[May-2024] 312-38 Dumps are Available for Instant Access from TestBraindump [Q89-Q110] | TestBraindump

  • Home
  • Articles
  • [May-2024] 312-38 Dumps are Available for Instant Access from TestBraindump [Q89-Q110]

[May-2024] 312-38 Dumps are Available for Instant Access from TestBraindump [Q89-Q110]

Share

[May-2024] 312-38 Dumps are Available for Instant Access from TestBraindump

Study resources for the Valid 312-38 Braindumps!


The EC-Council Certified Network Defender (CND) certification is an industry-recognized credential that validates a candidate’s abilities to protect, detect, and respond to network security threats. EC-Council Certified Network Defender CND certification program introduces the candidates to the latest methodologies and techniques in network defense, which are essential to secure the network infrastructure. To earn the EC-Council Certified Network Defender (CND) designation, candidates need to pass the EC-Council 312-38 exam, which is a challenging test of their network security skills.


EC-COUNCIL 312-38 exam covers a range of topics related to network security, including network security controls, network security protocols, network security devices, network security threats, and network security best practices. 312-38 exam also covers topics such as network security policies, risk management, security operations, and incident response.


EC-COUNCIL 312-38 exam is ideal for individuals who wish to establish themselves as experts in network defense strategies, technologies, and methodologies. By successfully passing the exam, candidates demonstrate their ability to develop and implement effective security policies, identify and mitigate network weaknesses, and effectively handle security incidents.

 

NEW QUESTION # 89
Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and out of the network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets. What is this type of server called?

  • A. Session layer firewall
  • B. SOCKS hsot
  • C. Bastion host
  • D. Edge transport server

Answer: C


NEW QUESTION # 90
Which of the following tools is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen?

  • A. Nessus
  • B. Snort
  • C. SAINT
  • D. Adeona

Answer: D

Explanation:
Adeona is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen. All it takes is to install the Adeona software client on the user's laptop, pick a password, and make it run in the background. If at one point, the user's laptop gets stolen and is connected to the Internet, the Adeona software sends the criminal's IP address. Using the Adeona Recovery, the IP address can then be retrieved. Knowing the IP address helps in tracking the geographical location of the stolen device.
Answer option D is incorrect. Nessus is proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on tested systems. It is capable of checking various types of vulnerabilities, some of which are as follows: Vulnerabilities that allow a remote cracker to control or access sensitive data on a system Misconfiguration (e.g. open mail relay, missing patches, etc), Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack. Denials of service against the TCP/IP stack by using mangled packets Answer option A is incorrect. SAINT stands for System Administrator's Integrated Network Tool. It is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.
The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-of-service, or gain sensitive information about the network.
Answer option C is incorrect. Snort is an open source network intrusion detection system. The Snort application analyzes network traffic in realtime mode. It performs packet sniffing, packet logging, protocol analysis, and a content search to detect a variety of potential attacks.


NEW QUESTION # 91
Which of the following processes helps the business units to understand the impact of a disruptive event?

  • A. Scope and plan initiation
  • B. Plan approval and implementation
  • C. Business impact assessment
  • D. Business continuity plan development

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 92
Which of the following is a non-profit organization that oversees the allocation of IP addresses, management of
the DNS infrastructure, protocol parameter assignment, and root server system management?

  • A. ITU
  • B. ANSI
  • C. IEEE
  • D. ICANN

Answer: D

Explanation:
ICANN stands for Internet Corporation for Assigned Names and Numbers. ICANN is responsible for managing
the assignment of domain names and IP addresses. ICANN's tasks include responsibility for IP address space
allocation, protocol identifier assignment, top-level domain name system management, and root server system
management functions. Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit
organization that oversees the allocation of IP addresses, management of the DNS infrastructure, protocol
parameter assignment, and root server system management.
Answer option B is incorrect. Institute of Electrical and Electronics Engineers (IEEE) is an organization of
engineers and electronics professionals who develop standards for hardware and software.
Answer option C is incorrect. The International Telecommunication Union is an agency of the United Nations
which regulates information and communication technology issues. ITU coordinates the shared global use of
the radio spectrum, promotes international cooperation in assigning satellite orbits, works to improve
telecommunication infrastructure in the developing world and establishes worldwide standards. ITU is active in
areas including broadband Internet, latest-generation wireless technologies, aeronautical and maritime
navigation, radio astronomy, satellite-based meteorology, convergence in fixed-mobile phone, Internet access,
data, voice, TV broadcasting, and next-generation networks.
Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for
fostering the development of technology standards in the United States. ANSI works with industry groups and
is the U.S. member of the International Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC). Long-established computer standards from ANSI include the American
Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).


