Perimeter
• C. Policies and procedures
• D. Host

Answer: A

 

NEW QUESTION 102
Which of the following TCP commands is used to allocate a receiving buffer associated with the specified connection?

• A. Close
• B. Send
• C. Receive
• D. Abort

Answer: C

Explanation:
The Receive command is used to allocate a receiving buffer associated with the specified connection. An error is returned if no OPEN precedes this command or the calling process is not
authorized to use this connection.
Answer option A is incorrect. The Send command causes the data contained in the indicated user
buffer to be sent to the indicated connection.
Answer option C is incorrect. The Abort command causes all pending SENDs and RECEIVES to
be aborted.
Answer option B is incorrect. The Close command causes the connection specified to be closed.

 

NEW QUESTION 103
Which of the following policies is used to add additional information about the overall security posture and serves to protect employees and organizations from inefficiency or ambiguity?

• A. User policy
• B. IT policy
• C. Issue-Specific Security Policy
• D. Group policy

Answer: C

 

NEW QUESTION 104
This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
This tool is known as __________.

• A. NetStumbler
• B. THC-Scan
• C. Absinthe
• D. Kismet

Answer: A

Explanation:
NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the
IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer,
and intrusion detection system.
Answer option C is incorrect. THC-Scan is a war-dialing tool.
Answer option B is incorrect. Absinthe is an automated SQL injection tool.

 

NEW QUESTION 105
The security network team is trying to implement a firewall capable of operating only in the session layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate or not. Using this type of firewall, they could be able to intercept the communication, making the external network see that the firewall is the source, and facing the user, who responds from the outside is the firewall itself. They are just limiting a requirements previous listed, because they already have a packet filtering firewall and they must add a cheap solution that meets the objective. What kind of firewall would you recommend?

• A. Circuit Level Gateway
• B. Application Proxies
• C. Packet Filtering with NAT
• D. Application Level Gateways

Answer: A

 

NEW QUESTION 106
Which of the following OSI layers defines the electrical and physical specifications for devices?

• A. Presentation layer
• B. Physical layer
• C. Transport layer
• D. Data link layer

Answer: B

 

NEW QUESTION 107
FILL BLANK
Fill in the blank with the appropriate term.
______________ is a prime example of a high-interaction honeypot.

Answer:

Explanation:
Honeynet
Explanation:
Honeynet is a prime example of a high-interaction honeypot. Two or more honeypots on a network form a
honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one
honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of larger network
intrusion-detection systems. A honeyfarm is a centralized collection of honeypots and analysis tools.

 

NEW QUESTION 108
Which of the following protocols sends a jam signal when a collision is detected?

• A. CSMA/CD
• B. CSMA/CA
• C. CSMA
• D. ALOHA

Answer: A

 

NEW QUESTION 109
......

ExamDumpsVCE just published the EC-COUNCIL 312-38 exam dumps!: https://lead2pass.examdumpsvce.com/312-38-valid-exam-dumps.html