100% Free Real Updated 312-38 Questions & Answers Pass Your Exam Easily [Q16-Q33]

Share

100% Free Real Updated 312-38 Questions & Answers Pass Your Exam Easily

Easily To Pass New 312-38 Verified & Correct Answers


The EC-Council 312-38 test is the required exam for obtaining the Certified Network Defender certification. This certificate covers the individuals’ skills in detecting, responding, and protecting against threats on networks. The candidates interested in this path are required to demonstrate their understanding of data transfer, software technologies, and network technologies. They should be able to use their skills to evaluate the subject material and understand the specific software that should be automated.

This certification exam evaluates the applicants’ competence in various network defense fundamentals, network security application controls, as well as perimeter appliances, protocols, and VPNs. To succeed in the test, you should also have knowledge of firewall configurations, secure IDS, network traffic signature intricacies, vulnerability, and analysis scanning.

 

NEW QUESTION 16
Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?

  • A. Full backup
  • B. Normal Backup
  • C. Differential Backup
  • D. Incremental backup

Answer: D

 

NEW QUESTION 17
Which of the following biometric devices is used to take impressions of the friction ridges of the skin on the underside of the tip of the fingers?

  • A. Facial recognition device
  • B. Iris camera
  • C. Fingerprint reader
  • D. Voice recognition voiceprint

Answer: C

Explanation:
A fingerprint reader is used to take impressions of the friction ridges of the skin on the underside of the tip of the fingers. Fingerprints help in identifying users and are unique and different to everyone and do not change over time. Even identical twins who share their DNA do not have the same fingerprints. Police and Government agencies have used these modes in order to identify humans for many years, but other agencies are starting to use biometric fingerprint readers for identification in many different applications.A fingerprint is created when the friction ridges of the skin come in contact with a surface that is receptive to a print by means of an agent to form the print like perspiration, oil, ink, grease, and many more. The agent is then transferred to the surface and leaves an impression which creates the fingerprint. Answer option B is incorrect. An iris camera is used to perform recognition detection of a user's identity by mathematical analysis of the random patterns that are visible within the iris of an eye from some distance. It is used to combine computer vision, pattern recognition, statistical inference, and optics. Answer option A is incorrect. A facial recognition device helps in viewing an image or video of a person and compares it to one that is in the database. It performs facial recognition by comparing the following:Structure, shape, and proportions of the face Distance between the eyes, nose, mouth, and jaw Upper outlines of the eye sockets The sides of the mouth Location of the nose and eyes The area surrounding the check bonesAnswer option C is incorrect. A voice recognition voiceprint is a spectrogram, which is a graph that shows a sound's frequency on the vertical axis and time on the horizontal axis. Different speech sounds help in creating different shapes on the graph. Spectrograms also use color or shades of gray to represent the acoustical qualities of sound.

 

NEW QUESTION 18
Which of the following are the six different phases of the Incident handling process? Each correct answer represents a complete solution. Choose all that apply.

  • A. Identification
  • B. Containment
  • C. Preparation
  • D. Lessons learned
  • E. Recovery
  • F. Post mortem review
  • G. Eradication

Answer: A,B,C,D,E,G

Explanation:
Following are the six different phases of the Incident handling process:
1.Preparation: Preparation is the first step in the incident handling process. It includes processes like backing up copies of all key data on a regular basis, monitoring and updating software on a regular basis, and creating and implementing a documented security policy. To apply this step a documented security policy is formulated that outlines the responses to various incidents, as a reliable set of instructions during the time of an incident.
The following list contains items that the incident handler should maintain in the preparation phase i.e. before an incident occurs:
Establish applicable policies
Build relationships with key players
Build response kit
Create incident checklists
Establish communication plan
Perform threat modeling
Build an incident response team
Practice the demo incidents
2.Identification: The Identification phase of the Incident handling process is the stage at which the Incident handler evaluates the critical level of an incident for an enterprise or system. It is an important stage where the distinction between an event and an incident is determined, measured and tested.
3.Containment: The Containment phase of the Incident handling process supports and builds up the incident combating process. It helps in ensuring the stability of the system and also confirms that the incident does not get any worse.
4.Eradication: The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the information that has been gathered for determining how the attack was committed. To prevent the incident from happening again, it is vital to recognize how it was conceded out so that a prevention technique is applied.
5.Recovery: Recovery is the fifth step of the incident handling process. In this phase, the Incident Handler places the system back into the working environment. In the recovery phase the Incident Handler also works with the questions to validate that the system recovery is successful. This involves testing the system to make sure that all the processes and functions are working normal. The Incident Handler also monitors the system to make sure that the systems are not compromised again. It looks for additional signs of attack.
6.Lessons learned: Lessons learned is the sixth and the final step of incident handling process. The Incident Handler utilizes the knowledge and experience he learned during the handling of the incident to enhance and improve the incident-handling process. This is the most ignorant step of all incident handling processes. Many times the Incident Handlers are relieved to have systems back to normal and get busy trying to catch up other unfinished work. The Incident Handler should make documents related to the incident or look for ways to improve the process.
Answer option C is incorrect. The post mortem review is one of the phases of the Incident response process.

 

NEW QUESTION 19
Which of the following are provided by digital signatures?

  • A. Authentication and identification
  • B. Integrity and validation
  • C. Security and integrity
  • D. Identification and validation

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 20
Which of the following is a term to describe the use of inert gases and chemical agents to extinguish a fire?

  • A. Gaseous fire suppression
  • B. Fire suppression system
  • C. Fire sprinkler
  • D. Fire alarm system

Answer: A

 

NEW QUESTION 21
Which of the following is a type of VPN that involves a single VPN gateway?

  • A. Intranet-based VPN
  • B. PPTP VPN
  • C. Remote-access VPN
  • D. Extranet-based VPN

Answer: D

 

NEW QUESTION 22
Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what command should he execute?

  • A. # service [service name] stop
  • B. # ps ax | grep [Target Process]
  • C. # update-rc.d -f [service name] remove
  • D. # kill -9 [PID]

Answer: D

 

NEW QUESTION 23
Which of the following systems is formed by a group of honeypots?

  • A. Production honeypot
  • B. Research honeypot
  • C. Honeyfarm
  • D. Honeynet

Answer: D

 

NEW QUESTION 24
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail,
and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is
highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for
switching across switched networks. It can also be used to capture authentication information for FTP, telnet,
SMTP, HTTP, POP, NNTP, IMAP, etc.

  • A. Libnids
  • B. LIDS
  • C. Dsniff
  • D. Cain

Answer: C

Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff
include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing
both switched and shared networks. It uses the arpredirect and macof tools for switching across switched
networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP,
IMAP, etc.
Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as
Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking
program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux
operating system.

 

NEW QUESTION 25
Which of the following standards is a proposed enhancement to the 802.11a and 802.11b wireless LAN
(WLAN) specifications that offers quality of service (QoS) features, including the prioritization of data, voice,
and video transmissions?

  • A. 802.11e
  • B. 802.11h
  • C. 802.15
  • D. 802.11n

Answer: A

Explanation:
The 802.11e standard is a proposed enhancement to the 802.11a and 802.11b wireless LAN (WLAN)
specifications. It offers quality of service (QoS) features, including the prioritization of data, voice, and video
transmissions. 802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time
division multiple access (TDMA) construct, and adds error-correcting mechanisms for delay-sensitive
applications such as voice and video. Answer option D is incorrect. 802.11h refers to the amendment added to
the IEEE 802.11 standard for Spectrum and Transmit Power Management Extensions.
Answer option B is incorrect. 802.11n is an amendment to the IEEE 802.11-2007 wireless networking standard
to improve network throughput over the two previous standards - 802.11a and 802.11g - with a significant
increase in the maximum raw data rate from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a
channel width of 40 MHz. Answer option A is incorrect. IEEE 802.15 is a working group of the IEEE 802 and
specializes in Wireless PAN (Personal Area Network) standards. It includes seven task groups, which are as
follows:
1.Task group 1 (WPAN/Bluetooth)
2.Task group 2 (Coexistence)
3.Task group 3 (High Rate WPAN)
4.Task group 4 (Low Rate WPAN)
5.Task group 5 (Mesh Networking)
6.Task Group 6 (BAN)
7.Task group 7 (VLC)

 

NEW QUESTION 26
Which of the following is an attack on a website that changes the visual appearance of the site and seriously
damages the trust and reputation of the website?

  • A. Website defacement
  • B. Buffer overflow
  • C. Zero-day attack
  • D. Spoofing

Answer: A

Explanation:
Website defacement is an attack on a website that changes the visual appearance of the site. These are
typically the work of system crackers, who break into a Web server and replace the hosted website with one of
their own. Sometimes, the Defacer makes fun of the system administrator for failing to maintain server
security. Most times, the defacement is harmless; however, it can sometimes be used as a distraction to cover
up more sinister actions such as uploading malware.
A high-profile website defacement was carried out on the website of the company SCO Group following its
assertion that Linux contained stolen code. The title of the page was changed from Red Hat vs. SCO to SCO
vs. World with various satirical content.
Answer option D is incorrect. Buffer overflow is a condition in which an application receives more data than it is
configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can
terminate or crash the application.
Answer option B is incorrect. A zero-day attack, also known as zero-hour attack, is a computer threat that tries
to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor,
or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out
an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User
awareness training is the most effective technique to mitigate such attacks.
Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an
authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies
packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used
while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to
be misdirected.

 

NEW QUESTION 27
Which of the following is a session layer protocol?

  • A. RDP
  • B. ICMP
  • C. RPC
  • D. SLP

Answer: C

 

NEW QUESTION 28
You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now,
you want to know the IP address of the sender so that you can analyze various information such as the actual
location, domain information, operating system being used, contact information, etc. of the email sender with
the help of various tools and resources. You also want to check whether this email is fake or real. You know
that analysis of email headers is a good starting point in such cases. The email header of the suspicious email
is given below:

What is the IP address of the sender of this email?

  • A. 209.191.91.180
  • B. 216.168.54.25
  • C. 172.16.10.90
  • D. 141.1.1.1

Answer: B

Explanation:
The IP address of the sender of this email is 216.168.54.25. According to the scenario, you want to know the
IP address of the sender so that you can analyze various information such as the actual location, domain
information, operating system being used, contact information, etc. of the email sender with the help of various
tools and resources. You also want to check whether this email is fake or real. You know that analysis of email
headers is a good starting point in such cases. Once you start to analyze the email header, you get an entry
entitled as X-Originating-IP. You know that in Yahoo, the X-Originating-IP is the IP address of the email sender
and in this case, the required IP address is 216.168.54.25.
Answer options A, C, and B are incorrect. All these are the IP addresses of the Yahoo and Wetpaint servers.

 

NEW QUESTION 29
Which of the following TCP commands is used to allocate a receiving buffer associated with the specified connection?

  • A. Send
  • B. Receive
  • C. Close
  • D. Abort

Answer: B

Explanation:
The Receive command is used to allocate a receiving buffer associated with the specified connection. An error is returned if no OPEN precedes this command or the calling process is not
authorized to use this connection.
Answer option A is incorrect. The Send command causes the data contained in the indicated user
buffer to be sent to the indicated connection.
Answer option C is incorrect. The Abort command causes all pending SENDs and RECEIVES to
be aborted.
Answer option B is incorrect. The Close command causes the connection specified to be closed.

 

NEW QUESTION 30
Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.

  • A. Swatch
  • B. PsLoggedOn
  • C. Timbersee
  • D. PsGetSid

Answer: B,D

Explanation:
PsLoggedOn and PsGetSid are not logging tools. They are command-line utilities used in the Windows operating system. PsLoggedOn is an applet that displays both the local and remote logged on users. If an attacker specifies a user name instead of a computer, PsLoggedOn searches the computers in the network and tells whether the user is currently logged on or not. The command syntax for PsLoggedOn is as follows: psloggedon [- ] [-l] [-x] [\\computername | username] PsGetSid is a tool that is used to query SIDs remotely. Using PsGetSid, the attacker can access the SIDs of user accounts and translate an SID into the user name. The command syntax for PsGetSid is as follows: psgetsid [\\computer[,computer[,...] | @file] [-u username [-p password]]] [account|SID] Answer options C and D are incorrect. Timbersee and Swatch are tools used for logging network activities in the Linux operating system.

 

NEW QUESTION 31
Which of the following protocols is used to share information between routers to transport IP Multicast packets among networks?

  • A. LWAPP
  • B. RSVP
  • C. RPC
  • D. DVMRP

Answer: D

Explanation:
The Distance Vector Multicast Routing Protocol (DVMRP) is used to share information between routers to transport IP Multicast packets among networks. It uses a reverse path-flooding technique and is used as the basis for the Internet's multicast backbone (MBONE). In particular, DVMRP is notorious for poor network scaling, resulting from reflooding, particularly with versions that do not implement pruning. DVMRP's flat unicast routing mechanism also affects its capability to scale.
Answer option A is incorrect. The Resource Reservation Protocol (RSVP) is a Transport layer protocol designed to reserve resources across a network for an integrated services Internet. RSVP does not transport application data but is rather an Internet control protocol, like ICMP, IGMP, or routing protocols. RSVP provides receiver-initiated setup of resource reservations for multicast or unicast data flows with scaling and robustness.
RSVP can be used by either hosts or routers to request or deliver specific levels of quality of service (QoS) for application data streams. RSVP defines how applications place reservations and how they can leave the reserved resources once the need for them has ended. RSVP operation will generally result in resources being reserved in each node along a path.
Answer option C is incorrect. A remote procedure call (RPC) hides the details of the network by using the common procedure call mechanism familiar to every programmer. Like any ordinary procedure, RPC is also synchronous and parameters are passed to it. A process of the client calls a function on a remote server and remains suspended until it gets back the results.
Answer option D is incorrect. LWAPP (Lightweight Access Point Protocol) is a protocol used to control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. This also allows network administrators to closely analyze the network.

 

NEW QUESTION 32
Which of the following types of RAID offers no protection for the parity disk?

  • A. RAID 3
  • B. RAID 5
  • C. RAID 2
  • D. RAID 1

Answer: A

 

NEW QUESTION 33
......


EC-COUNCIL 312-38 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Risk Anticipation with Risk Management
  • Technical Network Security
Topic 2
  • Enterprise Wireless Network Security
  • Endpoint Security- Mobile Devices
Topic 3
  • Threat Assessment with Attack Surface Analysis
  • Administrative Network Security
Topic 4
  • Business Continuity and Disaster Recovery
  • Endpoint Security-Windows Systems
Topic 5
  • Incident Response and Forensic Investigation
  • Endpoint Security-IoT Devices
Topic 6
  • Network Traffic Monitoring and Analysis
  • Administrative Application Security
Topic 7
  • Network Logs Monitoring and Analysis
  • Network Perimeter Security
Topic 8
  • Threat Prediction with Cyber Threat Intelligence
  • Network Attacks and Defense Strategies
Topic 9
  • Enterprise Virtual Network Security
  • Data Security


How much Certified Network Defender Cost

The cost of the Certified Network Defender is $150. For more information related to exam price, please visit the official website as the cost of exams may be subjected to vary county-wise.

 

Free 312-38 Exam Files Downloaded Instantly: https://www.validbraindumps.com/312-38-exam-prep.html

Verified & Latest 312-38 Dump Q&As with Correct Answers: https://drive.google.com/open?id=1Wb_Hfs3AK3CCuf02tut5hIvz8n1CZeAC