[Q130-Q154] Exam 312-38 Realistic Dumps Verified Questions Free [Dec 19, 2024]

Exam 312-38 Realistic Dumps Verified Questions Free [Dec 19, 2024]

Valid 312-38 Dumps for Helping Passing EC-COUNCIL Exam!

The EC-Council Certified Network Defender CND certification is ideal for individuals who are looking to pursue a career in network security and defense. It is also suitable for professionals who are already working in the field and are looking to enhance their skills and knowledge. The EC-Council CND exam is a rigorous test, and passing it demonstrates that a candidate has the necessary expertise to secure and defend a network against various cyber threats. It is an essential certification for professionals who are responsible for maintaining the security of their organization's network.

 

NEW QUESTION # 130
Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

• A. IsEncrypted Enabled
• B. Always Encrypted
• C. NeverEncrypted disabled
• D. Allow Encrypted

Answer: B

Explanation:
The 'Always Encrypted' feature in MS SQL Server is designed to protect sensitive data by performing encryption within client applications. It ensures that the encryption keys are never revealed to the Database Engine. This separation between data owners and data managers provides a secure environment where on-premises database administrators or cloud database operators do not have access to the encryption keys. Always Encrypted allows for a secure storage of sensitive data in the cloud and reduces the risk of data theft by malicious insiders1.

NEW QUESTION # 131
Michelle is a network security administrator working in an MNC company. She wants to set a resource limit for CPU in a container. Which command-line allows Michelle to limit a container to 2 CPUs?

• A. $cpu="2"
• B. --cpus="2"
• C. $cpus="2"
• D. --cpu="2"

Answer: B

Explanation:
In the context of containerization, setting resource limits is crucial for ensuring that applications do not consume more than their fair share of system resources. Michelle can limit a container to use only 2 CPUs by using the --cpus flag when running a container. This flag allows the user to specify the amount of CPU the container is limited to use. For example, --cpus="2" would restrict the container to using no more than two CPU cores.
References: This information is based on standard practices for managing Docker containers and their resources. The --cpus flag is a well-documented feature in Docker's command-line interface for controlling CPU usage1.

NEW QUESTION # 132
How is an "attack" represented?

• A. Motive (goal) + method
• B. Asset + Threat
• C. Asset + Threat + Vulnerability
• D. Motive (goal) + method + vulnerability

Answer: D

Explanation:
An "attack" in the context of network security is represented by a combination of a motive or goal, the method used to carry out the attack, and a vulnerability that can be exploited. The motive is the attacker's reason for conducting the attack, which could range from financial gain to espionage. The method refers to the technique or strategy the attacker uses to exploit a vulnerability. Finally, the vulnerability is a weakness in the system that allows an attacker to breach security measures. This representation aligns with the principles of risk assessment and threat modeling, which are critical components of network defense.
References: The explanation provided is based on standard network security practices and the Certified Network Defender (CND) curriculum, which emphasizes understanding the elements of an attack to effectively defend against them12.

NEW QUESTION # 133
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

• A. Buffer-overflow attack
• B. Smurf attack
• C. Bonk attack
• D. DDoS attack

Answer: D

NEW QUESTION # 134
Which of the following honeypots provides an attacker access to the real operating system without any
restriction and collects a vast amount of information about the attacker?

• A. High-interaction honeypot
• B. Medium-interaction honeypot
• C. Low-interaction honeypot
• D. Honeyd

Answer: A

Explanation:
A high-interaction honeypot offers a vast amount of information about attackers. It provides an attacker access
to the real operating system without any restriction. A high-interaction honeypot is a powerful weapon that
provides opportunities to discover new tools, to identify new vulnerabilities in the operating system, and to learn
how blackhats communicate with one another.
Answer option D is incorrect. A low-interaction honeypot captures limited amounts of information that are
mainly transactional data and some limited interactive information. Because of simple design and basic
functionality, low-interaction honeypots are easy to install, deploy, maintain, and configure. A low-interaction
honeypot detects unauthorized scans or unauthorized connection attempts. A low-interaction honeypot is like a
one-way connection, as the honeypot provides services that are limited to listening ports. Its role is very
passive and does not alter any traffic. It generates logs or alerts when incoming packets match their patterns.
Answer option B is incorrect. A medium-interaction honeypot offers richer interaction capabilities than a low-
interaction honeypot, but does not provide any real underlying operating system target. Installing and
configuring a medium-interaction honeypot takes more time than a low-interaction honeypot. It is also more
complicated to deploy and maintain as compared to a low-interaction honeypot. A medium-interaction honeypot
captures a greater amount of information but comes with greater risk. Answer option C is incorrect. Honeyd is
an example of a low-interaction honeypot.

