Practice Free 312-38 Exam Online Questions
Question #71
Andrew would like to configure IPsec in a manner that provides confidentiality for the content of packets.
What component of IPsec provides this capability?
- A . ESP
- B . AH
- C . IKE
- D . ISAKMP
Correct Answer: A
A
Explanation:
The Encapsulating Security Payload (ESP) component of IPsec is designed to provide confidentiality for the content of packets. ESP encrypts the data payload of IP packets to ensure that the information being transmitted remains confidential and cannot be accessed or intercepted by unauthorized parties. This encryption is crucial for protecting sensitive data as it travels across insecure networks, such as the internet.
Reference: The role of ESP in providing confidentiality within the IPsec protocol is well-documented and aligns with the security objectives of IPsec to protect IP traffic through encryption and other security measures1234.
A
Explanation:
The Encapsulating Security Payload (ESP) component of IPsec is designed to provide confidentiality for the content of packets. ESP encrypts the data payload of IP packets to ensure that the information being transmitted remains confidential and cannot be accessed or intercepted by unauthorized parties. This encryption is crucial for protecting sensitive data as it travels across insecure networks, such as the internet.
Reference: The role of ESP in providing confidentiality within the IPsec protocol is well-documented and aligns with the security objectives of IPsec to protect IP traffic through encryption and other security measures1234.
Question #72
During a security awareness program, management was explaining the various reasons which create threats to network security.
Which could be a possible threat to network security?
- A . Configuring automatic OS updates
- B . Having a web server in the internal network
- C . Implementing VPN
- D . Patch management
Correct Answer: B
B
Explanation:
Having a web server within the internal network can pose a threat to network security because it increases the attack surface that an adversary can exploit. If not properly secured, internal web servers can be vulnerable to various attacks, such as SQL injection, cross-site scripting, and others. These vulnerabilities can lead to unauthorized access, data breaches, and other security incidents. Therefore, it is crucial to ensure that web servers are securely configured and isolated from the internal network to minimize the risk.
Reference: The EC-Council’s Certified Network Defender (CND) program discusses the importance of understanding the attack surface and the potential threats associated with having critical services like web servers within the internal network. The program emphasizes the need for strategic placement of network resources and the implementation of robust security measures to protect against internal and external threats1
B
Explanation:
Having a web server within the internal network can pose a threat to network security because it increases the attack surface that an adversary can exploit. If not properly secured, internal web servers can be vulnerable to various attacks, such as SQL injection, cross-site scripting, and others. These vulnerabilities can lead to unauthorized access, data breaches, and other security incidents. Therefore, it is crucial to ensure that web servers are securely configured and isolated from the internal network to minimize the risk.
Reference: The EC-Council’s Certified Network Defender (CND) program discusses the importance of understanding the attack surface and the potential threats associated with having critical services like web servers within the internal network. The program emphasizes the need for strategic placement of network resources and the implementation of robust security measures to protect against internal and external threats1
Question #73
Which command list all ports available on a server?
- A . sudo apt netstate -Is tunlp
- B . sudo ntstat -Is tunlp
- C . sudo apt nst -tunlp
- D . sudo netstat -tunlp
Correct Answer: D
D
Explanation:
The netstat command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. To list all ports available on a server, including both TCP and UDP, along with the listening state and associated program names, the -tunlp options are used:
-t shows TCP ports.
-u shows UDP ports.
-n displays addresses and port numbers in numerical form.
-l shows only listening sockets.
-p shows the PID and name of the program to which each socket belongs.
Therefore, the command sudo netstat -tunlp effectively lists all ports available on a server with detailed information.
Reference: EC-Council Certified Network Defender (CND) Study Guide Linux netstat command documentation
D
Explanation:
The netstat command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. To list all ports available on a server, including both TCP and UDP, along with the listening state and associated program names, the -tunlp options are used:
-t shows TCP ports.
-u shows UDP ports.
-n displays addresses and port numbers in numerical form.
-l shows only listening sockets.
-p shows the PID and name of the program to which each socket belongs.
Therefore, the command sudo netstat -tunlp effectively lists all ports available on a server with detailed information.
Reference: EC-Council Certified Network Defender (CND) Study Guide Linux netstat command documentation
Question #74
An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours.
What is the best option to do this job?
- A . Install a CCTV with cameras pointing to the entrance doors and the street
- B . Use fences in the entrance doors
- C . Use lights in all the entrance doors and along the company’s perimeter
- D . Use an IDS in the entrance doors and install some of them near the corners
Correct Answer: A
A
Explanation:
The best option for 24-hour monitoring of the physical perimeter and entrance doors is to install a CCTV system. CCTV cameras serve as both a deterrent to unauthorized entry and a means of surveillance to monitor activities. They can be positioned to cover the entrance doors and the street, providing a broad view of the area that needs to be secured. This aligns with the principles of intrusion detection and prevention, which include deterrence through visible security measures like cameras, and detection through continuous monitoring.