NEW QUESTION # 93
Which of the following is a software tool used in passive attacks for capturing network traffic?

  • A. Sniffer
  • B. Intrusion detection system
  • C. Warchalking
  • D. Intrusion prevention system

Answer: A

Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host.
This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.
Answer option C is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.
Answer option D is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.


NEW QUESTION # 94
Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

  • A. Cindy is using a half-open scan to find live hosts on her network.
  • B. She is utilizing a RST scan to find live hosts that are listening on her network.
  • C. Cindy is attempting to find live hosts on her company's network by using a XMAS scan.
  • D. The type of scan she is usinq is called a NULL scan.

Answer: A


NEW QUESTION # 95
How many layers are present in the TCP/IP model?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A


NEW QUESTION # 96
The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?

  • A. You should run the up2data -u command
  • B. You should run the up2date -d -f -u command
  • C. You should type the sysupdate -d command
  • D. You should run the WSUS -d -f -u command.

Answer: B


NEW QUESTION # 97
John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values: ItemID1=2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1=2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price.
Which of the following hacking techniques is John performing?

  • A. Computer-based social engineering
  • B. Cookie poisoning
  • C. Man-in-the-middle attack
  • D. Cross site scripting

Answer: B

Explanation:
John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs: For example: The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1. Original cookie values: ItemID1= 2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1= 2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price. Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values: Original cookie values: LoggedIn= True Username = Mark Modified cookie values: LoggedIn= True Username = Admin Now, after modifying the cookie values, the attacker can do the admin login. Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.


NEW QUESTION # 98
Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when deciding on the appropriate backup medium?

  • A. Reliability
  • B. Extensibility
  • C. Capability
  • D. Accountability

Answer: A,B,C


NEW QUESTION # 99
John is the Vice-President of a BPO. He wants to implement a policy allowing employees to use and manage devices purchased by the organization but restrict the use of the device for business use only. Which among the following policies does John want to implement?

  • A. BYOD policy
  • B. CYOD policy
  • C. COBO policy
  • D. COPE policy

Answer: B


NEW QUESTION # 100
Which of the following techniques is also called access point mapping?

  • A. Wire tapping
  • B. War driving
  • C. War dialing
  • D. War flying

Answer: B


NEW QUESTION # 101
Which of the following encryption techniques do digital signatures use?

  • A. RSA
  • B. IDEA
  • C. Blowfish
  • D. MD5

Answer: D


NEW QUESTION # 102
Which of following are benefits of using loT devices in loT-enabled environments? I. loT device car be connected anytime M. loT device can be connected at any place ill. loT devices connected to anything

  • A. I
  • B. I, II and III
  • C. II
  • D. I and II

Answer: B


NEW QUESTION # 103
Which of the following is a standard-based protocol that provides the highest level of VPN security?

  • A. IP
  • B. L2TP
  • C. PPP
  • D. IPSec

Answer: D

Explanation:
Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password. IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP). Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide. Answer option C is incorrect. Point-to-Point Protocol (PPP) is a remote access protocol commonly used to connect to the Internet. It supports compression and encryption and can be used to connect to a variety of networks. It can connect to a network running on the IPX, TCP/IP, or NetBEUI protocol. It supports multi-protocol and dynamic IP assignments. It is the default protocol for the Microsoft Dial-Up adapter. Answer option A is incorrect. Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer of Point-to-Point Protocol (PPP) traffic between different networks.L2TP combines with IPSec to provide tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol packets across IP networks.


NEW QUESTION # 104
Which of the following is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration?

