Practice Free 312-38 Exam Online Questions
Question #24
Why is it important to consider the People step of the report definition when you share a table report with another user?
- A . The user may NOT have access to the relevant report domain.
- B . The user may NOT have access to the fields in the report.
- C . The user may NOT have access to run reports.
- D . The user may NOT have the same line of sight.
Correct Answer: D
Question #2
Which of the following is true regarding any attack surface?
- A . Decrease in vulnerabilities decreases the attack surface
- B . Increase in vulnerabilities decreases the attack surface
- C . Decrease in risk exposures increases the attack surface
- D . Decrease in vulnerabilities increases the attack surface
Correct Answer: A
A
Explanation:
The attack surface of a system refers to the sum of all potential points where an unauthorized user can try to enter or extract data from that system. It encompasses all the vulnerabilities, including software flaws, unsecured network ports, and unprotected system endpoints. Therefore, when vulnerabilities are decreased, the attack surface is reduced because there are fewer opportunities for an attacker to exploit. This is a fundamental concept in network security, as reducing the attack surface is a critical step in protecting systems against unauthorized access and potential breaches.
Reference: The explanation aligns with the definitions and concepts of attack surfaces as described in network security literature and the Certified Network Defender (CND) course, which emphasizes the importance of minimizing vulnerabilities to reduce the overall attack surface123.
A
Explanation:
The attack surface of a system refers to the sum of all potential points where an unauthorized user can try to enter or extract data from that system. It encompasses all the vulnerabilities, including software flaws, unsecured network ports, and unprotected system endpoints. Therefore, when vulnerabilities are decreased, the attack surface is reduced because there are fewer opportunities for an attacker to exploit. This is a fundamental concept in network security, as reducing the attack surface is a critical step in protecting systems against unauthorized access and potential breaches.
Reference: The explanation aligns with the definitions and concepts of attack surfaces as described in network security literature and the Certified Network Defender (CND) course, which emphasizes the importance of minimizing vulnerabilities to reduce the overall attack surface123.
Question #3
Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?
- A . Shared Responsibility Model for Container Services
- B . Shared Responsibility Model for Infrastructure Services
- C . Shared Responsibility Model for Abstract Services
- D . Shared Responsibility Model for Storage Services
Correct Answer: C
C
Explanation:
The AWS Shared Responsibility Model outlines the security and compliance duties divided between AWS and its customers. AWS is responsible for “Security of the Cloud,” which includes the infrastructure that runs AWS services. The customer is responsible for “Security in the Cloud,” which involves managing the guest operating system, application software, and configuration of the AWS-provided firewall, among other tasks12.
The options A, B, and D are actual components of the AWS Shared Responsibility Model, focusing on container services, infrastructure services, and storage services, respectively. These models define the division of security responsibilities between AWS and the customer for each type of service. However, there is no distinct Shared Responsibility Model for Abstract Services as described in the options. Instead, abstract services fall under the broader categories of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS), each with its own set of shared responsibilities.
Reference: The information about the AWS Shared Responsibility Model can be found in the official AWS documentation and resources that explain the division of responsibilities and provide guidance on how customers can manage their part of the security and compliance requirements12.
C
Explanation:
The AWS Shared Responsibility Model outlines the security and compliance duties divided between AWS and its customers. AWS is responsible for “Security of the Cloud,” which includes the infrastructure that runs AWS services. The customer is responsible for “Security in the Cloud,” which involves managing the guest operating system, application software, and configuration of the AWS-provided firewall, among other tasks12.
The options A, B, and D are actual components of the AWS Shared Responsibility Model, focusing on container services, infrastructure services, and storage services, respectively. These models define the division of security responsibilities between AWS and the customer for each type of service. However, there is no distinct Shared Responsibility Model for Abstract Services as described in the options. Instead, abstract services fall under the broader categories of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS), each with its own set of shared responsibilities.
Reference: The information about the AWS Shared Responsibility Model can be found in the official AWS documentation and resources that explain the division of responsibilities and provide guidance on how customers can manage their part of the security and compliance requirements12.
