[Q78-Q95] Best Quality 312-38 Exam Questions EC-COUNCIL Test To Gain Brilliante Result!

Share

Best Quality 312-38 Exam Questions EC-COUNCIL Test To Gain Brilliante Result!

Preparations of 312-38 Exam 2024 Certified Ethical Hacker Unlimited 348 Questions


The EC-Council Certified Network Defender (CND) certification exam is a rigorous exam that requires extensive preparation and study. 312-38 exam consists of 100 multiple-choice questions and has a time limit of 4 hours. To pass the exam, candidates must score at least 70%.

 

NEW QUESTION # 78
James is working as a Network Administrator in a reputed company situated in Californi a. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack. Which of the following Wireshark filters will he use?

  • A. lcmp.type==0 and icmp.type==16
  • B. lcmp.type==8 and icmp.type==0
  • C. lcmp.type==8 or icmp.type==0
  • D. lcmp.type==8 or icmp.type==16

Answer: C

Explanation:
James should use the Wireshark filter icmp.type==8 or icmp.type==0 to detect a PING sweep attack. This filter will capture both ICMP echo requests and echo replies, which are used in PING sweeps to discover active hosts on a network. When conducting a PING sweep, an attacker sends ICMP echo requests (type 8) to multiple hosts and listens for echo replies (type 0). By monitoring for both types, James can effectively identify a PING sweep attack.


NEW QUESTION # 79
In an Ethernet peer-to-peer network, which of the following cables is used to connect two computers, using RJ-45 connectors and Category-5 UTP cable?

  • A. Loopback
  • B. Serial
  • C. Parallel
  • D. Crossover

Answer: D

Explanation:
In an Ethernet peer-to-peer network, a crossover cable is used to connect two computers, using
RJ-45 connectors and Category-5 UTP cable. Answer options C and B are incorrect. Parallel and
serial cables do not use RJ-45 connectors and Category-5 UTP cable. Parallel cables are used to
connect printers, scanners etc., to computers, whereas serial cables are used to connect modems,
digital cameras etc., to computers.
Answer option A is incorrect. A loopback cable is used for testing equipments.


NEW QUESTION # 80
Which of the following is also known as slag code?

  • A. Trojan
  • B. IRC bot
  • C. Logic bomb
  • D. Worm

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 81
Which of the following statements is not true about the FAT16 file system? Each correct answer represents a complete solution. Choose all that apply.

  • A. It supports task compression files.
  • B. It supports the Linux operating system.
  • C. It works well with large disk, because the cluster size increases as the disk partition size increases.
  • D. It does not support file protection.

Answer: A,C


NEW QUESTION # 82
Which of the following is also known as stateful firewall?

  • A. DMZ
  • B. PIX firewall
  • C. Stateless firewall
  • D. Dynamic packet-filtering firewall

Answer: D


NEW QUESTION # 83
Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?

  • A. Incident handling
  • B. Log analysis
  • C. Business Continuity Management
  • D. Patch management

Answer: C


NEW QUESTION # 84
CORRECT TEXT
Fill in the blank with the appropriate term. A______________________ network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used for preventing the collision of data between two computers that want to send messages at the same time.

Answer:

Explanation:
Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second. Working: Empty information frames are constantly circulated on the ring. When a computer has a message to send, it adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is then observed by each successive workstation. If the workstation sees that it is the destination for the message, it copies the message from the frame and modifies the token back to 0.When the frame gets back to the originator, it sees that the token has been modified to 0 and that the message has been copied and received. It removes the message from the particular frame.The frame continues to circulate as an empty frame, ready to be taken by a workstation when it has a message to send.


NEW QUESTION # 85
Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

  • A. Hub-and-Spoke VPN model
  • B. Hose mode
  • C. AAA model
  • D. Pipe Model

Answer: D


NEW QUESTION # 86
Which of the following firewalls are used to track the state of active connections and determine the network
packets allowed to enter through the firewall? Each correct answer represents a complete solution. Choose all
that apply.

  • A. Dynamic packet-filtering
  • B. Circuit-level gateway
  • C. Stateful
  • D. Proxy server

Answer: A,C

Explanation:
A dynamic packet-filtering firewall is a fourth generation firewall technology. It is also known as a stateful
firewall. It tracks the state of active connections and determines which network packets are allowed to enter
through the firewall. It records session information, such as IP addresses and port numbers to implement a
more secure network. The dynamic packet-filtering firewall operates at Layer3, Layer4, and Layer5.
Answer option A is incorrect. A circuit-level gateway is a type of firewall that works at the session layer of the
OSI model between the application layer and the transport layer of the TCP/IP stack. They monitor TCP
handshaking between packets to determine whether a requested session is legitimate. Information passed to a
remote computer through a circuit level gateway appears to have originated from the gateway. This is useful
for hiding information about protected networks. Circuit-level gateways are relatively inexpensive and have the
advantage of hiding information about the private network they protect.
Answer option C is incorrect. A proxy server firewall intercepts all messages entering and leaving the network.
The proxy server effectively hides the true network addresses.


NEW QUESTION # 87
What is Azure Key Vault?