NEW QUESTION # 135
Which of the following tools examines a system for a number of known weaknesses and alerts the
administrator?

• A. SAINT
• B. SATAN
• C. COPS
• D. Nessus

Answer: C

NEW QUESTION # 136
CSMA/CD is specified in which of the following IEEE standards?

• A. 802.1
• B. 802.2
• C. 802.3
• D. 802.15

Answer: C

NEW QUESTION # 137
What represents the ability of an organization to respond under emergency in order to minimize the damage to its brand name, business operation, and profit?

• A. Emergency management
• B. Disaster recovery
• C. Crisis management
• D. Incident management

Answer: C

Explanation:
Crisis management represents the ability of an organization to respond effectively during emergencies to minimize damage to its brand name, business operations, and profits. It involves identifying a threat to an organization and responding to it in a timely manner. Crisis management plans and processes can help an organization deal with unexpected events, ensuring that they are prepared to deal with potential disruptions.
This strategic management process is designed to protect an organization from various risks and to prevent these risks from becoming bigger issues.
References: The explanation aligns with the Certified Network Defender (CND) course objectives, which include understanding the principles of organizational security and the effective management of crises to protect the brand and profitability1.

NEW QUESTION # 138
Which of the following protocols is used in wireless networks?

• A. CSMA/CA
• B. ALOHA
• C. CSMA/CD
• D. CSMA

Answer: A

NEW QUESTION # 139
Which of the following is a physical security device designed to entrap a person on purpose?

• A. War Flying
• B. Mantrap
• C. Trap
• D. War Chalking

Answer: B

NEW QUESTION # 140
Which of the following is a technique for gathering information about a remote network protected by a firewall?

• A. Wardriving
• B. Warchalking
• C. Firewalking
• D. Wardialing

Answer: C

Explanation:
Fire walking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. If the firewall allows this crafted packet through, it forwards the packet to the next hop. On the next hop, the packet expires and elicits an ICMP
"TTL expired in transit" message to the attacker. If the firewall does not allow the traffic, there should be no response, or an ICMP "administratively prohibited" message should be returned to the attacker. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall. The main drawback of this technique is that if an administrator blocks ICMP packets from leaving the network, it is ineffective.
Answer option B is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.
Answer option C is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car.
Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Answer option D is incorrect. War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing.

NEW QUESTION # 141
Which of the following standards is approved by IEEE-SA for wireless personal area networks?

• A. 802.11a
• B. 802.1
• C. 802.16
• D. 802.15

Answer: D

NEW QUESTION # 142
Which characteristic of an antenna refers to how directional an antennas radiation pattern is?

• A. Typical gain
• B. Polarization
• C. Radiation pattern
• D. Directivity

Answer: C

NEW QUESTION # 143
Which of the following is a network layer protocol used to obtain an IP address for a given hardware (MAC) address?

• A. IP
• B. ARP
• C. PIM
• D. RARP

Answer: D

Explanation:
Reverse Address Resolution Protocol (RARP) is a Network layer protocol used to obtain an IP address for a given hardware (MAC) address. RARP is sort of the reverse of an ARP. Common protocols that use RARP are BOOTP and DHCP.
Answer option D is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.
Answer option B is incorrect. Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN, or the Internet. It is termed protocol-independent because PIM does not include its own topology discovery mechanism, but instead uses routing information supplied by other traditional routing protocols, such as Border Gateway Protocol (BGP).
Answer option A is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.
IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide.

NEW QUESTION # 144
Which of the following techniques uses a modem in order to automatically scan a list of telephone numbers?

• A. War dialing
• B. War driving
• C. Warchalking
• D. Warkitting

Answer: A

Explanation:
War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers (hackers that specialize in computer security) for password guessing.
Answer option C is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.
Answer option A is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car.
Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Answer option D is incorrect. Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all traffic for the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring of the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless routers were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing.

NEW QUESTION # 145
Which of the following can be performed with software or hardware devices in order to record everything a
person types using his or her keyboard?

• A. Keystroke logging
• B. Warchalking
• C. IRC bot
• D. War dialing

Answer: A

Explanation:
Keystroke logging is a method of logging and recording user keystrokes. It can be performed with software or
hardware devices. Keystroke logging devices can record everything a person types using his or her keyboard,
such as to measure employee's productivity on certain clerical tasks. These types of devices can also be used
to get usernames, passwords, etc.
Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of
telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems,
and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers
(hackers that specialize in computer security) for password guessing.
Answer option A is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.
Answer option D is incorrect. An Internet Relay Chat (IRC) bot is a set of scripts or an independent program
that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. An IRC
bot differs from a regular client in that instead of providing interactive access to IRC for a human user, it
performs automated functions.