Question #4
Ryan works as a network security engineer at an organization the recently suffered an attack. As a countermeasure, Ryan would like to obtain more information about the attacker and chooses to deploy a honeypot into the organizations production environment called Kojoney. Using this honeypot, he would like to emulate the network vulnerability that was attacked previously.
Which type of honeypot is he trying to implement?
- A . High-interaction honeypots
- B . Pure honeypots
- C . Research honeypot
- D . Low-interaction honeypots
Correct Answer: B
B
Explanation:
A low-interaction honeypot, like Kojoney, is designed to emulate specific network vulnerabilities and gather information about attackers without providing a full-fledged operating environment. These honeypots are typically easier to deploy and maintain compared to high-interaction honeypots. They simulate certain services and responses to attract attackers, allowing the network security team to gather data on attack patterns, tools, and methodologies used by the attackers. This information is crucial for understanding the attack and improving defenses.
High-interaction honeypots: Provide a complete environment that can fully engage with attackers, offering more detailed insights but also posing higher risks.
Pure honeypots: Essentially full-scale, unmodified systems that an attacker interacts with.
Research honeypots: Used primarily for gathering information for research purposes, often involving high-interaction setups.
Reference: EC-Council Certified Network Defender (CND) Study Guide Honeypot deployment and management documentation
B
Explanation:
A low-interaction honeypot, like Kojoney, is designed to emulate specific network vulnerabilities and gather information about attackers without providing a full-fledged operating environment. These honeypots are typically easier to deploy and maintain compared to high-interaction honeypots. They simulate certain services and responses to attract attackers, allowing the network security team to gather data on attack patterns, tools, and methodologies used by the attackers. This information is crucial for understanding the attack and improving defenses.
High-interaction honeypots: Provide a complete environment that can fully engage with attackers, offering more detailed insights but also posing higher risks.
Pure honeypots: Essentially full-scale, unmodified systems that an attacker interacts with.
Research honeypots: Used primarily for gathering information for research purposes, often involving high-interaction setups.
Reference: EC-Council Certified Network Defender (CND) Study Guide Honeypot deployment and management documentation
Question #5
Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user’s email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures.
What is Stephanie working on?
- A . Usability
- B . Data Integrity
- C . Availability
- D . Confidentiality
Correct Answer: B
B
Explanation:
Stephanie is working on ensuring Data Integrity, which is a critical aspect of information security. It involves maintaining and assuring the accuracy and consistency of data over its entire lifecycle. By setting up digital signatures, Stephanie ensures that the data, in this case, the email content, has not been altered or tampered with during transit. This process provides a means to verify the origin of the message and confirms that the message received is the same as the message sent, thereby safeguarding the integrity of the data.
Reference: The EC-Council’s Certified Network Defender (CND) program covers key topics related to data security, including data encryption at rest and in transit, data masking, data backup, data retention, data destruction, data loss prevention (DLP), and specifically, data integrity12.
B
Explanation:
Stephanie is working on ensuring Data Integrity, which is a critical aspect of information security. It involves maintaining and assuring the accuracy and consistency of data over its entire lifecycle. By setting up digital signatures, Stephanie ensures that the data, in this case, the email content, has not been altered or tampered with during transit. This process provides a means to verify the origin of the message and confirms that the message received is the same as the message sent, thereby safeguarding the integrity of the data.
Reference: The EC-Council’s Certified Network Defender (CND) program covers key topics related to data security, including data encryption at rest and in transit, data masking, data backup, data retention, data destruction, data loss prevention (DLP), and specifically, data integrity12.
Question #6
———–is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)
- A . 802.15.4
- B . 802.15
- C . 802.12
- D . 802.16
Correct Answer: D
D
Explanation:
The IEEE 802.16 is a series of wireless broadband standards, also known as Wireless MAN, that are designed for Metropolitan Area Networks (MANs). It specifies the air interface, including the medium access control layer (MAC) and physical layer (PHY), of combined fixed and mobile point-to-multipoint broadband wireless access systems. This standard supports rapid deployment of broadband wireless access systems and encourages competition by providing alternatives to wireline broadband access.
Reference: The information is verified by the IEEE Standard for Local and metropolitan area networks
Part 16: Air Interface for Broadband Wireless Access Systems1, and further details can be found in the IEEE 802.16 Working Group’s documents23.
D
Explanation:
The IEEE 802.16 is a series of wireless broadband standards, also known as Wireless MAN, that are designed for Metropolitan Area Networks (MANs). It specifies the air interface, including the medium access control layer (MAC) and physical layer (PHY), of combined fixed and mobile point-to-multipoint broadband wireless access systems. This standard supports rapid deployment of broadband wireless access systems and encourages competition by providing alternatives to wireline broadband access.
Reference: The information is verified by the IEEE Standard for Local and metropolitan area networks
Part 16: Air Interface for Broadband Wireless Access Systems1, and further details can be found in the IEEE 802.16 Working Group’s documents23.
Question #7
Henry, head of network security at Gentech, has discovered a general report template that someone has reserved only for the CEO.
Since the file has to be editable, viewable, and deletable by everyone, what permission value should he set?
- A . 777
- B . 700
- C . 755
- D . 0600
Correct Answer: A
A
Explanation:
To allow a file to be editable, viewable, and deletable by everyone, Henry needs to set the file permissions to the most permissive value. In Linux and Unix systems, file permissions are represented by three sets of three bits, each set representing permissions for the owner, the group, and others.
The permission value of 777 means:
The first digit (7) grants read (4), write (2), and execute (1) permissions to the owner.
The second digit (7) grants read, write, and execute permissions to the group.
The third digit (7) grants read, write, and execute permissions to others.
Setting the permissions to 777 ensures that everyone (owner, group, and others) can read, write, and execute the file. This aligns with the requirement for the file to be editable, viewable, and deletable by everyone.
Reference: EC-Council Certified Network Defender (CND) Study Guide
Linux file permissions documentation and chmod command usage
A
Explanation:
To allow a file to be editable, viewable, and deletable by everyone, Henry needs to set the file permissions to the most permissive value. In Linux and Unix systems, file permissions are represented by three sets of three bits, each set representing permissions for the owner, the group, and others.
The permission value of 777 means:
The first digit (7) grants read (4), write (2), and execute (1) permissions to the owner.
The second digit (7) grants read, write, and execute permissions to the group.
The third digit (7) grants read, write, and execute permissions to others.
Setting the permissions to 777 ensures that everyone (owner, group, and others) can read, write, and execute the file. This aligns with the requirement for the file to be editable, viewable, and deletable by everyone.
Reference: EC-Council Certified Network Defender (CND) Study Guide
Linux file permissions documentation and chmod command usage
Question #8
Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company’s network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session.
She has done this to see how her intrusion detection system will log the traffic.
What type of scan is Cindy attempting here?
- A . Cindy is using a half-open scan to find live hosts on her network.
- B . The type of scan she is using is called a NULL scan
- C . She is utilizing a RST scan to find live hosts that are listening on her network
- D . Cindy is attempting to find live hosts on her company’s network by using a XMAS scan
Correct Answer: A
A
Explanation:
The technique Cindy is using is known as a SYN scan, also referred to as a half-open scan. This method involves sending SYN packets to initiate a TCP connection. If a SYN/ACK response is received, it indicates that the port is listening (open). Cindy then sends an RST packet to close the session before the handshake is completed. This type of scan is useful for mapping out live hosts on a network without establishing a full TCP connection, which can be logged by intrusion detection systems and is less likely to be logged by the host system.
Reference: The Certified Network Defender (CND) course by EC-Council includes network scanning techniques as part of its curriculum, where the SYN scan is discussed as a method for assessing network security. For more detailed information, refer to the CND study guide and materials that cover network scanning methods and their implications on network security.
A
Explanation:
The technique Cindy is using is known as a SYN scan, also referred to as a half-open scan. This method involves sending SYN packets to initiate a TCP connection. If a SYN/ACK response is received, it indicates that the port is listening (open). Cindy then sends an RST packet to close the session before the handshake is completed. This type of scan is useful for mapping out live hosts on a network without establishing a full TCP connection, which can be logged by intrusion detection systems and is less likely to be logged by the host system.
Reference: The Certified Network Defender (CND) course by EC-Council includes network scanning techniques as part of its curriculum, where the SYN scan is discussed as a method for assessing network security. For more detailed information, refer to the CND study guide and materials that cover network scanning methods and their implications on network security.
Question #9
How is application whitelisting different from application blacklisting?
- A . It allows all applications other than the undesirable applications
- B . It allows execution of trusted applications in a unified environment
- C . It allows execution of untrusted applications in an isolated environment
- D . It rejects all applications other than the allowed applications
Correct Answer: D
D
Explanation:
Application whitelisting is a security approach that allows only pre-approved applications to execute within a system or network. This method operates on a ‘default deny’ principle, meaning if an application is not explicitly listed as approved, it will not be allowed to run. This is in contrast to application blacklisting, which operates on a ‘default allow’ principle where all applications are allowed to run unless they have been specifically identified as malicious or undesirable and added to a blacklist. Whitelisting is generally considered more secure because it prevents any unapproved applications from running, which can include new or unknown threats. However, it can be more challenging to maintain as it requires a comprehensive understanding of all the necessary applications for business operations.
Reference: The concept of application whitelisting and its differentiation from blacklisting is well-documented in cybersecurity literature and aligns with the guidelines provided by the EC-Council’s Certified Network Defender (CND) program. It is also supported by various cybersecurity frameworks and best practices, including those from authoritative sources such as the National Institute of Standards and Technology (NIST).
D
Explanation:
Application whitelisting is a security approach that allows only pre-approved applications to execute within a system or network. This method operates on a ‘default deny’ principle, meaning if an application is not explicitly listed as approved, it will not be allowed to run. This is in contrast to application blacklisting, which operates on a ‘default allow’ principle where all applications are allowed to run unless they have been specifically identified as malicious or undesirable and added to a blacklist. Whitelisting is generally considered more secure because it prevents any unapproved applications from running, which can include new or unknown threats. However, it can be more challenging to maintain as it requires a comprehensive understanding of all the necessary applications for business operations.
Reference: The concept of application whitelisting and its differentiation from blacklisting is well-documented in cybersecurity literature and aligns with the guidelines provided by the EC-Council’s Certified Network Defender (CND) program. It is also supported by various cybersecurity frameworks and best practices, including those from authoritative sources such as the National Institute of Standards and Technology (NIST).
Question #10
How does Windows’ in-built security component, AppLocker, whitelist applications?
- A . Using Path Rule
- B . Using Signature Rule
- C . Using Certificate Rule
- D . Using Internet Zone Rule
Correct Answer: A
A
Explanation:
AppLocker whitelists applications by creating rules that specify which files are allowed to run. One of the primary methods for specifying these rules is through the use of Path Rules. Path Rules allow administrators to specify an allowed file or folder path, and any application within that path is permitted to run. This method is particularly useful for allowing applications from a known directory while blocking others that are not explicitly approved.
Reference: The official Microsoft documentation explains that AppLocker functions as an allowlist by default, where only files covered by one or more allow rules are permitted to run. Path Rules are a fundamental part of this allowlisting approach1. Additionally, other resources like security guidelines and best practices for Windows reinforce the use of Path Rules as a method for application whitelisting within AppLocker2
A
Explanation:
AppLocker whitelists applications by creating rules that specify which files are allowed to run. One of the primary methods for specifying these rules is through the use of Path Rules. Path Rules allow administrators to specify an allowed file or folder path, and any application within that path is permitted to run. This method is particularly useful for allowing applications from a known directory while blocking others that are not explicitly approved.
Reference: The official Microsoft documentation explains that AppLocker functions as an allowlist by default, where only files covered by one or more allow rules are permitted to run. Path Rules are a fundamental part of this allowlisting approach1. Additionally, other resources like security guidelines and best practices for Windows reinforce the use of Path Rules as a method for application whitelisting within AppLocker2