[Q37-Q62] Use Real 312-38 - 100% Cover Real Exam Questions [Sep-2021]

Share

Use Real 312-38 - 100% Cover Real Exam Questions [Sep-2021] 

Dumps Brief Outline Of The 312-38 Exam - ValidTorrent

NEW QUESTION 37
Identify the password cracking attempt involving precomputed hash values stored as plaintext and used to crack the password.

  • A. Bruteforce
  • B. Dictionary
  • C. Hybrid
  • D. Rainbow table

Answer: D

 

NEW QUESTION 38
Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply.

  • A. Human resources
  • B. Technical representative
  • C. Legal representative
  • D. Sales representative
  • E. Information security representative
  • F. Lead investigator

Answer: A,B,C,E,F

Explanation:
Incident response is a process that detects a problem, determines the cause of an issue,
minimizes the damages, resolves the problem, and documents each step of process for future
reference. To perform all these roles, an incident response team is needed. The incident response
team includes the following representatives who are involved in the incident response process:
Lead investigator: The lead investigator is the manager of an incident response team. He is
always involved in the creation of an incident response plan. The duties of a lead investigator are
as follows:
Keep the management updated.
Ensure that the incident response moves smoothly and efficiently.
Interview and interrogate the suspects and witnesses.
Information security representative: The information security representative is a member of the
incident response team who alerts the team about possible security safeguards that can impact
their ability to respond to an incident.
Legal representative: The legal representative is a member of the incident response team who
ensures that the process follows all the laws during the response to an incident.
Technical representative: Technical representative is a representative of the incident response
team. More than one technician can be deployed to an incident. The duties of a technical
representative are as follows:
Perform forensic backups of the systems that are involved in an incident.
Human resources: Human resources personnel ensure that the policies of the organization are
enforced during the incident response process. They suspend access to a suspect if it is needed.
Human resources personnel are closely related with the legal representatives and cover up the
organization's legal responsibility.
Answer option E is incorrect. This is an invalid option.

 

NEW QUESTION 39
In which of the following attacks does an attacker use software that tries a large number of key combinations in order to get a password?

  • A. Smurf attack
  • B. Brute force attack
  • C. Buffer overflow
  • D. Zero-day attack

Answer: B

Explanation:
In a brute force attack, an attacker uses software that tries a large number of key combinations in order to get a password. To prevent such attacks, users should create passwords that are more difficult to guess, i.e., by using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations. Answer option D is incorrect. Smurf is an attack that generates significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. In such attacks, a perpetrator sends a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, which multiplies the traffic by the number of hosts responding. Answer option A is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. It helps an attacker not only to execute a malicious code on the target system but also to install backdoors on the target system for further attacks. All buffer overflow attacks are due to only sloppy programming or poor memory management by the application developers. The main types of buffer overflows are: Stack overflow Format string overflow Heap overflow Integer overflow Answer option C is incorrect. A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the mvulnerability. User awareness training is the most effective technique to mitigate such attacks.

 

NEW QUESTION 40
Which of the following representatives of the incident response team takes forensic backups of systems that
are the focus of an incident?

  • A. Lead investigator
  • B. Technical representative
  • C. Legal representative
  • D. Information security representative

Answer: B

Explanation:
A technical representative creates forensic backups of systems that are the focus of an incident and provides
valuable information about the configuration of the network and target system.
Answer option B is incorrect. A lead investigator acts as the manager of the computer security incident
response team.
Answer option D is incorrect. The legal representative looks after legal issues and ensures that the
investigation process does not break any law.
Answer option C is incorrect. The information security representative informs about the security safeguards
that may affect their ability to respond to the incident.

 

NEW QUESTION 41
Identify the minimum number of drives required to setup RAID level 5.

  • A. 0
  • B. 1
  • C. Multiple
  • D. 2

Answer: B

 

NEW QUESTION 42
Which of the following tools is used for wireless LANs detection?

  • A. Airopeek
  • B. NetStumbler
  • C. Sniffer
  • D. Fort Knox

Answer: B

 

NEW QUESTION 43
Which of the following sets of incident response practices is recommended by the CERT/CC?

  • A. Prepare, handle, and notify
  • B. Notify, handle, and follow up
  • C. Prepare, notify, and follow up
  • D. Prepare, handle, and follow up

Answer: D

 

NEW QUESTION 44
CORRECT TEXT
Fill in the blank with the appropriate term. The_______________ is typically considered as the top InfoSec officer in the organization and helps in maintaining current and appropriate body of knowledge required to perform InfoSec management functions.

Answer:

Explanation:
CISO
Explanation:
The Chief InfoSec Officer (CISO) is typically considered as the top InfoSec officer in the organization, though the CISO is usually not an executive-level position and commonly reports to the CIO. Following are the job competencies for the Chief InfoSec Officer (CISO): Maintaining current & appropriate body of knowledge required to perform InfoSec management functionsEffectively applying InfoSec management knowledge for improving security of open network and associated systems and services Maintaining working knowledge of external legislative & regulatory initiativesInterpreting and translating requirements for implementationDeveloping appropriate InfoSec policies, standards, guidelines, and proceduresProviding meaningful input, preparing effective presentations, and communicating InfoSec objectivesParticipating in short and long term planning

 

NEW QUESTION 45
CORRECT TEXT
Fill in the blank with the appropriate term.
A ______________ is a translation device or service that is often controlled by a separate Media Gateway Controller, which provides the call control and signaling functionality.

Answer:

Explanation:
Media gateway
Explanation:
A Media gateway is a translation device or service that converts digital media streams between disparate telecommunications networks such as PSTN, SS7, Next Generation Networks (2G, 2.5G and 3G radio access networks) or PBX. Media gateways enable multimedia communications across Next Generation Networks over multiple transport protocols such as Asynchronous Transfer Mode (ATM) and Internet Protocol (IP).Because the media gateway connects different types of networks, one of its main functions is to convert between different transmission and coding techniques. Media streaming functions such as echo cancellation, DTMF, and tone sender are also located in the media gateway. Media gateways are often controlled by a separate Media Gateway Controller, which provides the call control and signaling functionality.

 

NEW QUESTION 46
Which of the following is a distributed multi-access network that helps in supporting integrated communications using a dual bus and distributed queuing?

  • A. CSMA/CA
  • B. Distributed-queue dual-bus
  • C. Token Ring network
  • D. Logical Link Control

Answer: B

Explanation:
In telecommunication, a distributed-queue dual-bus network (DQDB) is a distributed multi-access network that helps in supporting integrated communications using a dual bus and distributed queuing, providing access to local or metropolitan area networks, and supporting connectionless data transfer, connection-oriented data transfer, and isochronous communications, such as voice communications. IEEE 802.6 is an example of a network providing DQDB access methods. Answer option B is incorrect. A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or
16 megabits per second.
Answer option A is incorrect. The IEEE 802.2 standard defines Logical Link Control (LLC). LLC is the upper portion of the data link layer for local area networks.
Answer option D is incorrect. Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is an access method used by wireless networks (IEEE 802.11). In this method, a device or computer that transmits data needs to first listen to the channel for an amount of time to check for any activity on the channel. If the channel is sensed as idle, the device is allowed to transmit data. If the channel is busy, the device postpones its transmission. Once the channel is clear, the device sends a signal telling all other devices not to transmit data, and then sends its packets. In Ethernet (IEEE 802.3) networks that use CSMA/CD, the device or computer continues to wait for a time and checks if the channel is still free. If the channel is free, the device transmits packets and waits for an acknowledgment signal indicating that the packets were received.

 

NEW QUESTION 47
Which of the following statements are true about security risks? Each correct answer represents a complete solution. (Choose three.)

  • A. They can be analyzed and measured by the risk analysis process.
  • B. They can be removed completely by taking proper actions.
  • C. They are considered an indicator of threats coupled with vulnerability.
  • D. They can be mitigated by reviewing and taking responsible actions based on possible risks.

Answer: A,C,D

Explanation:
In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process.
Answer option B is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

 

NEW QUESTION 48
Which of the following statements are TRUE about Demilitarized zone (DMZ)?
Each correct answer represents a complete solution. Choose all that apply.

  • A. The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization.
  • B. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet.
  • C. Hosts in the DMZ have full connectivity to specific hosts in the internal network.
  • D. Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network.

Answer: A,B,D

Explanation:
A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.

 

NEW QUESTION 49
Which of the following is a computer network that covers a broad area?

  • A. SAN
  • B. WAN
  • C. CAN
  • D. PAN

Answer: B

 

NEW QUESTION 50
Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?