  • A. SLP
  • B. NTP
  • C. NNTP
  • D. DCAP

Answer: A

Explanation:
The Service Location Protocol (SLP, srvloc) is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration. SLP has been designed to scale from small, unmanaged networks to large enterprise networks.
Answer option C is incorrect. The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. NNTP is designed so that news articles are stored in a central database, allowing the subscriber to select only those items that he wants to read. Answer option A is incorrect.
Network Time Protocol (NTP) is used to synchronize the timekeeping among the number of distributed time servers and clients. It is used for the time management in a large and diverse network that contains many interfaces. In this protocol, servers define the time, and clients have to be synchronized with the defined time.
These clients can choose the most reliable source of time defined from the several NTP servers for their information transmission.
Answer option D is incorrect. The Data Link Switching Client Access Protocol (DCAP) is an application layer protocol that is used between workstations and routers for transporting SNA/NetBIOS traffic over TCP sessions. It was introduced in order to address a few deficiencies by the Data Link Switching Protocol (DLSw).
The DLSw raises the important issues of scalability and efficiency, and since DLSw is a switch-to-switch protocol, it is not efficient when implemented on workstations. DCAP was introduced in order to address these issues.


NEW QUESTION # 105
John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for his
organization. For this, he needs to decide the appropriate devices and policies required to set up the network.
Which of the following phases of the incident handling process will help him accomplish the task?

  • A. Preparation
  • B. Containment
  • C. Eradication
  • D. Recovery

Answer: A

Explanation:
Preparation is the first step in the incident handling process. It includes processes like backing up copies of all
key data on a regular basis, monitoring and updating software on a regular basis, and creating and
implementing a documented security policy. To apply this step a documented security policy is formulated that
outlines the responses to various incidents, as a reliable set of instructions during the time of an incident. The
following list contains items that the incident handler should maintain in the preparation phase i.e. before an
incident occurs:
Establish applicable policies
Build relationships with key players
Build response kit
Create incident checklists
Establish communication plan
Perform threat modeling
Build an incident response team
Practice the demo incidents
Answer option A is incorrect. The Containment phase of the Incident handling process is responsible for
supporting and building up the incident combating process. It ensures the stability of the system and also
confirms that the incident does not get any worse. The Containment phase includes the process of preventing
further contamination of the system or network, and preserving the evidence of the contamination.
Answer option D is incorrect. The Eradication phase of the Incident handling process involves the cleaning-up
of the identified harmful incidents from the system. It includes the analyzing of the information that has been
gathered for determining how the attack was committed. To prevent the incident from happening again, it is
vital to recognize how it was conceded out so that a prevention technique is applied.
Answer option B is incorrect. Recovery is the fifth step of the incident handling process. In this phase, the
Incident Handler places the system back into the working environment. In the recovery phase the Incident
Handler also works with the questions to validate that the system recovery is successful. This involves testing
the system to make sure that all the processes and functions are working normal. The Incident Handler also
monitors the system to make sure that the systems are not compromised again. It looks for additional signs of
attack.


NEW QUESTION # 106
Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?

  • A. Application blacklisting
  • B. Application sandboxing
  • C. Deployment of WAFS
  • D. Application whitelisting

Answer: B


NEW QUESTION # 107
Management asked Adam to implement a system allowing employees to use the same credentials to access multiple applications. Adam should implement the--------------------------authentication technique to satisfy the management request.

  • A. Smart Card Authentication
  • B. Biometric
  • C. Two-factor Authentication
  • D. Single-sign-on

Answer: D


NEW QUESTION # 108
Michael decides to view the ________ to track employee actions on the organization's network.

  • A. Firewall settings
  • B. Firewall policy
  • C. Firewall rule set
  • D. Firewall log

Answer: D


NEW QUESTION # 109
Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?

  • A. Bridge
  • B. Router
  • C. Gateway
  • D. Switch

Answer: C


NEW QUESTION # 110
......

Updated 312-38 Tests Engine pdf - All Free Dumps Guaranteed: https://quiztorrent.testbraindump.com/312-38-exam-prep.html

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam

TestBraindump will offer you the best Test Braindumps & professional Quiz Torrent materials which will help you pass the professional certification tests easily.

Latest Test Braindump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestBraindump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy