[Q38-Q59] Verified 312-38 dumps Q&As - Pass Guarantee or Full Refund [Dec-2021]

Share

Verified 312-38 dumps Q&As - Pass Guarantee or Full Refund [Dec-2021]

312-38 PDF Dumps | Dec 16, 2021 Recently Updated Questions 


To help improve your performance, it is critical to understand the exam topics in detail. Thus, the content covered in the certification test that will be measured includes the following:

  • Incident Prediction: 10%

    The last area covers the concepts of risk management and evaluates the students’ skills in managing risk through the risk management program and managing vulnerabilities through the vulnerability management program. It also covers their understanding of the cyber threat intelligence’s role in network defense and various threat intelligence types.

  • Incident Response: 10%

    As for this section, it focuses on one’s skills in explaining the process of handling incidents & response as well as forensics investigation. You should also be able to describe BCP & DRP, different BC/DR standards, and BC/DR activities.

  • Protection of Network Perimeter: 16%

    This subject area focuses on the individuals’ skills in explaining access control terminologies, models, principles, as well as cryptographic security methods. The applicants should also develop their competence in explaining the concepts of identity & access management.

  • Application & Data Protection: 13%

    This module evaluates the learners’ skills in explaining & implementing Application Blacklisting & Whitelisting, application sandboxing, application patch management, and web application firewall. It also covers their understanding of data security and its importance. The interested candidates should also be able to describe the encryption of data at rest and at transit implementation.

  • Endpoint Protection: 15%

    This domain requires a good understanding of security concerns and Windows operating system. It also focuses on your ability to explain different features and components of Windows security, Windows User Account, and Password Management. The test takers also need to have an understanding of the Linux operating system and security concerns. They should possess the ability to explain Linux installation, Linux patching, and Linux operating system hardening methods.

  • Network Defense Management: 10%

    This topic measures the ability of the candidates to describe important terminologies associated with network attacks as well as the skills in explaining different samples of the network-level, host-level, and application-level attack methods. Besides that, you should also be able to explain different samples of wireless network-specific attack methods.

 

NEW QUESTION 38
With which of the following forms of acknowledgment can the sender be informed by the data receiver about all segments that have arrived successfully?

  • A. Cumulative Acknowledgment
  • B. Selective Acknowledgment
  • C. Negative Acknowledgment
  • D. Block Acknowledgment

Answer: B

Explanation:
Selective Acknowledgment (SACK) is one of the forms of acknowledgment. With selective acknowledgments, the sender can be informed by a data receiver about all segments that have arrived successfully, so the sender retransmits only those segments that have actually been lost. The selective acknowledgment extension uses two TCP options: The first is an enabling option, "SACK-permitted", which may be sent in a SYN segment to indicate that the SACK option can be used once the connection is established. The other is the SACK option itself, which can be sent over an established connection once permission has been given by "SACK-permitted".
Answer option A is incorrect. Block Acknowledgment (BA) was initially defined in IEEE 802.11e as an optional scheme to improve the MAC efficiency. IEEE 802.11n capable devices are also referred to as High Throughput (HT) devices. Instead of transmitting an individual ACK for every MPDU, multiple MPDUs can be acknowledged together using a single BA frame. Block Ack (BA) contains bitmap size of 64*16 bits. Each bit of this bitmap represents the status (success/failure) of an MPDU.
Answer option B is incorrect. With Negative Acknowledgment, the receiver explicitly notifies the sender which packets, messages, or segments were received incorrectly that may need to be retransmitted.
Answer option C is incorrect. With Cumulative Acknowledgment, the receiver acknowledges that it has correctly received a packet, message, or segment in a stream which implicitly informs the sender that the previous packets were received correctly. TCP uses cumulative acknowledgment with its TCP sliding window.

 

NEW QUESTION 39
Which of the following is a high-speed network that connects computers, printers, and other network devices together?

  • A. LAN
  • B. CAN
  • C. WAN
  • D. MAN

Answer: A

 

NEW QUESTION 40
Identify the password cracking attempt involving precomputed hash values stored as plaintext and using these to crack the password.

  • A. Hybrid
  • B. Rainbow table
  • C. Bruteforce
  • D. Dictionary

Answer: B

 

NEW QUESTION 41
Which of the following key features limits the rate a sender transfers data to guarantee reliable delivery?

  • A. Ordered data transfer
  • B. Error-free data transfer
  • C. Flow control
  • D. Congestion control

Answer: C

 

NEW QUESTION 42
Which of the following is a session layer protocol?

  • A. RPC
  • B. ICMP
  • C. RDP
  • D. SLP

Answer: A

 

NEW QUESTION 43
Which of the following is a network maintenance protocol of the TCP/IP protocol suite that is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC)?

  • A. RARP
  • B. ARP
  • C. DHCP
  • D. PIM

Answer: B

Explanation:
Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.
Answer option A is incorrect. The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information.
DHCP uses a client-server architecture. The client sends a broadcast request for configuration information.
The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time- consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address.
Answer option D is incorrect. Reverse Address Resolution Protocol (RARP) is a Network layer protocol used to obtain an IP address for a given hardware (MAC) address. RARP is sort of the reverse of an ARP. Common protocols that use RARP are BOOTP and DHCP.
Answer option C is incorrect. Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN, or the Internet. It is termed protocol-independent because PIM does not include its own topology discovery mechanism, but instead uses routing information supplied by other traditional routing protocols, such as Border Gateway Protocol (BGP).

 

NEW QUESTION 44
Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the
remote system?

  • A. Nmap
  • B. Netscan
  • C. SuperScan
  • D. Hping

Answer: C

 

NEW QUESTION 45
Which of the following applications is used for the statistical analysis and reporting of the log files?

