
Updated Dec-2024 Test Engine or PDF for the EC-COUNCIL 312-38 test to help you quickly prepare for the EC-COUNCIL exam!
Full 312-38 Practice Test and 359 unique questions with explanations waiting just for you, get it now!
NEW QUESTION # 152
Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?
- A. Signature-Based ID system
- B. Behavior-based ID system
- C. Network-based ID system
- D. Host-based ID system
Answer: D
NEW QUESTION # 153
Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile?
Each correct answer represents a complete solution. Choose all that apply.
- A. Disaster recovery
- B. Benefit-Cost Analysis
- C. Business Continuity Planning
- D. Cost-benefit analysis
Answer: B,D
Explanation:
Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile. It is a term that refers both to:
helping to appraise, or assess, the case for a project, program, or policy proposal; an approach to making economic decisions of any kind. Under both definitions, the process involves, whether explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. The formal process is often referred to as either CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).
Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.
Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.
NEW QUESTION # 154
Which of the following is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration?
- A. SLP
- B. NNTP
- C. NTP
- D. DCAP
Answer: A
NEW QUESTION # 155
Which authorization lets users access a requested resource on behalf of others?
- A. Explicit Authorization
- B. Implicit Authorization
- C. Decentralized Authorization
- D. Centralized Authorization
Answer: B
Explanation:
Implicit Authorization is a type of authorization that allows users to access resources on behalf of others without the need for explicit permission from the resource owner each time. This is commonly implemented through OAuth, where a user grants a third-party application access to their information on another service without sharing their credentials. The application receives an access token that permits it to act on behalf of the user, accessing only what the user is authorized to access.
NEW QUESTION # 156
Who is an IR custodian?
- A. An individual who receives the initial IR alerts and leads the IR team in all the IR activities
- B. An individual responsible for the remediation and resolution of the incident that occurred
- C. An individual who makes a decision on the classifications and the severity of the incident identified
- D. An individual responsible for conveying company details after an incident
Answer: C
Explanation:
An IR custodian is typically responsible for making decisions on the classifications and the severity of the incident identified. This role involves determining the impact of the incident, categorizing its severity, and guiding the appropriate response according to the organization's incident response plan. The custodian plays a critical role in the incident response process by ensuring that incidents are properly identified, classified, and escalated to the relevant parties for further action.
References: The information provided aligns with the objectives and documents of the EC-Council's Certified Network Defender (CND) program, which includes understanding the roles and responsibilities within an incident response team. For more detailed information, refer to the official CND study guide and materials provided by the EC-Council.
NEW QUESTION # 157
-----------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)
- A. 802.15.4
- B. 802.15
- C. 802.12
- D. 802.16
Answer: D
Explanation:
The IEEE 802.16 is a series of wireless broadband standards, also known as WirelessMAN, that are designed for Metropolitan Area Networks (MANs). It specifies the air interface, including the medium access control layer (MAC) and physical layer (PHY), of combined fixed and mobile point-to-multipoint broadband wireless access systems. This standard supports rapid deployment of broadband wireless access systems and encourages competition by providing alternatives to wireline broadband access.
NEW QUESTION # 158
Which of the following is a drawback of traditional perimeter security?
- A. Traditional firewalls are dynamic in nature
- B. Traditional perimeter security is identity-centric
- C. Traditional firewalls are static in nature
- D. Traditional VPNs follow identity centric instead of trust based network centric approach
Answer: C
Explanation:
One of the main drawbacks of traditional perimeter security is that it is based on a static model. Traditional firewalls, which are a core component of perimeter security, operate under the assumption that threats can be prevented by establishing a strong, static boundary. This model does not adapt well to the dynamic nature of modern networks, where users, devices, and applications are constantly changing and may exist outside of the traditional network boundary. The static nature of traditional firewalls means they cannot effectively handle the fluid and evolving security demands of today's interconnected environments.
References: The explanation provided aligns with the principles of network security and the limitations of traditional perimeter security models as discussed in various authoritative sources, including Microsoft's insights on transforming to a Zero Trust model1, and other industry discussions on the need for a shift from traditional network perimeter security to more dynamic and adaptive security approaches23.
NEW QUESTION # 159
The security network team is trying to implement a firewall capable of operating only in the session layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate or not. Using the type of firewall,they could be able to intercept the communication, making the external network see that the firewall is the source, and facing the user, who responds from the outside is the firewall itself. They are just limiting a requirements previous listed, because they have already have a packet filtering firewall and they must add a cheap solution that meets the objective. What kind of firewall would you recommend?