  • A. It is secure storage for the keys used to encrypt data at rest in Azure services
  • B. It is secure storage for the keys used to encrypt data in motion in Azure services
  • C. It is secure storage for the keys used to configure IAM in Azure services
  • D. It is secure storage for the keys used to encrypt data in use in Azure services

Answer: A

Explanation:
Azure Key Vault is a cloud service provided by Microsoft Azure that allows users to securely store and manage sensitive information such as encryption keys, secrets, and certificates. It is designed to safeguard cryptographic keys and other secrets used by cloud applications and services. Azure Key Vault helps ensure that data at rest is protected by providing secure storage for encryption keys, which can be used to encrypt data stored in Azure services. It also supports key management tasks such as creating, importing, rotating, and controlling access to keys, making it an essential tool for managing data security in the cloud.


NEW QUESTION # 88
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

  • A. Smurf attack
  • B. Buffer-overflow attack
  • C. DDoS attack
  • D. Bonk attack

Answer: C

Explanation:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack. Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests. Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks: stack-based buffer overflow attack: Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow. heap-based buffer overflow attack: Heap-based overflow attack floods the memory space reserved for the programs. Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-ofservice (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.


NEW QUESTION # 89
What defines the maximum time period an organization is willing to lose data during a major IT outage event?

  • A. RTO
  • B. RPO
  • C. BC
  • D. DR

Answer: B

Explanation:
The term that defines the maximum time period an organization is willing to lose data during a major IT outage event is known as the Recovery Point Objective (RPO). RPO is a critical concept in business continuity and disaster recovery planning. It represents the maximum age of the files that an organization must recover from backup storage for normal operations to resume after a disaster. In other words, it's the maximum amount of data loss an organization can tolerate. For instance, if an RPO is set to one hour, the system must be backed up at least every hour so that in case of a system failure, no more than one hour's worth of data is lost.


NEW QUESTION # 90
Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

  • A. She is utilizing a RST scan to find live hosts that are listening on her network.
  • B. Cindy is using a half-open scan to find live hosts on her network.
  • C. The type of scan she is usinq is called a NULL scan.
  • D. Cindy is attempting to find live hosts on her company's network by using a XMAS scan.

Answer: B


NEW QUESTION # 91
Which of the following is not part of the recommended first response steps for network defenders?

  • A. Disable virus protection
  • B. Extract relevant data from the suspected devices as early as possible
  • C. Restrict yourself from doing the investigation
  • D. Do not change the state of the suspected device

Answer: A

Explanation:
The recommended first response steps for network defenders typically include preserving the state of the suspected devices and extracting relevant data as early as possible. Disabling virus protection is not part of the recommended first response steps because it could compromise the system's security further and potentially destroy evidence. The primary goal in the initial response is to maintain the integrity of the system and the evidence it contains.


NEW QUESTION # 92
Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21.
What does this source address signify?

  • A. This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.
  • B. This source address is IPv6 and translates as 13.1.68.3
  • C. This means that the source is using IPv4
  • D. This source address signifies that the originator is using 802dot1x to try and penetrate into Frank's network

Answer: C


NEW QUESTION # 93
Which of the following protocols is described as a connection-oriented and reliable delivery transport layer protocol?

  • A. IP
  • B. UDP
  • C. SSL
  • D. TCP

Answer: D


NEW QUESTION # 94
Which of the following statements are true about volatile memory? Each correct answer represents a complete solution. Choose all that apply.

  • A. It is computer memory that requires power to maintain the stored information.
  • B. Read only memory (ROM) is an example of volatile memory.
  • C. A volatile storage device is faster in reading and writing data.
  • D. The content is stored permanently and even the power supply is switched off.

Answer: A,C

Explanation:
Volatile memory, also known as volatile storage, is computer memory that requires power to maintain the stored information, unlike non-volatile memory which does not require a maintained power supply. It has been less popularly known as temporary memory. Most forms of modern random access memory (RAM) are volatile storage, including dynamic random access memory (DRAM) and static random access memory (SRAM). A volatile storage device is faster in reading and writing data. Answer options A and C are incorrect. Non-volatile memory, nonvolatile memory, NVM, or nonvolatile storage, in the most basic sense, is computer memory that can retain the stored information even when not powered. Examples of non-volatile memory include read-only memory, flash memory, most types of magnetic computer storage devices (e.g. hard disks, floppy disks, and magnetic tape), optical discs, and early computer storage methods such as paper tape and punched cards.


NEW QUESTION # 95
......


The EC-Council Certified Network Defender (CND) exam is a vendor-neutral certification program that is recognized worldwide. EC-Council Certified Network Defender CND certification is designed to help network administrators and security professionals to gain the necessary knowledge and skills to defend against network-based attacks. The CND certification is a valuable asset for professionals who wish to enhance their career prospects and advance their knowledge in network security.

 

Focus on 312-38 All-in-One Exam Guide For Quick Preparation: https://www.realvce.com/312-38_free-dumps.html

312-38 All-in-One Exam Guide For Quick Preparation: https://drive.google.com/open?id=1zfaAwXpuE9yZc5hz7dwgoEa0YDiweyEM