  • A. Bridge
  • B. Router
  • C. Switch
  • D. Gateway

Answer: D

Explanation:
A gateway is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as a translator and a router. Gateways are slower than bridges and routers. A gateway is an application layer device.
Answer option B is incorrect. A router is an electronic device that interconnects two or more computer networks. It selectively interchanges packets of data between them. It is a networking device whose software and hardware are customized to the tasks of routing and forwarding information. It helps in forwarding data packets between networks.
Answer option C is incorrect. A bridge is an interconnectivity device that connects two local area networks (LANs) or two segments of the same LAN using the same communication protocols, and provides address filtering between them. Users can use this device to divide busy networks into segments and reduce network traffic. A bridge broadcasts data packets to all the possible destinations within a specific segment. Bridges operate at the data-link layer of the OSI model.
Answer option D is incorrect. A switch is a network device that selects a path or circuit for sending a data unit to its next destination. It is not required in smaller networks, but is required in large inter-networks, where there can be many possible ways of transmitting a message from a sender to destination. The function of switch is to select the best possible path.
On an Ethernet local area network (LAN), a switch determines from the physical device (Media Access Control or MAC) address in each incoming message frame which output port to forward it to and out of. In a wide area packet-switched network, such as the Internet, a switch determines from the IP address in each packet which output port to use for the next part of its trip to the intended destination.

 

NEW QUESTION 51
Which of the following is the full form of SAINT?

  • A. Security Admin Integrated Network Tool
  • B. System Automated Integrated Network Tool
  • C. System Administrators Integrated Network Tool
  • D. System Admin Integrated Network Tool

Answer: C

 

NEW QUESTION 52
Which of the following is an electronic device that helps in forwarding data packets along networks?

  • A. Gateway
  • B. Router
  • C. Repeater
  • D. Hub

Answer: B

 

NEW QUESTION 53
John works as an Ethical Hacker for www.company.com Inc. He wants to find out the ports that are open in www.company.com's server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task?

  • A. TCP SYN/ACK
  • B. TCP FIN
  • C. TCP SYN
  • D. Xmas tree

Answer: C

Explanation:
According to the scenario, John does not want to establish a full TCP connection. Therefore, he will use the TCP SYN scanning technique. TCP SYN scanning is also known as half-open scanning because in this type of scanning, a full TCP connection is never opened. The steps of TCP SYN scanning are as follows: 1.The attacker sends a SYN packet to the target port. 2.If the port is open, the attacker receives the SYN/ACK message. 3.Now the attacker breaks the connection by sending an RST packet. 4.If the RST packet is received, it indicates that the port is closed. This type of scanning is hard to trace because the attacker never establishes a full 3-way handshake connection and most sites do not create a log of incomplete TCP connections. Answer option C is incorrect. In TCP SYN/ACK scanning, an attacker sends a SYN/ACK packet to the target port. If the port is closed, the victim assumes that this packet was mistakenly sent by the attacker, and sends the RST packet to the attacker. If the port is open, the SYN/ACK packet will be ignored and the port will drop the packet. TCP SYN/ACK scanning is stealth scanning, but some intrusion detection systems can detect TCP SYN/ACK scanning. Answer option D is incorrect. TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop that packet. TCP FIN scanning is useful only for identifying ports of non-Windows operating systems because Windows operating systems send only RST packets irrespective of whether the port is open or closed. Answer option B is incorrect. Xmas Tree scanning is just the opposite of null scanning. In Xmas Tree scanning, all packets are turned on. If the target port is open, the service running on the target port discards the packets without any reply. According to RFC 793, if the port is closed, the remote system replies with the RST packet. Active monitoring of all incoming packets can help system network administrators detect an Xmas Tree scan.

 

NEW QUESTION 54
Fill in the blank with the appropriate word. A ______________ policy is defined as the document that describes
the scope of an organization's security requirements.

Answer:

Explanation:
security
Explanation:
A security policy is defined as the document that describes the scope of an organization's security
requirements. Information security policies are usually documented in one or more information security policy
documents. The policy includes the assets that are to be protected. It also provides security solutions to
provide necessary protection against the security threats.

 

NEW QUESTION 55
You are taking over the security of an existing network. You discover a machine that is not being used as such, but has software on it that emulates the activity of a sensitive database server. What is this?

  • A. A reactive IDS.
  • B. A Virus
  • C. A Polymorphic Virus
  • D. A Honey Pot

Answer: D

Explanation:
A honey pot is a device specifically designed to emulate a high value target such as a database server or entire sub section of your network. It is designed to attract the hacker's attention.

 

NEW QUESTION 56
Which of the following is a type of computer security that deals with protection against spurious signals emitted by electrical equipment in the system?