- A. Application Proxies
- B. Application Level Gateways
- C. Circuit Level Gateway
- D. Packet Filtering with NAT
Answer: C
Explanation:
A Circuit Level Gateway operates at the session layer of the OSI model. It monitors the TCP handshake to ensure that the session is legitimate and can intercept the communication. This type of firewall does not inspect the packets themselves but rather ensures that the connection is valid. It can be seen as a middleman that relays TCP connections between the user and the external network, making it appear as if the firewall is the source or destination of the communication. This is a cost-effective solution that complements the existing packet filtering firewall by adding session-level control without the need for deep packet inspection or application-level gateways, which can be more resource-intensive.
References: The functionality of Circuit Level Gateways is described in various cybersecurity resources, including LinkedIn's explanation of common types of firewalls used in operating systems, which outlines how they operate at the session layer and establish virtual circuits1. Additionally, GeeksforGeeks provides an overview of the Session Layer in the OSI model, which is where Circuit Level Gateways function2.
NEW QUESTION # 160
The IP addresses reserved for multicasting belong to which of the following classes?
- A. Class B
- B. Class E
- C. Class D
- D. Class C
Answer: C
NEW QUESTION # 161
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt? (Choose all that apply.)
- A. tcp.options.mss_val<1460
- B. tcp.flags==0x2b
- C. tcp.flags=0x00
- D. tcp.options.wscale_val==20
Answer: A,B,C
NEW QUESTION # 162
Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP addresses to be private addresses, to prevent public Internet devices direct access to them. What should Steven implement on the firewall to ensure this happens?
- A. Steven should use IPsec
- B. Steven should enabled Network Address Translation(NAT)
- C. Steven should use a Demilitarized Zone (DMZ)
- D. Steven should use Open Shortest Path First (OSPF)
Answer: B
Explanation:
Steven should implement Network Address Translation (NAT) on the firewall to ensure that the IP addresses of the workstations are private and not directly accessible from the public Internet. NAT translates the private IP addresses of the workstations to a public IP address before they are sent out to the Internet, and vice versa for incoming traffic. This not only hides the internal IP addresses but also allows multiple devices to share a single public IP address, which is essential as the company grows.
NEW QUESTION # 163
How can organizations obtain information about threats through human intelligence?
- A. By discovering vulnerabilities through exploration, understanding malware behavior through malware processing, etc.
- B. From the data of past incidents and network monitoring
- C. From attackers through the dark web and honeypots
- D. By extracting information from security blogs and forums
Answer: D
Explanation:
Human intelligence (HUMINT) in the context of network defense involves the collection of information from human sources. This can include extracting insights from security blogs, forums, and other platforms where cybersecurity professionals and enthusiasts discuss vulnerabilities, threats, and incidents. By monitoring these discussions, organizations can gain valuable information about emerging threats, techniques used by attackers, and potential security weaknesses that need to be addressed.
References: The role of human intelligence in gathering threat information is highlighted in cybersecurity literature. For example, CrowdStrike discusses the importance of HUMINT in cybersecurity, noting that it involves engaging with threat actors on various platforms to gather information about their activities1. Additionally, the IEEE paper on "Gathering threat intelligence through computer network deception" emphasizes the significance of proactive threat intelligence development by network defenders2.
NEW QUESTION # 164
Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?
- A. Analysis of Threats
- B. Application of Appropriate OPSEC Measures
- C. Identification of Critical Information
- D. Assessment of Risk
- E. Analysis of Vulnerabilities
Answer: E
Explanation:
OPSEC is a 5-step process that helps in developing protection mechanisms in order to safeguard sensitive information and preserve essential secrecy.
The OPSEC process has five steps, which are as follows:
1.Identification of Critical Information: This step includes identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.
2.Analysis of Threats: This step includes the research and analysis of intelligence, counter-intelligence, and open source information to identify likely adversaries to a planned operation.
3.Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary's intelligence collection capabilities identified in the previous action.
4.Assessment of Risk: Firstly, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Secondly, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.
5.Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.
NEW QUESTION # 165
Which of the following layers of the OSI model provides interhost communication?
- A. Session layer
- B. Network layer
- C. Transport layer
- D. Application layer
Answer: A
NEW QUESTION # 166
Which type of antenna is based on the principle of a satellite dish and can pick up Wi-Fi signals from a distance of ten miles of more?
