• Home
  • Articles
  • [May-2022] Exam Sure Pass EC-COUNCIL Certification with 312-38 exam questions [Q15-Q34]

[May-2022] Exam Sure Pass EC-COUNCIL Certification with 312-38 exam questions [Q15-Q34]

Share

[May-2022] Exam Sure Pass EC-COUNCIL Certification with 312-38 exam questions

Real EC-COUNCIL 312-38 Exam Questions Study Guide


The EC-Council 312-38 is a mandatory exam for all candidates pursuing the EC-Council Certified Network Defender (CND) certification. This is a skill-based learning path that aims to create competent network administrators who can protect, detect, and respond to rampant security threats on computer networks.


Understanding functional and technical aspects of Certified Network Defender Security Principles and Practices

The following will be discussed in ECCOUNCIL EC 312-38 exam dumps:

  • Describe the different instances of organization level assault strategies
  • Describe the different instances of email assault methods
  • Discuss different cryptographic calculations
  • Understand firewall security concerns, abilities, and impediments
  • Discuss the determination of fitting IDS arrangements
  • Learn to how to manage bogus positive and bogus negative IDS cautions
  • Describe Attacker's Hacking Methodologies and Frameworks
  • Leverage Zero Trust Model Security utilizing Programming Defined Perimeter (SDP)
  • Distributed and Mobile Computing World
  • Discuss security advantages of organization division strategies
  • Discuss different Regulatory Frameworks, Laws, and Acts
  • Describe the different instances of applicationlevel assault strategies
  • Discuss different fundamental organization security arrangements
  • Discuss different NIDS and HIDS Solutions with their interruption location capacities
  • Describe the different instances of host-level assault strategies
  • Explain Continual/Adaptive security procedure
  • Learn to plan and foster security approaches
  • Select firewalls dependent on its profound traffic examination ability
  • Obtain consistence with administrative structures
  • Discuss different fundamental organization security conventions
  • Describe the different instances of cloud-explicit assault methods
  • Discuss cryptographic security procedures
  • Discuss switch and switch safety efforts, proposals, and best practices
  • Describe the different instances of social designing assault strategies
  • Discuss IDS/IPS arrangement - Discuss different parts of IDS - Discuss viable organization of organization and host-based IDS
  • Discuss Identity and Access Management (IAM) ideas
  • Discuss suggestions and best practices for secure firewall Implementation and arrangement
  • Discuss firewall execution and sending measure
  • Understand firewall geographies and their use - Distinguish between equipment, programming, have, network, inner, and outer firewalls
  • Conduct security mindfulness preparing
  • Explain fundamental wordings identified with network security assaults
  • Describe the different instances of cell phone explicit assault methods
  • Discuss other regulatory safety efforts
  • Explain protection top to bottom security system
  • Understand principal objective, advantages, and difficulties in network protection
  • Discuss access control standards, wordings, and models

 

NEW QUESTION 15
Which of the following types of coaxial cable is used for cable TV and cable modems?

  • A. RG-62
  • B. RG-59
  • C. RG-8
  • D. RG-58

Answer: B

Explanation:
Explanation/Reference:
Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option D is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet LAN environment and often connects one wiring closet to another. It is also known as 10Base5 or ThickNet.
Answer option A is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio antennas.
Answer option C is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband signaling and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.

 

NEW QUESTION 16
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

  • A. Bonk attack
  • B. Smurf attack
  • C. Buffer-overflow attack
  • D. DDoS attack

Answer: D

Explanation:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack. Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests. Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks: stack-based buffer overflow attack: Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow. heap-based buffer overflow attack: Heap-based overflow attack floods the memory space reserved for the programs. Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-ofservice (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.

 

NEW QUESTION 17
Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic?

  • A. PSAD
  • B. Nmap
  • C. NetRanger
  • D. Hping

Answer: A

Explanation:
PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic. It includes many signatures from the IDS to detect probes for various backdoor programs such as EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS). If it is combined with fwsnort and the Netfilter string match extension, it detects most of the attacks described in the Snort rule set that involve application layer data.
Answer option C is incorrect. NetRanger is the complete network configuration and information toolkit that includes the following tools: Ping tool, Trace Route tool, Host Lookup tool, Internet time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool, manage dialup connections tool, Quote of the day tool, and monitor Network Settings tool. These tools are integrated in order to use an application interface with full online help. NetRanger is designed for both new and experienced users. This tool is used to help diagnose network problems and to get information about users, hosts, and networks on the Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection technologies in order to be very fast and efficient.
Answer option D is incorrect. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows, etc.