  • A. Emanation Security
  • B. Hardware security
  • C. Communication Security
  • D. Physical security

Answer: A

Explanation:
Emanation security is one of the types of computer security that deals with protection against spurious signals emitted by electrical equipment in the system, such as electromagnetic emission (from displays), visible emission (displays may be visible through windows), and audio emission (sounds from printers, etc). Answer option D is incorrect. Hardware security helps in dealing with the vulnerabilities in the handling of hardware. Answer option B is incorrect. Physical security helps in dealing with protection of computer hardware and associated equipment. Answer option A is incorrect. Communication security helps in dealing with the protection of data and information during transmission.

 

NEW QUESTION 57
What is the range for registered ports?

  • A. 49152 through 65535
  • B. 1024 through 49151
  • C. Above 65535
  • D. 0 through 1023

Answer: B

 

NEW QUESTION 58
Which of the following is a distributed multi-access network that helps in supporting integrated communications using a dual bus and distributed queuing?

  • A. CSMA/CA
  • B. Distributed-queue dual-bus
  • C. Token Ring network
  • D. Logical Link Control

Answer: B

Explanation:
In telecommunication, a distributed-queue dual-bus network (DQDB) is a distributed multi-access network that helps in supporting integrated communications using a dual bus and distributed queuing, providing access to local or metropolitan area networks, and supporting connectionless data transfer, connection-oriented data transfer, and isochronous communications, such as voice communications. IEEE 802.6 is an example of a network providing DQDB access methods. Answer option B is incorrect. A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE
802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second. Answer option A is incorrect. The IEEE 802.2 standard defines Logical Link Control (LLC). LLC is the upper portion of the data link layer for local area networks. Answer option D is incorrect. Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is an access method used by wireless networks (IEEE 802.11). In this method, a device or computer that transmits data needs to first listen to the channel for an amount of time to check for any activity on the channel. If the channel is sensed as idle, the device is allowed to transmit data. If the channel is busy, the device postpones its transmission. Once the channel is clear, the device sends a signal telling all other devices not to transmit data, and then sends its packets. In Ethernet (IEEE 802.3) networks that use CSMA/CD, the device or computer continues to wait for a time and checks if the channel is still free. If the channel is free, the device transmits packets and waits for an acknowledgment signal indicating that the packets were received.

 

NEW QUESTION 59
Which of the following are the responsibilities of the disaster recovery team?Each correct answer represents a complete solution. Choose all that apply.

  • A. To notify management, affected personnel, and third parties about the disaster
  • B. To initiate the execution of the disaster recovery procedures
  • C. To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts
  • D. To monitor the execution of the disaster recovery plan and assess the results

Answer: A,B,C,D

Explanation:
The responsibilities of the disaster recovery team are as follows:To develop, deploy, and monitor the implementation of appropriate disaster recovery plans after analysis of business objectives and threats to organizations To notify management, affected personnel, and third parties about the disaster To initiate the execution of the disaster recovery procedures To monitor the execution of the disaster recovery plan and assess the results To return operations to normal conditions To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts To increase the level of the organization's disaster recovery preparedness by conducting mock drills, regular DR systems testing, and threat analysisTo create awareness among various stakeholders of the organization by conducting training and awareness sessions

 

NEW QUESTION 60
Which of the following IP class addresses are not allotted to hosts? Each correct answer represents a complete solution. Choose all that apply.

  • A. Class A
  • B. Class E
  • C. Class C
  • D. Class B
  • E. Class D

Answer: B,E

Explanation:
Class addresses D and E are not allotted to hosts. Class D addresses are reserved for multicasting, and their address range can extend from 224 to 239. Class E addresses are reserved for experimental purposes. Their addresses range from 240 to 254. Answer option C is incorrect. Class A addresses are specified for large networks. It consists of up to 16,777,214 client devices (hosts), and their address range can extend from 1 to 126. Answer option D is incorrect. Class B addresses are specified for medium size networks. It consists of up to 65,534 client devices, and their address range can extend from 128 to 191. Answer option A is incorrect. Class C addresses are specified for small local area networks (LANs). It consists of up to 245 client devices, and their address range can extend from 192 to
223.

 

NEW QUESTION 61
Token Ring is standardized by which of the following IEEE standards?

  • A. 802.2
  • B. 802.3
  • C. 802.4
  • D. 802.1

Answer: C

 

NEW QUESTION 62
......

Certification Training for 312-38 Exam Dumps Test Engine: https://www.validtorrent.com/312-38-valid-exam-torrent.html

312-38 Training & Certification Get Latest Certified Ethical Hacker : https://drive.google.com/open?id=1DbSy-D4uL-_IWQMhkJyd-PofarTdJBAg