312-38 Practice Exam Tests Latest Updated on Dec-2021 [Q46-Q63]

Share

312-38 Practice Exam Tests Latest Updated on Dec-2021

Pass 312-38 Exam in First Attempt Guaranteed Dumps!


How to study the Certified Network Defender

This is exam is very difficult for those candidates who don’t practice during preparation and candidates need a lab for practicing. If you have completed CND training (online, instructor-led, or academia learning), you are eligible to attempt the CEH examination. Once approved, the applicant will be sent instructions on purchasing a voucher from EC-Council store directly. EC-Council will then send the candidate the voucher code which candidate can use to register and schedule the test. Then practical exposure is much required to understand the contents of the exam. So, if anyone is associated with some kinds of an organization where he has opportunities to practice but if you can’t afford the lab and don’t have time to practice. So, ValidTorrent is the solution to this problem. We provide the best ECCOUNCIL EC 312-38 dumps and practice test for your preparation. ECCOUNCIL EC 312-38 dumps to ensure your success in BCS Exam at first attempt. Our EC 312-38 dumps are updated on regular basis. ValidTorrent has the combination of PDF and VCE file that will be much helpful for candidates in passing the exam. ValidTorrent provides verified questions with relevant answers which will be asked from candidates in their final exam. So, it makes it for candidates to get good grades in the final exam and one of the best features is we also provide ECCOUNCIL EC 312-38 dumps in PDF format which is candidates can download and study offline. Use our ECCOUNCIL EC 312-38 practice exams and ECCOUNCIL EC 312-38 practice tests for preparing these topics.

 

NEW QUESTION 46
Which of the following is also known as stateful firewall?

  • A. PIX firewall
  • B. Stateless firewall
  • C. Dynamic packet-filtering firewall
  • D. DMZ

Answer: C

 

NEW QUESTION 47
Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?

  • A. Confidentiality
  • B. Non-repudiation
  • C. Integrity
  • D. Authentication

Answer: B

 

NEW QUESTION 48
FILL BLANK
Fill in the blank with the appropriate term.
A ______________ is a physical or logical subnetwork that contains and exposes external services of an
organization to a larger network.

Answer:

Explanation:
demilitarized zone
Explanation:
A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of
an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of
security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in
the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in
the internal network, though communication with other hosts in the DMZ and to the external network is allowed.
This allows hosts in the DMZ to provide services to both the internal and external networks, while an
intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ
configuration, most computers on the LAN run behind a firewall connected to a public network such as the
Internet.

 

NEW QUESTION 49
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP,
etc.

  • A. Cain
  • B. Dsniff
  • C. LIDS
  • D. Libnids

Answer: B

Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc. Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks: Dictionary attack Brute force attack Rainbow attack Hybrid attack Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux operating system.

 

NEW QUESTION 50
Which of the following analyzes network traffic to trace specific transactions and can intercept and log traffic
passing over a digital network? Each correct answer represents a complete solution. Choose all that apply.

  • A. Performance Monitor
  • B. Spectrum analyzer
  • C. Protocol analyzer
  • D. Wireless sniffer

Answer: C,D

Explanation:
Protocol analyzer (also known as a network analyzer, packet analyzer or sniffer, or for particular types of
networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept
and log traffic passing over a digital network. As data streams flow across the network, the sniffer captures
each packet and, if needed, decodes and analyzes its content according to the appropriate RFC or other
specifications.
Answer option D is incorrect. Performance Monitor is used to get statistical information about the hardware and
software components of a server.
Answer option B is incorrect. A spectrum analyzer, or spectral analyzer, is a device that is used to examine the
spectral composition of an electrical, acoustic, or optical waveform. It may also measure the power spectrum.

 

NEW QUESTION 51
CORRECT TEXT
Fill in the blank with the appropriate term. A______________________ network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used for preventing the collision of data between two computers that want to send messages at the same time.

Answer:

Explanation:
Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second. Working: Empty information frames are constantly circulated on the ring. When a computer has a message to send, it adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is then observed by each successive workstation. If the workstation sees that it is the destination for the message, it copies the message from the frame and modifies the token back to 0.When the frame gets back to the originator, it sees that the token has been modified to 0 and that the message has been copied and received. It removes the message from the particular frame.The frame continues to circulate as an empty frame, ready to be taken by a workstation when it has a message to send.

