Practice Free 312-38 Exam Online Questions
Question #10
How does Windows’ in-built security component, AppLocker, whitelist applications?
- A . Using Path Rule
- B . Using Signature Rule
- C . Using Certificate Rule
- D . Using Internet Zone Rule
Correct Answer: A
A
Explanation:
AppLocker whitelists applications by creating rules that specify which files are allowed to run. One of the primary methods for specifying these rules is through the use of Path Rules. Path Rules allow administrators to specify an allowed file or folder path, and any application within that path is permitted to run. This method is particularly useful for allowing applications from a known directory while blocking others that are not explicitly approved.
Reference: The official Microsoft documentation explains that AppLocker functions as an allowlist by default, where only files covered by one or more allow rules are permitted to run. Path Rules are a fundamental part of this allowlisting approach1. Additionally, other resources like security guidelines and best practices for Windows reinforce the use of Path Rules as a method for application whitelisting within AppLocker2
A
Explanation:
AppLocker whitelists applications by creating rules that specify which files are allowed to run. One of the primary methods for specifying these rules is through the use of Path Rules. Path Rules allow administrators to specify an allowed file or folder path, and any application within that path is permitted to run. This method is particularly useful for allowing applications from a known directory while blocking others that are not explicitly approved.
Reference: The official Microsoft documentation explains that AppLocker functions as an allowlist by default, where only files covered by one or more allow rules are permitted to run. Path Rules are a fundamental part of this allowlisting approach1. Additionally, other resources like security guidelines and best practices for Windows reinforce the use of Path Rules as a method for application whitelisting within AppLocker2
Question #12
Which of the following helps in viewing account activity and events for supported services made by AWS?
- A . AWS CloudFormation
- B . AWS Certificate Manager
- C . AWS CloudHSM
- D . AWS CloudTrial
Correct Answer: D
D
Explanation:
AWS CloudTrail is the service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It allows you to log, continuously monitor, and retain account activity
related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. It is specifically designed for reviewing account activity and events for supported services made by AWS.
Reference: The information about AWS CloudTrail as a service for viewing account activity and events is detailed in the AWS CloudTrail user guide and is a fundamental aspect of AWS security best practices1.
D
Explanation:
AWS CloudTrail is the service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It allows you to log, continuously monitor, and retain account activity
related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. It is specifically designed for reviewing account activity and events for supported services made by AWS.
Reference: The information about AWS CloudTrail as a service for viewing account activity and events is detailed in the AWS CloudTrail user guide and is a fundamental aspect of AWS security best practices1.
Question #13
Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?
- A . Response
- B . Recovery
- C . Resumption
- D . Restoration
Correct Answer: C
C
Explanation:
In the context of Business Continuity/Disaster Recovery (BC/DR), the activity that includes actions taken toward resuming all services that are dependent on business-critical applications is referred to as Resumption. This phase focuses on the steps necessary to bring critical functions back into operation after a disruption. Recovery, on the other hand, is more about the actions taken to return the business to normal operating conditions post-disaster, which may include repairs, restorations, and return to normalcy. Response is the immediate reaction to an incident, and Restoration is the process of rebuilding or restoring IT systems and operations.
Reference: The information aligns with the objectives and documents of the EC-Council’s Certified Network Defender (CND) program, which emphasizes understanding and implementing proper BC/DR activities.
C
Explanation:
In the context of Business Continuity/Disaster Recovery (BC/DR), the activity that includes actions taken toward resuming all services that are dependent on business-critical applications is referred to as Resumption. This phase focuses on the steps necessary to bring critical functions back into operation after a disruption. Recovery, on the other hand, is more about the actions taken to return the business to normal operating conditions post-disaster, which may include repairs, restorations, and return to normalcy. Response is the immediate reaction to an incident, and Restoration is the process of rebuilding or restoring IT systems and operations.
Reference: The information aligns with the objectives and documents of the EC-Council’s Certified Network Defender (CND) program, which emphasizes understanding and implementing proper BC/DR activities.
Question #14
According to the company’s security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows Authentication.
What needs to happen to force this server to use Windows Authentication?
- A . Edit the ADLIN file.
- B . Edit the shadow file.
- C . Remove the /var/bin/localauth.conf file.
- D . Edit the PAM file to enforce Windows Authentication
Correct Answer: D
D
Explanation:
To enforce Windows Active Directory Authentication on a Linux server, the Pluggable Authentication Modules (PAM) configuration files must be edited. PAM provides a way to develop programs that are independent of authentication scheme. These files, located in /etc/pam.d/, dictate how a Linux system handles authentication for various services. To integrate Windows Active Directory with a Linux server, specific PAM modules like pam_krb5 or pam_winbind can be used. These modules allow the Linux system to communicate with the Active Directory server for authentication purposes. The process typically involves installing necessary packages, joining the Linux server to the AD domain, and configuring the PAM files to use AD for authentication.
Reference: The procedure for integrating Linux servers with Windows Active Directory is documented in various Linux administration guides and resources12. Specific steps can also be found in tutorials and official documentation from Linux distributions that support Active Directory integration345.