  • A. jplag
  • B. Sawmill
  • C. Snort
  • D. Sniffer

Answer: B

 

NEW QUESTION 46
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

  • A. Smurf attack
  • B. Buffer-overflow attack
  • C. Bonk attack
  • D. DDoS attack

Answer: D

Explanation:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack. Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests. Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks: stack-based buffer overflow attack: Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow. heap-based buffer overflow attack: Heap-based overflow attack floods the memory space reserved for the programs. Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-ofservice (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.

 

NEW QUESTION 47
Which of the following is a free security-auditing tool for Linux?

  • A. Nessus
  • B. SATAN
  • C. SAINT
  • D. HPing

Answer: A

 

NEW QUESTION 48
Which of the following protocols is used to exchange encrypted EDI messages via email?

  • A. MIME
  • B. HTTPS
  • C. S/MIME
  • D. HTTP

Answer: C

 

NEW QUESTION 49
Which of the following flag to set whether the scan sends TCP Christmas tree frame with the remote machine?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. FIN
  • B. URG
  • C. RST
  • D. PUSH

Answer: A,B,D

 

NEW QUESTION 50
Which of the following steps will NOT make a server fault tolerant? Each correct answer represents a complete
solution. (Choose two.)

  • A. Performing regular backup of the server
  • B. Adding one more same sized disk as mirror on the server
  • C. Implementing cluster servers' facility
  • D. Adding a second power supply unit
  • E. Encrypting confidential data stored on the server

Answer: A,E

Explanation:
Encrypting confidential data stored on the server and performing regular backup will not make the server fault
tolerant.
Fault tolerance is the ability to continue work when a hardware failure occurs on a system. A fault-tolerant
system is designed from the ground up for reliability by building multiples of all critical components, such as
CPUs, memories, disks and power supplies into the same computer. In the event one component fails, another
takes over without skipping a beat.
Answer options A, C, and D are incorrect. The following steps will make the server fault tolerant:
Adding a second power supply unit
Adding one more same sized disk as a mirror on the server implementing cluster servers facility

 

NEW QUESTION 51
FILL BLANK
Fill in the blank with the appropriate term.
A ______________ is a physical or logical subnetwork that contains and exposes external services of an
organization to a larger network.

Answer:

Explanation:
demilitarized zone
Explanation:
A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of
an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of
security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in
the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in
the internal network, though communication with other hosts in the DMZ and to the external network is allowed.
This allows hosts in the DMZ to provide services to both the internal and external networks, while an
intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ
configuration, most computers on the LAN run behind a firewall connected to a public network such as the
Internet.

 

NEW QUESTION 52
Which of the following is a term to describe the use of inert gases and chemical agents to extinguish a fire?

  • A. Fire suppression system
  • B. Fire alarm system
  • C. Fire sprinkler
  • D. Gaseous fire suppression

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 53
CORRECT TEXT
Fill in the blank with the appropriate term. ______________is a method for monitoring the e-mail delivery to the intended recipient.

Answer:

Explanation:
Email tracking
Explanation:
Email tracking is a method for monitoring the e-mail delivery to the intended recipient. Most tracking technologies utilize some form of digitally time-stamped record to reveal the exact time and date at which e-mail was received or opened, as well the IP address of the recipient. When a user uses such tools to send an e-mail, forward an e-mail, reply to an e-mail, or modify an e-mail, the resulting actions and tracks of the original e-mail are logged. The sender is notified of all actions performed on the tracked e-mail by an automatically generated e-mail. eMailTracker Pro and MailTracking.com are the tools that can be used to perform email tracking.

 

NEW QUESTION 54
Which of the following provide an "always on" Internet access service when connecting to an ISP?Each correct answer represents a complete solution. Choose two.

  • A. Digital modem
  • B. DSL
  • C. Analog modem
  • D. Cable modem

Answer: B,D

Explanation:
DSL and Cable modems are used in remote-access WAN technology for connecting to the Internet. Both provide an "always on" Internet access service. Answer options C and A are incorrect. Analog and Digital modems are not always in 'ON' mode when connecting to an ISP. Analog modems transmit analog voice signals, while Digital modems transmit digital signals over a link.

 

NEW QUESTION 55
Which of the following is the standard protocol that provides VPN security at the highest level?

  • A. L2TP
  • B. None
  • C. PPP
  • D. P.M
  • E. IPSec

Answer: E

 

NEW QUESTION 56
Which of the following networks interconnects devices centered on an individual person's workspace?

  • A. WLAN
  • B. WWAN
  • C. WPAN
  • D. WMAN

Answer: C

 

NEW QUESTION 57
Which of the following devices helps in connecting a PC to an ISP via a PSTN?

  • A. PCI card
  • B. Adapter
  • C. Modem
  • D. Repeater

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 58
Which of the following is a term to describe the use of inert gases and chemical agents to extinguish a fire?

  • A. Fire suppression system
  • B. Fire alarm system
  • C. Fire sprinkler
  • D. Gaseous fire suppression

Answer: D

 

NEW QUESTION 59
......


Career Opportunities

The EC-Council 312-38 exam equips the professionals with the fundamental knowledge and skills in networking concepts. Without a doubt, earning the Certified Network Defender certification has a lucrative career outlook. Some of the positions that the certified individuals can consider include IT Administrators, Network Technicians, Data Analysts, Network Administrators, and Network Engineers, among others. The average remuneration for these titles is $94,000 per annum.

 

312-38 Exam Questions – Valid 312-38 Dumps Pdf: https://www.realvce.com/312-38_free-dumps.html

312-38 Practice Test Questions Answers Updated 171 Questions: https://drive.google.com/open?id=1zfaAwXpuE9yZc5hz7dwgoEa0YDiweyEM