 

NEW QUESTION 52
Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?

  • A. Switch
  • B. Gateway
  • C. Router
  • D. Bridge

Answer: B

Explanation:
A gateway is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as a translator and a router. Gateways are slower than bridges and routers. A gateway is an application layer device.
Answer option B is incorrect. A router is an electronic device that interconnects two or more computer networks. It selectively interchanges packets of data between them. It is a networking device whose software and hardware are customized to the tasks of routing and forwarding information. It helps in forwarding data packets between networks.
Answer option C is incorrect. A bridge is an interconnectivity device that connects two local area networks (LANs) or two segments of the same LAN using the same communication protocols, and provides address filtering between them. Users can use this device to divide busy networks into segments and reduce network traffic. A bridge broadcasts data packets to all the possible destinations within a specific segment. Bridges operate at the data-link layer of the OSI model.
Answer option D is incorrect. A switch is a network device that selects a path or circuit for sending a data unit to its next destination. It is not required in smaller networks, but is required in large inter-networks, where there can be many possible ways of transmitting a message from a sender to destination. The function of switch is to select the best possible path.
On an Ethernet local area network (LAN), a switch determines from the physical device (Media Access Control or MAC) address in each incoming message frame which output port to forward it to and out of. In a wide area packet-switched network, such as the Internet, a switch determines from the IP address in each packet which output port to use for the next part of its trip to the intended destination.

 

NEW QUESTION 53
Identify the type of event that is recorded when an application driver loads successfully in Windows.

  • A. Success Audit
  • B. Information
  • C. Error
  • D. Warning

Answer: B

 

NEW QUESTION 54
You work as the network administrator for uCertify Inc. The company has planned to add the support for IPv6 addressing. The initial phase deployment of IPv6 requires support from some IPv6-only devices. These devices need to access servers that support only IPv4. Which of the following tools would be suitable to use?

  • A. Multipoint tunnels
  • B. NAT-PT
  • C. Native IPv6
  • D. Point-to-point tunnels

Answer: B

Explanation:
NAT-PT (Network address translation-Protocol Translation) is useful when an IPv4-only host needs to communicate with an IPv4-only host. NAT-PT (Network Address Translation-Protocol Translation) is an implementation of RFC 2766 as specified by the IETF. NAT-PT was designed so that it can be run on low-end, commodity hardware. NAT-PT runs in user space, capturing and translating packets between the IPv6 and IPv4 networks (and vice-versa). NAT-PT uses the Address Resolution Protocol (ARP) and Neighbor Discovery (ND) on the IPv4 and IPv6 network systems, respectively.

NAT-Protocol Translation can be used to translate both the source and destination IP addresses. Answer option D is incorrect. Native IPv6 is of use when the IPv6 deployment is pervasive, with heavy traffic loads. Answer option C is incorrect. Point-to-point tunnels work well when IPv6 is needed only in a subset of sites. These point-to-point tunnels act as virtual point-to-point serial link. These are
useful when the traffic is of very high volume.
Answer option A is incorrect. The multipoint tunnels are used for IPv6 deployment even when IPv6
is needed in a subset of sites and is suitable when the traffic is infrequent and of less predictable
volume.

 

NEW QUESTION 55
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:
„It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys." Which of the following tools is John using to crack the wireless encryption keys?

  • A. Cain
  • B. AirSnort
  • C. Kismet
  • D. PsPasswd

Answer: B

Explanation:
AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.
Answer option B is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff
802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks:
To identify networks by passively collecting packets
To detect standard named networks
To detect masked networks
To collect the presence of non-beaconing networks via data traffic
Answer option D is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer option A is incorrect. PsPasswd is a tool that helps Network Administrators change an account password on the local or remote system. The command syntax of PsPasswd is as follows:
pspasswd [\\computer[,computer[,..] | @file [-u user [-p psswd]] Username [NewPassword]

 

NEW QUESTION 56
Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

  • A. Link layer
  • B. Internet layer
  • C. Application layer
  • D. None
  • E. Transport Layer

Answer: A

Explanation:
The Link Layer of TCP/IP model is the networking scope of the local network connection to which a host is attached. This is the lowest component layer of the Internet protocols, as TCP/IP is designed to be hardware independent. As a result, TCP/IP has been implemented on top of virtually any hardware networking technology in existence. The Link Layer is used to move packets between the Internet Layer interfaces of two different hosts on the same link. The processes of transmitting and receiving packets on a given link can be controlled both in the software device driver for the network card, as well as on firmware or specialized chipsets.
Answer option B is incorrect. The Internet Layer of the TCP/IP model solves the problem of sending packets across one or more networks. Internetworking requires sending data from the source network to the destination network. This process is called routing. IP can carry data for a number of different upper layer protocols.
Answer option D is incorrect. The Transport Layer of TCP/IP model is responsible for end-to-end message transfer capabilities independent of the underlying network, along with error control, segmentation, flow control, congestion control, and application addressing (port numbers). End to end message transmission or connecting applications at the transport layer can be categorized as either connection-oriented, implemented in Transmission Control Protocol (TCP), or connectionless, implemented in User Datagram Protocol (UDP).
Answer option is incorrect. The Application Layer of TCP/IP model refers to the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application layer protocols are then encapsulated into one or more transport layer protocols, which in turn use lower layer protocols to affect actual data transfer.

 

NEW QUESTION 57
Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented.
What is the correct hierarchy for a security policy implementation?

  • A. Laws, Regulations, Policies, Standards and Procedures
  • B. Regulations, Policies, Laws, Standards and Procedures
  • C. Laws, Policies, Regulations, Procedures and Standards
  • D. Procedures, Policies, Laws, Standards and Regulations

Answer: A

 

NEW QUESTION 58
Which of the following standards is approved by IEEE-SA for wireless personal area networks?

  • A. 802.16
  • B. 802.15
  • C. 802.1
  • D. 802.11a

Answer: B

 

NEW QUESTION 59
Which of the following protocols is used for inter-domain multicast routing and natively supports "source-specific multicast" (SSM)?

  • A. OSPF
  • B. BGMP
  • C. DVMRP
  • D. EIGRP

Answer: B

Explanation:
BGMP stands for border gateway multicast protocol. It is used for inter-domain multicast routing and natively supports "source-specific multicast" (SSM). In order to support "any-source multicast" (ASM), BGMP builds shared trees for active multicast groups. This allows domains to build source-specific, inter-domain, distribution branches where needed. BGMP uses TCP as its transport protocol, which helps in eliminating the need to implement message fragmentation, retransmission, acknowledgement, and sequencing. Answer option B is incorrect. The Distance Vector Multicast Routing Protocol (DVMRP) is used to share information between routers to transport IP Multicast packets among networks. It uses a reverse path-flooding technique and is used as the basis for the Internet's multicast backbone (MBONE). In particular, DVMRP is notorious for poor network scaling, resulting from reflooding, particularly with versions that do not implement pruning. DVMRP's flat unicast routing mechanism also affects its capability to scale. Answer option D is incorrect. EIGRP is a Cisco proprietary protocol. It is an enhanced version of IGRP. It has faster convergence due to use of triggered update and saving neighbor's routing table locally. It supports VLSM and routing summarization. As EIGRP is a distance vector protocol, it automatically summarizes routes across Class A, B, and C networks. It also supports multicast and incremental updates and provides routing for three routed protocols, i.e., IP, IPX, and AppleTalk.
Answer option C is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network.

 

NEW QUESTION 60
Which of the following helps in blocking all unauthorized inbound and/or outbound traffic?

  • A. IPS
  • B. Firewall
  • C. IDS
  • D. Sniffer

Answer: B

 

NEW QUESTION 61
Which of the following layers performs routing of IP datagrams?

  • A. Internet layer
  • B. Application layer
  • C. Link layer
  • D. Transport layer

Answer: A

Explanation:
Explanation

 

NEW QUESTION 62
Which of the following is a term to describe the use of inert gases and chemical agents to extinguish a fire?

  • A. Fire suppression system
  • B. Fire sprinkler
  • C. Gaseous fire suppression
  • D. Fire alarm system

Answer: C

 

NEW QUESTION 63
......

Certified Ethical Hacker  Free Certification Exam Material from ValidTorrent with 171 Questions: https://www.validtorrent.com/312-38-valid-exam-torrent.html

312-38 Dumps Full Questions - Exam Study Guide: https://drive.google.com/open?id=19Om_HcKy_CPr4-FPBB9KMd8H0dqBoVNQ