D
Explanation:
To enforce Windows Active Directory Authentication on a Linux server, the Pluggable Authentication Modules (PAM) configuration files must be edited. PAM provides a way to develop programs that are independent of authentication scheme. These files, located in /etc/pam.d/, dictate how a Linux system handles authentication for various services. To integrate Windows Active Directory with a Linux server, specific PAM modules like pam_krb5 or pam_winbind can be used. These modules allow the Linux system to communicate with the Active Directory server for authentication purposes. The process typically involves installing necessary packages, joining the Linux server to the AD domain, and configuring the PAM files to use AD for authentication.
Reference: The procedure for integrating Linux servers with Windows Active Directory is documented in various Linux administration guides and resources12. Specific steps can also be found in tutorials and official documentation from Linux distributions that support Active Directory integration345.
Question #15
Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?
- A . Indicators of attack
- B . Key risk indicators
- C . Indicators of exposure
- D . Indicators of compromise
Correct Answer: C
C
Explanation:
The term “Indicators of Exposure” (IoE) refers to potential risk exposures that attackers can exploit to breach the security of an organization. IoEs are vulnerabilities or weaknesses in an organization’s security posture that, if left unaddressed, could be leveraged by attackers to gain unauthorized access or cause harm. These indicators help network defenders identify areas that require attention and remediation to prevent potential security incidents. Unlike Indicators of Compromise (IoC), which signal that a breach has already occurred, IoEs are forward-looking and are concerned with identifying and mitigating potential risks before they are exploited1.
Reference: Information on the Certified Network Defender (CND) certification and its focus on identifying and mitigating potential risks, including IoEs1.
C
Explanation:
The term “Indicators of Exposure” (IoE) refers to potential risk exposures that attackers can exploit to breach the security of an organization. IoEs are vulnerabilities or weaknesses in an organization’s security posture that, if left unaddressed, could be leveraged by attackers to gain unauthorized access or cause harm. These indicators help network defenders identify areas that require attention and remediation to prevent potential security incidents. Unlike Indicators of Compromise (IoC), which signal that a breach has already occurred, IoEs are forward-looking and are concerned with identifying and mitigating potential risks before they are exploited1.
Reference: Information on the Certified Network Defender (CND) certification and its focus on identifying and mitigating potential risks, including IoEs1.
Question #16
Which of the following statements holds true in terms of virtual machines?
- A . Hardware-level virtualization takes place in VMs
- B . All VMs share the host OS
- C . VMs are light weight than container
- D . OS-level virtualization takes place in VMs
Correct Answer: A
A
Explanation:
Virtual machines (VMs) operate based on hardware-level virtualization, which means they emulate entire hardware systems, including CPUs, memory, and network interfaces, allowing multiple operating systems to run on a single physical machine. Each VM includes a full copy of an operating system, the application, necessary binaries, and libraries – taking up tens of GBs. VMs are completely isolated from the host OS, which is why they do not share the host OS. This is in contrast to containers, which share the host system’s kernel and are more lightweight as they do not require a full OS within each container.
Reference: The Certified Network Defender (CND) course by EC-Council covers various aspects of network security, including enterprise virtual network security, which encompasses the use of VMs and their characteristics12.
A
Explanation:
Virtual machines (VMs) operate based on hardware-level virtualization, which means they emulate entire hardware systems, including CPUs, memory, and network interfaces, allowing multiple operating systems to run on a single physical machine. Each VM includes a full copy of an operating system, the application, necessary binaries, and libraries – taking up tens of GBs. VMs are completely isolated from the host OS, which is why they do not share the host OS. This is in contrast to containers, which share the host system’s kernel and are more lightweight as they do not require a full OS within each container.
Reference: The Certified Network Defender (CND) course by EC-Council covers various aspects of network security, including enterprise virtual network security, which encompasses the use of VMs and their characteristics12.
Question #17
A company has the right to monitor the activities of their employees on different information systems according to the _______policy.
- A . Information system
- B . User access control
- C . Internet usage
- D . Confidential data
Correct Answer: B
B
Explanation:
The right of a company to monitor the activities of their employees on its information systems is typically defined under the "User Access Control" policy. This policy sets out the rules and conditions under which employee activities can be monitored, ensuring that monitoring is conducted legally and ethically while protecting the privacy rights of employees. It often includes provisions for the monitoring of email, internet use, and other digital interactions to safeguard company assets and ensure compliance with corporate policies.
Reference: The establishment and enforcement of user access control policies are fundamental principles in cybersecurity management and are discussed in Network Defender training materials.
B
Explanation:
The right of a company to monitor the activities of their employees on its information systems is typically defined under the "User Access Control" policy. This policy sets out the rules and conditions under which employee activities can be monitored, ensuring that monitoring is conducted legally and ethically while protecting the privacy rights of employees. It often includes provisions for the monitoring of email, internet use, and other digital interactions to safeguard company assets and ensure compliance with corporate policies.
Reference: The establishment and enforcement of user access control policies are fundamental principles in cybersecurity management and are discussed in Network Defender training materials.
Question #18
Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office.