- A. Yagi antenna
- B. Parabolic Grid antenna
- C. Omnidirectional antenna
- D. Directional antenna
Answer: B
Explanation:
The Parabolic Grid antenna is designed based on the principle of a satellite dish. This type of antenna can focus the radio waves onto a particular direction and is capable of picking up Wi-Fi signals from very long distances, often ten miles or more, depending on the specific design and conditions. It is highly directional and has a narrow focus, making it ideal for point-to-point communication in long-range Wi-Fi networks.
NEW QUESTION # 167
In which of the following types of port scans does the scanner attempt to connect to all 65,535 ports?
- A. Vanilla
- B. Strobe
- C. FTP bounce
- D. UDP
Answer: A
NEW QUESTION # 168
Which of the following IEEE standards is an example of a DQDB access method?
- A. 802.5
- B. 802.6
- C. 802.4
- D. 802.3
Answer: B
NEW QUESTION # 169
A local bank wants to protect their card holder dat
a. The bank should comply with the________standard to ensure the security of card holder data.
- A. ISEC
- B. HIPAA
- C. PCI DSS
- D. SOAX
Answer: C
Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) is the global data security standard adopted by the payment card brands for all entities that process, store, or transmit cardholder data. It consists of steps that mirror security best practices, including protecting stored cardholder data, maintaining a vulnerability management program, and implementing strong access control measures. For a local bank that wants to protect cardholder data, compliance with PCI DSS is essential to ensure the security of this sensitive information.
NEW QUESTION # 170
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?
- A. Tcp.options.mss_val<1460
- B. Tcp.flags=0x00
- C. Tcp.options.wscale_val==20
- D. Tcp.flags==0x2b
Answer: A
Explanation:
TCP OS fingerprinting attempts can be identified by analyzing various TCP/IP stack behaviors, one of which is the TCP Maximum Segment Size (MSS). The MSS value indicates the size of the largest segment of TCP data that a device is willing to receive. Different operating systems have different default MSS values, and a value less than 1460 can suggest an OS fingerprinting attempt, as it may indicate that the sender is trying to avoid fragmentation or is probing to discover the OS based on MSS response.
NEW QUESTION # 171
Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?
- A. Incident Response Policy (IRP)
- B. System Specific Security Policy (SSSP)
- C. Enterprise Information Security Policy (EISP)
- D. Issue Specific Security Policy (ISSP)
Answer: D
Explanation:
An Acceptable Use Policy (AUP) is a type of Issue Specific Security Policy (ISSP) that outlines the constraints and practices that users must agree to in order to access the corporate network, endpoints, applications, and the internet. It is designed to provide guidelines for the appropriate use of an organization's IT resources, including employee conduct, data usage, system access privileges, and the handling of confidential information. The AUP is a crucial part of the security policy framework as it directly addresses specific issues related to the acceptable use of IT resources by employees.
NEW QUESTION # 172
Which of the following OSI layers defines the electrical and physical specifications for devices?
- A. Presentation layer
- B. Data link layer
- C. Transport layer
- D. Physical layer
Answer: D
NEW QUESTION # 173
What can be the possible number of IP addresses that can be assigned to the hosts present in a subnet having
255.255.255.224 subnet mask?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
A subnet with a mask of 255.255.255.224 (or /27 in CIDR notation) allows for 32 IP addresses in total.
However, the first address is reserved for the network address, and the last is reserved for the broadcast address. This leaves 30 usable IP addresses for hosts within the subnet.
References: This explanation is based on standard IP addressing rules and subnetting practices that are part of the foundational knowledge for network security and are covered in the EC-Council's Certified Network Defender (CND) program. The subnetting concept is also supported by resources such as IP subnet calculators and networking cheat sheets12.
NEW QUESTION # 174
Which of the following tool is used for passive attacks to capture network traffic?
- A. None
- B. warchalking
- C. Sniffer
- D. Intrusion prevention system
- E. Intrusion detection system
Answer: C
NEW QUESTION # 175
......
Get Latest 312-38 Dumps Exam Questions: https://drive.google.com/open?id=1z6B6ZNVEl6lLCsguGDjRdKr3mNtU9lrA
Full 312-38 Practice Test and 359 unique questions with explanations waiting just for you, get it now: https://www.dumpstests.com/312-38-latest-test-dumps.html