 

NEW QUESTION 18
Which of the following IEEE standards defines a physical bus topology?

  • A. 802.5
  • B. 802.3
  • C. 802.6
  • D. 802.4

Answer: D

 

NEW QUESTION 19
Network security is the specialist area, which consists of the provisions and policies adopted by the Network Administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. For which of the following reasons is network security needed?
Each correct answer represents a complete solution. Choose all that apply.

  • A. To protect private information on the Internet
  • B. To protect information from loss and deliver it to its destination properly
  • C. To protect information from unwanted editing, accidentally or intentionally by unauthorized users
  • D. To prevent a user from sending a message to another user with the name of a third person

Answer: A,B,C,D

Explanation:
Explanation
Explanation:
Network security is needed for the following reasons:
To protect private information on the Internet
To protect information from unwanted editing, accidentally or intentionally by unauthorized users To protect information from loss and deliver it to its destination properly To prevent a user from sending a message to another user with the name of a third person

 

NEW QUESTION 20
Which of the following are used as a cost estimating technique during the project planning stage?Each correct answer represents a complete solution. Choose three.

  • A. Program Evaluation Review Technique (PERT)
  • B. Function point analysis
  • C. Delphi technique
  • D. Expert judgment

Answer: B,C,D

Explanation:
Delphi technique, expert judgment, and function point analysis are used as a cost estimating technique during the project planning stage. Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a questionnaire from different experts and their inputs are organized according to their contents. The collected responses are sent back to these experts for further input, addition, and comments. The final list of risks in the project is prepared after that. The participants in this technique are anonymous and therefore it helps prevent a person from unduly influencing the others in the group. The Delphi technique helps in reaching the consensus quickly. Expert judgment is a technique based on a set of criteria that has been acquired in a specific knowledge area or product area. It is obtained when the project manager or project team requires specialized knowledge that they do not possess. Expert judgment involves people most familiar with the work of creating estimates. Preferably, the project team member who will be doing the task should complete the estimates. Expert judgment is applied when performing administrative closure activities, and experts should ensure the project or phase closure is performed to the appropriate standards. A function point is a unit of measurement to express the amount of business functionality an information system provides to a user. Function points are the units of measure used by the IFPUG Functional Size Measurement Method. The IFPUG FSM Method is an ISO recognized software metric to size an information system based on the functionality that is perceived by the user of the information system, independent of the technology used to implement the information system. Answer option B is incorrect. A PERT chart is a project management tool used to schedule, organize, and coordinate tasks within a project. PERT stands for Program Evaluation Review Technique, a methodology developed by the U.S. Navy in the 1950s to manage the Polaris submarine missile program. A PERT chart presents a graphic illustration of a project as a network diagram consisting of numbered nodes (either circles or rectangles) representing events, or milestones in the project linked by labeled vectors (directional lines) representing tasks in the project. The direction of the arrows on the lines indicates the sequence of tasks.

 

NEW QUESTION 21
Which of the following OSI layers is sometimes called the syntax layer?

  • A. Data link layer
  • B. Application layer
  • C. Presentation layer
  • D. Physical layer

Answer: C

 

NEW QUESTION 22
Brendan wants to implement a hardware based RAID system in his network. He is thinking of choosing a suitable RAM type for the architectural setup in the system. The type he is interested in provides access times of up to 20 ns. Which type of RAM will he select for his RAID system?

  • A. NVRAM
  • B. SRAM
  • C. NAND flash memory
  • D. SDRAM

Answer: B

 

NEW QUESTION 23
You are an Administrator for a network at an investment bank. You are concerned about individuals breeching your network and being able to steal data before you can detect their presence and shut down their access. Which of the following is the best way to address this issue?

  • A. Implement a honey pot.
  • B. Implement a strong firewall.
  • C. Implement network based anti virus.
  • D. Implement a strong password policy.

Answer: A

Explanation:
A honey pot is designed to attract intruders to a false server that has no real data (but may seem to have valuable data). The specific stated purpose of a honey pot is as a backup plan in case an intruder does gain access to your network. Answer option B is incorrect. The firewall may help reduce the chance of an intruder gaining access, but won't help protect you once they have gained access.

 

NEW QUESTION 24
Which of the following is the primary international body for fostering cooperative standards for telecommunications equipment and systems?

