Latest 312-38 Exam Real Tests Free Updated Today
312-38 Real Exam Question Answers Updated [Feb 15, 2023]
Final Thoughts
With the recent technological advancements, computer networks are no longer the simple connection of servers and systems managed by network administrators they used to be. They are complex infrastructures that have reduced the globe to a small village. But with this comes the consistent threat of digital attacks. To evade such incidents, most of the independent certification vendors such as the EC-Council are moving ahead of time to create certification paths to validate security experts who can act as the last line of defense against security incidents. Well, if getting a job in this path makes sense to you, check out the EC-Council Certified Network Defender designation alongside 312-38 evaluation. Simply put, it is a rewarding career track, to say the least.
NEW QUESTION 55
CORRECT TEXT
Fill in the blank with the appropriate file system. Alternate Data Streams (ADS) is a feature of the______________ file system, allowing more than one data stream to be associated with a filename.
Answer:
Explanation:
NTFS
Explanation:
Alternate Data Streams (ADS) is a feature of the NTFS file system that allows more than one data stream to be associated with a filename, using the filename format "filename:streamname". Alternate streams are not listed in Windows Explorer, and their size is not included in the file size. ADS provides the hacker a place to hide root kits or hacker tools, which can be executed without being detected by the system administrator. Alternate Data Streams are strictly a feature of the NTFS file system. Alternate Data Streams may be used as a method of hiding executables or proprietary content.
NEW QUESTION 56
Which of the following is a protocol that describes an approach to providing "streamlined" support of OSI application services on top of TCP/IP-based networks for some constrained environments?
- A. Dynamic Host Configuration Protocol
- B. Internet Relay Chat Protocol
- C. Lightweight Presentation Protocol
- D. Network News Transfer Protocol
Answer: C
Explanation:
Lightweight Presentation Protocol (LPP) is a protocol that describes an approach to providing "streamlined" support of OSI application services on top of TCP/IP-based networks for some constrained environments. This protocol was initially derived from a requirement to run the ISO Common Management Information Protocol (CMIP) in TCP/IP-based networks. This protocol is designed for a particular class of OSI applications, namely those entities whose application context includes only an Association Control Service Element (ACSE) and a Remote Operations Service Element (ROSE). Answer option D is incorrect. The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Answer option A is incorrect. Answer option C is incorrect. Internet Relay Chat (IRC) is a chat service, which is a client-server protocol that supports real-time text chat between two or more users over a TCPIP network.
NEW QUESTION 57
Which of the following is a standard-based protocol that provides the highest level of VPN security?
- A. L2TP
- B. IP
- C. IPSec
- D. PPP
Answer: C
Explanation:
Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security.
IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the
L2TP protocol. It secures both data and password. IPSec cannot be used with Point-to-Point Tunneling
Protocol (PPTP).
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a
packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.IP is the primary
protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol
datagrams (packets) from the source host to the destination host solely based on their addresses. For this
purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The
first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the
dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed
actively worldwide.
Answer option C is incorrect. Point-to-Point Protocol (PPP) is a remote access protocol commonly used to
connect to the Internet. It supports compression and encryption and can be used to connect to a variety of
networks. It can connect to a network running on the IPX, TCP/IP, or NetBEUI protocol. It supports multi-
protocol and dynamic IP assignments. It is the default protocol for the Microsoft Dial-Up adapter.
Answer option A is incorrect. Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point
Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer
of Point-to-Point Protocol (PPP) traffic between different networks. L2TP combines with IPSec to provide
tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol
packets across IP networks.
NEW QUESTION 58
Which of the following is a standard-based protocol that provides the highest level of VPN security?
- A. L2TP
- B. IP
- C. IPSec
- D. PPP
Answer: C
Explanation:
Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security.
IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password. IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP).
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide.
Answer option C is incorrect. Point-to-Point Protocol (PPP) is a remote access protocol commonly used to connect to the Internet. It supports compression and encryption and can be used to connect to a variety of networks. It can connect to a network running on the IPX, TCP/IP, or NetBEUI protocol. It supports multi- protocol and dynamic IP assignments. It is the default protocol for the Microsoft Dial-Up adapter.
Answer option A is incorrect. Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer of Point-to-Point Protocol (PPP) traffic between different networks. L2TP combines with IPSec to provide tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol packets across IP networks.
NEW QUESTION 59
Which of the following attacks are computer threats that try to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct answer represents a complete solution. Choose all that apply.
- A. Zero-day
- B. Buffer overflow
- C. Zero-hour
- D. Spoofing
Answer: A,C
Explanation:
A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User awareness training is the most effective technique to mitigate such attacks.
Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected.
Answer option A is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application.
NEW QUESTION 60
Which of the following types of coaxial cable is used for cable TV and cable modems?
- A. RG-8
- B. RG-59
- C. RG-62
- D. RG-58
Answer: B
Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option A is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet
LAN environment and often connects one wiring closet to another. It is also known as 10Base5 or
ThickNet.
Answer option B is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio
antennas.
Answer option D is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband
signaling and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.
NEW QUESTION 61
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?
- A. NetResident
- B. Wireshark
- C. None
- D. Bridle
- E. NetWitness
Answer: B
Explanation:
Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.
Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features:
Data can be captured "from the wire" from a live network connection or read from a file that records the already-captured packets.
Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
Data display can be refined using a display filter. Plugins can be created for dissecting new protocols.
Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures.
Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity.
Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events and activities.
NEW QUESTION 62
Which of the following layers of the OSI model provides interhost communication?
- A. Transport layer
- B. Network layer
- C. Session layer
- D. Application layer
Answer: C
NEW QUESTION 63
Fill in the blank with the appropriate term. ______________is a method for monitoring the e-mail delivery to the intended recipient.
Answer:
Explanation:
Email tracking
NEW QUESTION 64
Which of the following is a credit card-sized device used to securely store personal information and used in conjunction with a PIN number to authenticate users?
- A. Proximity card
- B. Java card
- C. Smart card
- D. SD card
Answer: C
NEW QUESTION 65
Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?
- A. Link layer
- B. Transport Layer
- C. Internet layer
- D. Application layer
Answer: A
NEW QUESTION 66
Which of the following ranges of addresses can be used in the first octet of a Class B network address?
- A. 0-127
- B. 192-223
- C. 128-191
- D. 224-255
Answer: C
NEW QUESTION 67
FILL BLANK
Fill in the blank with the appropriate term. ______________ is an open wireless technology standard for
exchanging data over short distances from fixed and mobile devices.
Answer:
Explanation:
Bluetooth
Explanation:
Bluetooth is an open wireless technology standard for exchanging data over short distances from fixed and
mobile devices,
creating personal area networks with high levels of security. Created by telecoms vendor Ericsson in 1994, it
was originally conceived as a wireless alternative to RS-232 data cables. It can connect several devices,
overcoming problems of synchronization. Today Bluetooth is managed by the Bluetooth Special Interest Group.
NEW QUESTION 68
Which of the following are the valid steps for securing routers? Each correct answer represents a complete solution. Choose all that apply.
- A. Use a complex password for a router's administrative console.
- B. Use a password that is easy to remember for a router's administrative console.
- C. Keep routers updated with the latest security patches.
- D. Configure access list entries to prevent unauthorized connections and traffic routing.
Answer: A,C,D
NEW QUESTION 69
Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this source address signify?
- A. This source address is IPv6 and translates as 13.1.68.3
- B. This source address signifies that the originator is using 802dot1x to try and penetrate into Frank's network
- C. This means that the source is using IPv4
- D. This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.
Answer: C
NEW QUESTION 70
John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1=2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1=2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?
- A. Computer-based social engineering
- B. Cookie poisoning
- C. Man-in-the-middle attack
- D. Cross site scripting
Answer: B
Explanation:
John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:
For example:
The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.
Original cookie values:
ItemID1= 2
ItemPrice1=900
ItemID2=1
ItemPrice2=200
Modified cookie values:
ItemID1= 2
ItemPrice1=1
ItemID2=1
ItemPrice2=1
Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price.
Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values:
Original cookie values:
LoggedIn= True
Username = Mark
Modified cookie values:
LoggedIn= True
Username = Admin
Now, after modifying the cookie values, the attacker can do the admin login.
Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site.
When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client- side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.
NEW QUESTION 71
In an Ethernet peer-to-peer network, which of the following cables is used to connect two computers, using RJ-
45 connectors and Category-5 UTP cable?
- A. Crossover
- B. Loopback
- C. Serial
- D. Parallel
Answer: A
Explanation:
In an Ethernet peer-to-peer network, a crossover cable is used to connect two computers, using RJ-45 connectors and Category-5 UTP cable.
Answer options D and A are incorrect. Parallel and serial cables do not use RJ-45 connectors and Category-5 UTP cable. Parallel cables are used to connect printers, scanners etc., to computers, whereas serial cables are used to connect modems, digital cameras etc., to computers.
Answer option B is incorrect. A loopback cable is used for testing equipments.
NEW QUESTION 72
Which of the following systems is formed by a group of honeypots?
- A. Research honeypot
- B. Production honeypot
- C. Honeynet
- D. Honeyfarm
Answer: C
NEW QUESTION 73
Which of the following phases is the first step towards creating a business continuity plan?
- A. Business Impact Assessment
- B. Business Continuity Plan Development
- C. Scope and Plan Initiation
- D. Plan Approval and Implementation
Answer: C
NEW QUESTION 74
Which of the following attacks, the attacker cannot use the software, which is trying a number of key combinations in order to obtain your password?
- A. Shock brutal force
- B. Smurf attack
- C. Zero-day attack
- D. Buffer overflow
- E. None
Answer: A
NEW QUESTION 75
Which of the following is a free security-auditing tool for Linux?
- A. HPing
- B. SATAN
- C. SAINT
- D. Nessus
Answer: D
Explanation:
Explanation
NEW QUESTION 76
CORRECT TEXT
Fill in the blank with the appropriate term.
A ______________ is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Answer:
Explanation:
honeypot
Explanation:
A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers.
NEW QUESTION 77
......
Latest 312-38 Study Guides 2023 - With Test Engine PDF: https://www.dumpstillvalid.com/312-38-prep4sure-review.html
Easily To Pass New EC-COUNCIL 312-38 Dumps with 171 Questions: https://drive.google.com/open?id=1jpyMjn7S33GUNH496LvoRIXo6JSvkMAL