What layer of the OSI model do IPsec tunnels function on?
- A . The data link layer
- B . The session layer
- C . The network layer
- D . The application and physical layers
Correct Answer: C
C
Explanation:
IPsec VPN tunnels function at the network layer of the OSI model. This layer is responsible for the logical transmission of data across a network and includes routing through different network paths. IPsec enhances the security at this layer by providing features such as data integrity, encryption, and authentication. These features are crucial for establishing a secure and encrypted connection across the internet, which is essential for VPN tunnels that connect different network segments, such as branch locations to a main office.
Reference: The role of IPsec at the network layer is well-established in network security literature and is consistent with the Certified Network Defender (CND) program’s teachings on secure network architecture12. The network layer’s involvement in routing and data transmission makes it the appropriate layer for IPsec’s operation, aligning with the CND’s emphasis on understanding and implementing network security protocols34.
C
Explanation:
IPsec VPN tunnels function at the network layer of the OSI model. This layer is responsible for the logical transmission of data across a network and includes routing through different network paths. IPsec enhances the security at this layer by providing features such as data integrity, encryption, and authentication. These features are crucial for establishing a secure and encrypted connection across the internet, which is essential for VPN tunnels that connect different network segments, such as branch locations to a main office.
Reference: The role of IPsec at the network layer is well-established in network security literature and is consistent with the Certified Network Defender (CND) program’s teachings on secure network architecture12. The network layer’s involvement in routing and data transmission makes it the appropriate layer for IPsec’s operation, aligning with the CND’s emphasis on understanding and implementing network security protocols34.
Question #19
What cryptography technique can encrypt small amounts of data and applies it to digital signatures?
- A . Hashing
- B . Asymmetric encryption
- C . Symmetric encryption
- D . Digital certificates
Correct Answer: B
B
Explanation:
Asymmetric encryption, also known as public-key cryptography, uses a pair of keys―a public key and a private key―to encrypt and decrypt data. This method is widely used for securing small amounts of data, such as digital signatures. In asymmetric encryption:
The public key is used to encrypt the data.
The private key is used to decrypt the data.
Digital signatures utilize asymmetric encryption to ensure the integrity and authenticity of a message. When a sender signs a document with their private key, the recipient can verify the signature using the sender’s public key, confirming that the document was indeed signed by the sender and has not been altered.
Reference: EC-Council Certified Network Defender (CND) Study Guide Cryptography and Network Security Principles
B
Explanation:
Asymmetric encryption, also known as public-key cryptography, uses a pair of keys―a public key and a private key―to encrypt and decrypt data. This method is widely used for securing small amounts of data, such as digital signatures. In asymmetric encryption:
The public key is used to encrypt the data.
The private key is used to decrypt the data.
Digital signatures utilize asymmetric encryption to ensure the integrity and authenticity of a message. When a sender signs a document with their private key, the recipient can verify the signature using the sender’s public key, confirming that the document was indeed signed by the sender and has not been altered.
Reference: EC-Council Certified Network Defender (CND) Study Guide Cryptography and Network Security Principles
Question #20
James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails.
What should James use?
- A . James could use PGP as a free option for encrypting the company’s emails.
- B . James should utilize the free OTP software package.
- C . James can use MD5 algorithm to encrypt all the emails
- D . James can enforce mandatory HTTPS in the email clients to encrypt emails
Correct Answer: A
A
Explanation:
James should opt for PGP (Pretty Good Privacy) as it is a widely recognized method for encrypting emails. PGP provides a cost-effective solution for securing email communication, which is essential for the sensitive information handled by his company. It uses a combination of data compression, symmetric-key cryptography, and public key cryptography to secure emails. Each user has a pair of keys: a public key that is shared with others to encrypt emails to the user, and a private key that is kept secret by the user to decrypt emails they receive. This method ensures that even if the email is intercepted, without the corresponding private key, the contents remain unreadable.
Reference: The choice of PGP is supported by its longstanding reputation for providing secure email communication. It is designed to be used in scenarios where secure communication is necessary, and it’s a practical option for James since it doesn’t require a server-based PKI system. The other options listed do not provide the same level of security for email encryption. OTP (One-Time Password) systems are not typically used for email encryption, MD5 is a hashing algorithm
A
Explanation:
James should opt for PGP (Pretty Good Privacy) as it is a widely recognized method for encrypting emails. PGP provides a cost-effective solution for securing email communication, which is essential for the sensitive information handled by his company. It uses a combination of data compression, symmetric-key cryptography, and public key cryptography to secure emails. Each user has a pair of keys: a public key that is shared with others to encrypt emails to the user, and a private key that is kept secret by the user to decrypt emails they receive. This method ensures that even if the email is intercepted, without the corresponding private key, the contents remain unreadable.
Reference: The choice of PGP is supported by its longstanding reputation for providing secure email communication. It is designed to be used in scenarios where secure communication is necessary, and it’s a practical option for James since it doesn’t require a server-based PKI system. The other options listed do not provide the same level of security for email encryption. OTP (One-Time Password) systems are not typically used for email encryption, MD5 is a hashing algorithm