  • A. ICANN
  • B. NIST
  • C. CCITT
  • D. IEEE

Answer: C

Explanation:
CCITT is the primary international body for fostering cooperative standards for telecommunications equipment and systems. It is now known as the ITU-T (for Telecommunication Standardization Sector of the International Telecommunications Union). The ITU-T mission is to ensure the efficient and timely production of standards covering all fields of telecommunications on a worldwide basis, as well as defining tariff and accounting principles for international telecommunication services. Answer option A is incorrect. Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization that oversees the allocation of IP addresses, management of the DNS infrastructure, protocol parameter assignment, and root server system management. Answer option B is incorrect. The Institute of Electrical and Electronic Engineers (IEEE) is a society of technical professionals. It promotes the development and application of electrotechnology and allied sciences. IEEE develops communications and network standards, among other activities. The organization publishes number of journals, has many local chapters, and societies in specialized areas. Answer option C is incorrect. The National Institute of Standards and Technology (NIST), known between 1901 and 1988 as the National Bureau of Standards (NBS), is a measurement standards laboratory which is a non-regulatory agency of the United States Department of Commerce. The institute's official mission is as follows: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. NIST had an operating budget for fiscal year 2007 (October 1, 2006-September 30, 2007) of about $843.3 million. NIST's 2009 budget was $992 million, but it also received $610 million as part of the American Recovery and Reinvestment Act. NIST employs about 2,900 scientists, engineers, technicians, and support and administrative personnel. About 1,800 NIST associates (guest researchers and engineers from American companies and foreign nations) complement the staff. In addition, NIST partners with 1,400 manufacturing specialists and staff at nearly 350 affiliated centers around the country.

 

NEW QUESTION 25
Which of the following is a telecommunication service designed for cost-efficient data transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area network (WAN)?

  • A. Frame relay
  • B. X.25
  • C. PPP
  • D. ISDN
  • E. None

Answer: A

Explanation:
Frame relay is a telecommunication service designed for cost-efficient data transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area network (WAN). Frame relay puts data in a variable-size unit called a frame. It checks for lesser errors as compared to other traditional forms of packet switching and hence speeds up data transmission. When an error is detected in a frame, it is simply dropped. The end points are responsible for detecting and retransmitting dropped frames.
Answer option C is incorrect. Integrated Services Digital Network (ISDN) is a digital telephone/ telecommunication network that carries voice, data, and video over an existing telephone network infrastructure. It requires an ISDN modem at both the ends of a transmission. ISDN is designed to provide a single interface for hooking up a telephone, fax machine, computer, etc. ISDN has two levels of service, i.e., Basic Rate Interface (BRI) and Primary Rate Interface (PRI).
Answer option A is incorrect. The Point-to-Point Protocol, or PPP, is a data link protocol commonly used to establish a direct connection between two networking nodes. It can provide connection authentication, transmission encryption privacy, and compression. PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older, non- standard Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous network layer protocols, including Internet Protocol (IP), Novell's Internetwork Packet Exchange (IPX), NBF, and AppleTalk.
Answer option D is incorrect. The X.25 protocol, adopted as a standard by the Consultative Committee for International Telegraph and Telephone (CCITT), is a commonly-used network protocol. The X.25 protocol allows computers on different public networks (such as CompuServe, Tymnet, or a TCP/IP network) to communicate through an intermediary computer at the network layer level. X.25's protocols correspond closely to the data-link and physical-layer protocols defined in the Open Systems Interconnection (OSI) communication model.

 

NEW QUESTION 26
Which of the following IP class addresses are not allotted to hosts? Each correct answer represents a complete solution. Choose all that apply.

  • A. Class A
  • B. Class D
  • C. Class C
  • D. Class B
  • E. Class E

Answer: B,E

Explanation:
Class addresses D and E are not allotted to hosts. Class D addresses are reserved for multicasting, and their address range can extend from 224 to 239. Class E addresses are reserved for experimental purposes. Their addresses range from 240 to 254.
Answer option A is incorrect. Class A addresses are specified for large networks. It consists of up to
16,777,214 client devices (hosts), and their address range can extend from 1 to 126.
Answer option B is incorrect. Class B addresses are specified for medium size networks. It consists of up to
65,534 client devices, and their address range can extend from 128 to 191.
Answer option E is incorrect. Class C addresses are specified for small local area networks (LANs). It consists of up to 245 client devices, and their address range can extend from 192 to 223.

 

NEW QUESTION 27
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

  • A. Wireshark
  • B. Bridle
  • C. NetWitness
  • D. NetResident
  • E. None

Answer: A

Explanation:
Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet
sniffer computer application. It is used for network troubleshooting, analysis, software and communications
protocol development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end,
and many more information sorting and filtering options. It allows the user to see all traffic being passed over
the network (usually an Ethernet network but support is being added for others) by putting the network interface
into promiscuous mode.
Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by
pcap. It has the following features:
Data can be captured "from the wire" from a live network connection or read from a file that records the
already-captured packets.
Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility,
tshark.
Captured files can be programmatically edited or converted via command-line switches to the "editcap"
program.
Data display can be refined using a display filter. Plugins can be created for dissecting new protocols.
Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that
operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures.
Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity.
Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events
and activities.

 

NEW QUESTION 28
Which of the following policies helps in defining what users can and should do to use network and
organization's computer equipment?

  • A. IT policy
  • B. User policy
  • C. Remote access policy
  • D. General policy

Answer: B

Explanation:
A user policy helps in defining what users can and should do to use network and organization's computer
equipment. It also defines what limitations are put on users for maintaining the network secure such as
whether users can install programs on their workstations, types of programs users are using, and how users
can access data.
Answer option C is incorrect. IT policy includes general policies for the IT department. These policies are
intended to keep the network secure and stable. It includes the following:
Virus incident and security incident
Backup policy
Client update policies
Server configuration, patch update, and modification policies (security)
Firewall policies Dmz policy, email retention, and auto forwarded email policy
Answer option A is incorrect. It defines the high level program policy and business continuity plan.
Answer option B is incorrect. Remote access policy is a document that outlines and defines acceptable
methods of remotely connecting to the internal network.

 

NEW QUESTION 29
Which of the following systems includes an independent NAS Head and multiple storage arrays?

  • A. Gateway NAS System
  • B. Integrated NAS System
  • C. None of these
  • D. FreeNAS

Answer: A

 

NEW QUESTION 30
In which of the following conditions does the system enter ROM monitor mode? Each correct answer represents a complete solution. Choose all that apply.

  • A. There is a need to set operating parameters.
  • B. The user interrupts the boot sequence.
  • C. The router does not find a valid operating system image.
  • D. The router does not have a configuration file.

Answer: B,C

Explanation:
The system enters ROM monitor mode if the router does not find a valid operating system image, or if a user interrupts the boot sequence. From ROM monitor mode, a user can boot the device or perform diagnostic tests.
Answer option A is incorrect. If the router does not have a configuration file, it will automatically enter Setup mode when the user switches it on. Setup mode creates an initial configuration.
Answer option B is incorrect. Privileged EXEC is used for setting operating parameters.

 

NEW QUESTION 31
Which of the following examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations?

  • A. Network Behavior Analysis
  • B. Network-based Intrusion Prevention
  • C. Wireless Intrusion Prevention System
  • D. Host-based Intrusion Prevention

Answer: A

Explanation:
Network Behavior Analysis examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations. Answer option B is incorrect. Network-based Intrusion Prevention (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. Answer option C is incorrect. Wireless Intrusion Prevention System (WIPS) monitors a wireless network for suspicious traffic by analyzing wireless networking protocols. Answer option D is incorrect. Host-based Intrusion Prevention (HIPS) is an installed software package that monitors a single host for suspicious activity by analyzing events occurring within that host.

 

NEW QUESTION 32
Which of the following is a type of VPN that involves a single VPN gateway?

  • A. Extranet-based VPN
  • B. Remote-access VPN
  • C. Intranet-based VPN
  • D. PPTP VPN

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 33
To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?

  • A. Prudent policy
  • B. Paranoid policy
  • C. Promiscuous policy
  • D. Permissive policy

Answer: A

 

NEW QUESTION 34
......


Understanding functional and technical aspects of Certified Network Defender Business Principles and Practices

The following will be discussed in ECCOUNCIL EC 312-38 exam dumps:

  • Wireless Intrusion Prevention System (WIPS) and/or rogue AP detection
  • Network and service availability
  • Verify and document that design requirements are met including coverage, throughput, roaming, and connectivity with a post-implementation validation survey (CHAPTER 12)
  • Locate and identify sources of RF interference (CHAPTER 12)
  • Identify sources of RF interference from non-802.11 wireless devices based on the investigation of airtime and frequency utilization
  • Best practices in secure management protocols (e.g. encrypted management HTTPS, SNMPv3, SSH2, VPN and password management)
  • Identify RF disruption from 802.11 wireless devices including contention vs. interference and causes/sources of both including co-channel contention (CCC), overlapping channels, and 802.11 wireless device proximity
  • Protocol and spectrum analyzers

 

Updated and Accurate 312-38 Questions for passing the exam Quickly: https://examsdocs.dumpsquestion.com/312-38-exam-dumps-collection.html

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam

Copyright © 2026 DumpsQuestion NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy