
Certified Ethical Hacker 312-38 Dumps | Updated Jan 13, 2022 - Fast2test
Master 2022 Latest The Questions Certified Ethical Hacker and Pass 312-38 Real Exam!
Understanding functional and technical aspects of Certified Network Defender Business Principles and Practices
The following will be discussed in ECCOUNCIL EC 312-38 dumps:
- Discuss centralized log monitoring and analysis
- Discuss BC/DR Activities
- Understand Cloud Computing Fundamentals
- Understand the need and advantages of network traffic monitoring
- Discuss security in Microsoft Azure Cloud
- Discuss log monitoring and analysis on Firewall
- Perform network monitoring and analysis for suspicious traffic using Wireshark
- Discuss log monitoring and analysis on Windows systems
- Describe forensics investigation process
- Understand the attack surface analysis
- Describe incident handling and response process
- Understand wireless network encryption mechanisms
- Understand the role of first responder in incident response
- Understand and visualize your attack surface
- Understand risk management concepts
- Understand wireless network fundamentals
- Discuss log monitoring and analysis on Mac
- Learn to reduce the attack surface
- Discuss log monitoring and analysis on Linux
- Learn vulnerability assessment and scanning
- Introduction to Business Continuity (BC) and Disaster Recovery (DR)
- Discuss Security in Google Cloud Platform (GCP)
- Discuss log monitoring and analysis on Web Servers
- Discuss and implement wireless network security measures
- Learn to manage risk though risk management program
- Understand the role of cyber threat intelligence in network defense
- Discuss Doâs and Donât in first response
- Understand incident response concept
- Determine baseline traffic signatures for normal and suspicious network traffic
- Discuss general security best practices and tools for cloud security
- Setting up the environment for network monitoring
- Discuss log monitoring and analysis on Routers
- Discuss security in Amazon Cloud (AWS)
- Learn to leverage/consume threat intelligence for proactive defense
- Understand different types of threat Intelligence
- Learn to manage vulnerabilities through vulnerability management program
- Discuss network performance and bandwidth monitoring concepts
- Explain Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
- Learn to identify Indicators of Exposures (IoE)
- Understand logging concepts
- Understand the Insights of Cloud Security
- Learn to conduct attack simulation
- Understand the Indicators of Threat Intelligence: Indicators of Compromise (IoCs) and Indicators of Attack (IoA)
- Understand wireless network authentication methods
- Evaluate CSP for Security before Consuming Cloud Service
- Learn different Risk Management Frameworks (RMF)
- Discuss various BC/DR Standards
- Understand the layers of Threat Intelligence
NEW QUESTION 33
Which of the following types of coaxial cable is used for cable TV and cable modems?
- A. RG-62
- B. RG-8
- C. RG-58
- D. RG-59
Answer: D
Explanation:
Explanation
Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option A is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet LAN
environment and often connects one wiring closet to another. It is also known as 10Base5 or ThickNet.
Answer option B is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio antennas.
Answer option D is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband signaling
and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.
NEW QUESTION 34
Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile?
Each correct answer represents a complete solution. Choose all that apply.
- A. Business Continuity Planning
- B. Cost-benefit analysis
- C. Benefit-Cost Analysis
- D. Disaster recovery
Answer: B,C
Explanation:
Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile. It is a term that refers both to:
helping to appraise, or assess, the case for a project, program, or policy proposal; an approach to making economic decisions of any kind. Under both definitions, the process involves, whether explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. The formal process is often referred to as either CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).
Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.
Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.
NEW QUESTION 35
Which of the following is an open source implementation of the syslog protocol for Unix?
- A. Unix-syslog
- B. syslog-ng
- C. syslog Unix
- D. syslog-os
Answer: B
NEW QUESTION 36
James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails. What should James use?
- A. James can enforce mandatory HTTPS in the email clients to encrypt emails
- B. James should utilize the free OTP software package.
- C. James could use PGP as a free option for encrypting the company's emails.
- D. James can use MD5 algorithm to encrypt all the emails
Answer: C
NEW QUESTION 37
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts.
Which of the following attacks is being used by Eve?
- A. Fire walking
- B. Session fixation
- C. Replay
- D. Cross site scripting
Answer: C
Explanation:
Eve is using Replay attack. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to the system. In this type of attack, the attacker does not know the actual password, but can simply replay the captured packet. Session tokens can be used to avoid replay attacks. Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different from Bob's computation.
Answer option C is incorrect. In the cross site scripting attack, an attacker tricks the user's computer into running code, which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Answer option B is incorrect. Firewalking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.
Answer option D is incorrect. In session fixation, an attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
NEW QUESTION 38
This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b,
and 802.11g standards. The main features of these tools are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
This tool is known as __________.
- A. THC-Scan
- B. Absinthe
- C. NetStumbler
- D. Kismet
Answer: C
Explanation:
NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a,
802.11b, and 802.11g standards. The main features of NetStumbler are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion
detection system.
Answer option C is incorrect. THC-Scan is a war-dialing tool.
Answer option B is incorrect. Absinthe is an automated SQL injection tool.
NEW QUESTION 39
This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
This tool is known as __________.
- A. THC-Scan
- B. Absinthe
- C. NetStumbler
- D. Kismet
Answer: C
Explanation:
NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the
IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer,
and intrusion detection system.
Answer option C is incorrect. THC-Scan is a war-dialing tool.
Answer option B is incorrect. Absinthe is an automated SQL injection tool.
NEW QUESTION 40
A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other function (s) of the device? (Choose all that apply.)
- A. Assigns user addresses
- B. Enables input/output (I/O) operations
- C. Provides access memory, achieving high efficiency
- D. Manages security keys
Answer: A,D
NEW QUESTION 41
Which of the following are the various methods that a device can use for logging information on a Cisco router? Each correct answer represents a complete solution. Choose all that apply.
- A. Buffered logging
- B. Terminal logging
- C. Console logging
- D. NTP logging
- E. SNMP logging
- F. Syslog logging
Answer: A,B,C,E,F
Explanation:
There are different methods that a device can use for logging information on a Cisco router:
Terminal logging: In this method, log messages are sent to the VTY session.
Console logging: In this method, log messages are sent directly to the console port.
Buffered logging: In this method, log messages are kept in the RAM on the router. As the buffer
fills, the older messages are overwritten by the newer messages.
Syslog logging: In this method, log messages are sent to an external syslog server where they are
stored and sorted.
SNMP logging: In this method, log messages are sent to an SNMP server in the network.
Answer option C is incorrect. This is an invalid option.
NEW QUESTION 42
Which of the following protocols is a method of implementing virtual private networks?
- A. OSPF
- B. IRDP
- C. DHCP
- D. PPTP
Answer: D
NEW QUESTION 43
Which of the following can be performed with software or hardware devices in order to record everything a
person types using his or her keyboard?
- A. IRC bot
- B. Keystroke logging
- C. Warchalking
- D. War dialing
Answer: B
Explanation:
Keystroke logging is a method of logging and recording user keystrokes. It can be performed with software or
hardware devices. Keystroke logging devices can record everything a person types using his or her keyboard,
such as to measure employee's productivity on certain clerical tasks. These types of devices can also be used
to get usernames, passwords, etc.
Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of
telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems,
and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers
(hackers that specialize in computer security) for password guessing.
Answer option A is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.
Answer option D is incorrect. An Internet Relay Chat (IRC) bot is a set of scripts or an independent program
that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. An IRC
bot differs from a regular client in that instead of providing interactive access to IRC for a human user, it
performs automated functions.
NEW QUESTION 44
Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system?
- A. Netscan
- B. Nmap
- C. Hping
- D. SuperScan
Answer: D
Explanation:
Explanation
NEW QUESTION 45
John wants to implement a packet filtering firewall in his organization's network. What TCP/IP layer does a packet filtering firewall work on?
- A. IP layer
- B. Network Interface layer
- C. Application layer
- D. TCP layer
Answer: A
NEW QUESTION 46
John has successfully remediated the vulnerability of an internal application that could have caused a threat to the network. He is scanning the application for the existence of a remediated vulnerability, this process is called a __________ and it has to adhere to the __________.
- A. Vulnerability scanning, Risk Analysis
- B. Verification, Security Policies
- C. Mitigation, Security policies
- D. Risk analysis, Risk matrix
Answer: D
NEW QUESTION 47
Which of the following TCP commands is used to allocate a receiving buffer associated with the specified connection?
- A. Abort
- B. Close
- C. Receive
- D. Send
Answer: C
Explanation:
The Receive command is used to allocate a receiving buffer associated with the specified connection. An error is returned if no OPEN precedes this command or the calling process is not
authorized to use this connection.
Answer option A is incorrect. The Send command causes the data contained in the indicated user
buffer to be sent to the indicated connection.
Answer option C is incorrect. The Abort command causes all pending SENDs and RECEIVES to
be aborted.
Answer option B is incorrect. The Close command causes the connection specified to be closed.
NEW QUESTION 48
Which of the following classes of IP addresses provides a maximum of only 254 host addresses per network ID?
- A. Class A
- B. Class C
- C. Class D
- D. Class B
Answer: B
NEW QUESTION 49
Which of the following is a network that supports mobile communications across an arbitrary number of
wireless LANs and satellite coverage areas?
- A. LAN
- B. GAN
- C. HAN
- D. WAN
Answer: B
Explanation:
A global area network (GAN) is a network that is used for supporting mobile communications across an
arbitrary number of wireless LANs, satellite coverage areas, etc. The key challenge in mobile communications
is handing off the user communications from one local coverage area to the next.
Answer option B is incorrect. A wide area network (WAN) is a geographically dispersed telecommunications
network. The term distinguishes a broader telecommunication structure from a local area network (LAN). A
wide area network may be privately owned or rented, but the term usually connotes the inclusion of public
(shared user) networks. An intermediate form of network in terms of geography is a metropolitan area network
(MAN). A wide area network is also defined as a network of networks, as it interconnects LANs over a wide
geographical area.
Answer option D is incorrect. A home area network (HAN) is a residential LAN that is used for communication
between digital devices typically deployed in the home, usually a small number of personal computers and
accessories, such as printers and mobile computing devices.
Answer option A is incorrect. The Local Area Network (LAN) is a group of computers connected within a
restricted geographic area, such as residence, educational institute, research lab, and various other
organizations. It allows the users to share files and services, and is commonly used for intra-office
communication. The LAN has connections with other LANs via leased lines, leased services, or by tunneling
across the Internet using the virtual private network technologies.
NEW QUESTION 50
Which of the following OSI layers establishes, manages, and terminates the connections between the local and remote applications?
- A. Session layer
- B. Application layer
- C. Data Link layer
- D. Network layer
Answer: A
Explanation:
The session layer of the OSI/RM controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls.
Answer option C is incorrect. The Application Layer of TCP/IP model refers to the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application layer protocols are then encapsulated into one or more transport layer protocols, which in turn use lower layer protocols to affect actual data transfer.
Answer option A is incorrect. The Data Link Layer is Layer 2 of the seven-layer OSI model of computer networking. It corresponds to or is part of the link layer of the TCP/IP reference model. The Data Link Layer is the protocol layer which transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment. The Data Link Layer provides the functional and procedural means to transfer data between network entities and might provide the means to detect and possibly correct errors that may occur in the Physical Layer. Examples of data link protocols are Ethernet for local area networks (multi-node), the Point-to-Point Protocol (PPP), HDLC, and ADCCP for point-to-point (dual-node) connections.
Answer option B is incorrect. The network layer controls the operation of subnet, deciding which physical path the data should take, based on network conditions, priority of service, and other factors. Routers work on the Network layer of the OSI stack.
NEW QUESTION 51
Which of the following is a technique for gathering information about a remote network protected by a firewall?
- A. Wardriving
- B. Firewalking
- C. Warchalking
- D. Wardialing
Answer: B
Explanation:
Explanation
Explanation:
Fire walking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. If the firewall allows this crafted packet through, it forwards the packet to the next hop. On the next hop, the packet expires and elicits an ICMP
"TTL expired in transit" message to the attacker. If the firewall does not allow the traffic, there should be no response, or an ICMP "administratively prohibited" message should be returned to the attacker. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall. The main drawback of this technique is that if an administrator blocks ICMP packets from leaving the network, it is ineffective.
Answer option B is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.
Answer option C is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car.
Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Answer option D is incorrect. War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing.
NEW QUESTION 52
Network security is the specialist area, which consists of the provisions and policies adopted by the Network
Administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer
network and network-accessible resources. For which of the following reasons is network security needed?
Each correct answer represents a complete solution. Choose all that apply.
- A. To protect private information on the Internet
- B. To protect information from unwanted editing, accidentally or intentionally by unauthorized users
- C. To prevent a user from sending a message to another user with the name of a third person
- D. To protect information from loss and deliver it to its destination properly
Answer: A,B,C,D
Explanation:
Network security is needed for the following reasons:
To protect private information on the Internet
To protect information from unwanted editing, accidentally or intentionally by unauthorized users
To protect information from loss and deliver it to its destination properly
To prevent a user from sending a message to another user with the name of a third person
NEW QUESTION 53
......
A fully updated 2022 312-38 Exam Dumps exam guide from training expert Fast2test: https://www.fast2test.com/312-38-premium-file.html
Practice To 312-38 - Fast2test Remarkable Practice On your EC-Council Certified Network Defender CND Exam: https://drive.google.com/open?id=110XMki3NK0g3HkjdTlHXpma5rq8whsUk