Reference: The information aligns with the core principles of intrusion detection systems, which include deterrence and detection, as outlined in the resources related to Physical Intrusion Detection Systems (PIDS) and Certified Network Defender (CND) training materials12.
A
Explanation:
The best option for 24-hour monitoring of the physical perimeter and entrance doors is to install a CCTV system. CCTV cameras serve as both a deterrent to unauthorized entry and a means of surveillance to monitor activities. They can be positioned to cover the entrance doors and the street, providing a broad view of the area that needs to be secured. This aligns with the principles of intrusion detection and prevention, which include deterrence through visible security measures like cameras, and detection through continuous monitoring.
Reference: The information aligns with the core principles of intrusion detection systems, which include deterrence and detection, as outlined in the resources related to Physical Intrusion Detection Systems (PIDS) and Certified Network Defender (CND) training materials12.
Question #75
An insider in Hexagon, a leading IT company in USA, was testing a packet crafting tool. This tool generated a lot of malformed TCP/IP packets which crashed the main server’s operating system leading to restricting the employees’ accesses.
Which attack did the insider use in the above situation?
- A . DoS attack
- B . Session Hijacking
- C . Man-in-the-Middle
- D . Cross-Site-Scripting
Correct Answer: A
A
Explanation:
The situation described involves an insider using a packet crafting tool that generated malformed TCP/IP packets, resulting in the crash of the main server’s operating system and restricting employee access. This scenario is indicative of a Denial of Service (DoS) attack. A DoS attack aims to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Malformed packets can cause systems to crash, thereby denying service to legitimate users.
Reference: The reference to a DoS attack is based on standard cybersecurity practices and the objectives of the Certified Network Defender (CND) program, which includes understanding and protecting against such attacks1. The information aligns with the CND’s emphasis on network security and threat mitigation.
A
Explanation:
The situation described involves an insider using a packet crafting tool that generated malformed TCP/IP packets, resulting in the crash of the main server’s operating system and restricting employee access. This scenario is indicative of a Denial of Service (DoS) attack. A DoS attack aims to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Malformed packets can cause systems to crash, thereby denying service to legitimate users.
Reference: The reference to a DoS attack is based on standard cybersecurity practices and the objectives of the Certified Network Defender (CND) program, which includes understanding and protecting against such attacks1. The information aligns with the CND’s emphasis on network security and threat mitigation.
Question #76
Identify the attack where an attacker manipulates or tricks people into revealing their confidential details like bank account information, credit card details, etc.?
- A . Social Engineering Attacks
- B . Port Scanning
- C . DNS Footprinting
- D . ICMP Scanning
Correct Answer: A
A
Explanation:
The attack described in the question is a Social Engineering Attack. This type of attack involves manipulating or deceiving people into divulging confidential information such as bank account details, credit card numbers, and other sensitive data. Social engineering attacks exploit human psychology rather than technical hacking techniques to gain access to systems, networks, or physical locations, or for financial gain. Attackers may use various tactics such as phishing, pretexting, baiting, or tailgating to trick individuals into providing the information they seek1.
Reference: Understanding and Preventing Social Engineering Attacks – EC-Council1.
Certified Network Defender (CND) Course Outline – EC-Council2.
Certified Network Defender – EC-Council3.
A
Explanation:
The attack described in the question is a Social Engineering Attack. This type of attack involves manipulating or deceiving people into divulging confidential information such as bank account details, credit card numbers, and other sensitive data. Social engineering attacks exploit human psychology rather than technical hacking techniques to gain access to systems, networks, or physical locations, or for financial gain. Attackers may use various tactics such as phishing, pretexting, baiting, or tailgating to trick individuals into providing the information they seek1.
Reference: Understanding and Preventing Social Engineering Attacks – EC-Council1.
Certified Network Defender (CND) Course Outline – EC-Council2.
Certified Network Defender – EC-Council3.
Question #77
Riya bought some clothes and a watch from an online shopping site a few days back. Since then, whenever she accesses any other application (games, browser, etc.) on her mobile, she is spammed with
advertisements for clothes and watches similar to the ones she bought.
What can be the underlying reason for Riya’s situation?
- A . Ria’s system was infected by Adware
- B . Ria’s system was infected by Spyware
- C . Ria’s system was infected by Backdoor
- D . Ria’s system was infected by Rootkit
Correct Answer: A
A
Explanation:
Adware is a type of software designed to throw advertisements up on your screen, most often within a web browser. This typically happens when a user installs a free application or software that includes adware in its installation package. In Riya’s case, the sudden influx of advertisements for clothes and watches similar to her recent purchases suggests that adware might have been installed on her device. This adware is likely tracking her browsing habits and displaying targeted ads based on her online shopping activity.
Reference: The explanation aligns with the objectives and documents of the Certified Network Defender (CND) course, which covers various types of malware, including adware, and their characteristics. For more detailed information, refer to the CND study guide and materials provided by the EC-Council on malware and its impact on network security.