NEW QUESTION # 146
Match the following NIST security life cycle components with their activities:

• A. 1-iv, 2-iii, 3-v, 4-i
• B. 1-ii, 2-i, 3-v, 4-iv
• C. 1-i, 2-v, 3-iii, 4-ii
• D. 1-iii, 2-iv, 3-v, 4-i

Answer: A

Explanation:
The NIST security life cycle components and their activities are correctly matched in option C:
Implement (1) corresponds with iv. Sets security controls within an enterprise architecture. This involves integrating the selected security controls into the enterprise architecture during the implementation phase.
Authorize (2) matches with iii. Determines risk to organizational operations and assets. Authorization involves assessing the risks to the organization's operations and assets and determining if the implemented controls are adequate.
Categorize (3) aligns with v. Defines criticality of information system according to potential worst-case. Categorization is the process of determining the criticality of information systems based on the potential impact of worst-case scenarios.
Select (4) is associated with i. Determines security control effectiveness. Selection involves choosing the appropriate security controls and determining their effectiveness in protecting the system.

NEW QUESTION # 147
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

• A. LIDS
• B. Cain
• C. Libnids
• D. Dsniff

Answer: D

Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux operating system.

NEW QUESTION # 148
In which of the following conditions does the system enter ROM monitor mode? Each correct answer
represents a complete solution. Choose all that apply.

• A. There is a need to set operating parameters.
• B. The router does not find a valid operating system image.
• C. The router does not have a configuration file.
• D. The user interrupts the boot sequence.

Answer: B,D

Explanation:
The system enters ROM monitor mode if the router does not find a valid operating system image, or if a user
interrupts the boot sequence. From ROM monitor mode, a user can boot the device or perform diagnostic
tests.
Answer option A is incorrect. If the router does not have a configuration file, it will automatically enter Setup
mode when the user switches it on. Setup mode creates an initial configuration.
Answer option B is incorrect. Privileged EXEC is used for setting operating parameters.

NEW QUESTION # 149
Adam, a malicious hacker, is sniffing an unprotected Wi-FI network located in a local store with Wireshark to capture hotmail e-mail traffic. He knows that lots of people are using their laptops for browsing the Web in the store. Adam wants to sniff their e-mail messages traversing the unprotected Wi-Fi network. Which of the following Wireshark filters will Adam configure to display only the packets with hotmail email messages?

• A. (http contains "email") && (http contains "hotmail")
• B. (http = "login.pass.com") && (http contains "SMTP")
• C. (http = "login.passport.com") && (http contains "POP3")
• D. (http contains "hotmail") && (http contains "Reply-To")

Answer: D

NEW QUESTION # 150
Which of the following attacks are computer threats that try to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct answer represents a complete solution. Choose all that apply.

• A. Spoofing
• B. Zero-hour
• C. Zero-day
• D. Buffer overflow

Answer: B,C

Explanation:
A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User awareness training is the most effective technique to mitigate such attacks. Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer option A is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application.

NEW QUESTION # 151
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

• A. Cold site
• B. Warm site
• C. Hot site
• D. Off site

Answer: A

Explanation:
A cold site provides an office space, and in some cases basic equipment. However, you will need to restore your data to that equipment in order to use it. This is a much less expensive solution than the hot site. Answer option C is incorrect. A hot site has equipment installed, configured and ready to use. This may make disaster recovery much faster, but will also be more expensive. And a school district can afford to be down for several hours before resuming IT operations, so the less expensive option is more appropriate. Answer option A is incorrect. A warm site is between a hot and cold site. It has some equipment ready and connectivity ready. However, it is still significantly more expensive than a cold site, and not necessary for this scenario. Answer option D is incorrect. Off site is not any type of backup site terminology.

NEW QUESTION # 152
Which of the following is a worldwide organization that aims to establish, refine, and promote Internet security standards?

• A. ANSI
• B. WASC
• C. ITU
• D. IEEE

Answer: B

NEW QUESTION # 153
Fill in the blank with the appropriate term. The ______________layer establishes, manages, and terminates the connections between the local and remote application.

Answer:

Explanation:
session

NEW QUESTION # 154
......

The EC-Council Certified Network Defender (CND) certification exam covers a wide range of topics, including network security essentials, network defense fundamentals, network perimeter defense, network security threats and vulnerabilities, network security architecture, network security operations and incident response. 312-38 exam assesses the candidate's ability to implement security policies, monitor network activity, detect and respond to security incidents, and develop network security strategies.

 

312-38 Exam Dumps For Certification Exam Preparation: https://braindump2go.examdumpsvce.com/312-38-valid-exam-dumps.html