A
Explanation:
Adware is a type of software designed to throw advertisements up on your screen, most often within a web browser. This typically happens when a user installs a free application or software that includes adware in its installation package. In Riya’s case, the sudden influx of advertisements for clothes and watches similar to her recent purchases suggests that adware might have been installed on her device. This adware is likely tracking her browsing habits and displaying targeted ads based on her online shopping activity.
Reference: The explanation aligns with the objectives and documents of the Certified Network Defender (CND) course, which covers various types of malware, including adware, and their characteristics. For more detailed information, refer to the CND study guide and materials provided by the EC-Council on malware and its impact on network security.
Question #78
Larry is responsible for the company’s network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server outside of the company’s internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls.
What logical area is Larry putting the new email server into?
- A . He is going to place the server in a Demilitarized Zone (DMZ)
- B . He will put the email server in an IPsec zone.
- C . Larry is going to put the email server in a hot-server zone.
- D . For security reasons, Larry is going to place the email server in the company’s Logical Buffer Zone (LBZ).
Correct Answer: A
A
Explanation:
Larry is placing the new email server in a Demilitarized Zone (DMZ). A DMZ is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted network, usually the internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network. The email server placed in the DMZ can be accessed from the internet, but it does not have direct access to the internal network, which reduces the risk of an internal security breach if the email server is compromised.
Reference: The concept of a DMZ is covered in the EC-Council’s Certified Network Defender (C|ND) program, which teaches network administrators how to secure their networks against threats. The C|ND program includes strategies for protecting network infrastructure and creating secure architectures, which involves the use of DMZs123.
A
Explanation:
Larry is placing the new email server in a Demilitarized Zone (DMZ). A DMZ is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted network, usually the internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network. The email server placed in the DMZ can be accessed from the internet, but it does not have direct access to the internal network, which reduces the risk of an internal security breach if the email server is compromised.
Reference: The concept of a DMZ is covered in the EC-Council’s Certified Network Defender (C|ND) program, which teaches network administrators how to secure their networks against threats. The C|ND program includes strategies for protecting network infrastructure and creating secure architectures, which involves the use of DMZs123.
Question #79
Which policies exist only on AWS IAM identity (user, group, or role)?
- A . Inline Policies
- B . Customer-Managed Policies
- C . Power-user AWS managed policies
- D . Full access AWS managed policie
Correct Answer: A
A
Explanation:
Inline policies are exclusive to AWS IAM identities, which include users, groups, and roles. These are policies that you create and manage and are directly embedded into a single IAM identity. Unlike managed policies, which can be attached to multiple IAM identities, inline policies are strictly one-to-one; they are an integral part of the IAM identity to which they are attached. This means that if the user, group, or role is deleted, the inline policy is also deleted. Inline policies are typically used for ensuring that specific permissions are tightly bound to an IAM identity and are not inadvertently assigned elsewhere.
Reference: The information provided is based on the AWS documentation on IAM policies, which outlines the different types of policies and their use cases, including the unique characteristics of inline policies12. For the most accurate and detailed reference, it is recommended to consult the official documents and study guides from the Certified Network Defender (CND) course by the EC-Council.
A
Explanation:
Inline policies are exclusive to AWS IAM identities, which include users, groups, and roles. These are policies that you create and manage and are directly embedded into a single IAM identity. Unlike managed policies, which can be attached to multiple IAM identities, inline policies are strictly one-to-one; they are an integral part of the IAM identity to which they are attached. This means that if the user, group, or role is deleted, the inline policy is also deleted. Inline policies are typically used for ensuring that specific permissions are tightly bound to an IAM identity and are not inadvertently assigned elsewhere.
Reference: The information provided is based on the AWS documentation on IAM policies, which outlines the different types of policies and their use cases, including the unique characteristics of inline policies12. For the most accurate and detailed reference, it is recommended to consult the official documents and study guides from the Certified Network Defender (CND) course by the EC-Council.
Question #80
Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?
- A . IsEncrypted Enabled
- B . NeverEncrypted disabled
- C . Allow Encrypted
- D . Always Encrypted
Correct Answer: D
D
Explanation:
The ‘Always Encrypted’ feature in MS SQL Server is designed to protect sensitive data by performing encryption within client applications. It ensures that the encryption keys are never revealed to the Database Engine. This separation between data owners and data managers provides a secure environment where on-premises database administrators or cloud database operators do not have access to the encryption keys. Always Encrypted allows for a secure storage of sensitive data in the cloud and reduces the risk of data theft by malicious insiders1.
Reference: The information provided is based on the official Microsoft documentation for the Always Encrypted feature in SQL Server123.
D
Explanation:
The ‘Always Encrypted’ feature in MS SQL Server is designed to protect sensitive data by performing encryption within client applications. It ensures that the encryption keys are never revealed to the Database Engine. This separation between data owners and data managers provides a secure environment where on-premises database administrators or cloud database operators do not have access to the encryption keys. Always Encrypted allows for a secure storage of sensitive data in the cloud and reduces the risk of data theft by malicious insiders1.
Reference: The information provided is based on the official Microsoft documentation for the Always Encrypted feature in SQL Server123.