Exam Questions Answers Braindumps 312-38 Exam Dumps PDF Questions [Q75-Q95]

Share

Exam Questions Answers Braindumps 312-38 Exam Dumps PDF Questions

Download Free EC-COUNCIL 312-38 Real Exam Questions

NEW QUESTION # 75
Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system?

  • A. Netscan
  • B. Nmap
  • C. Hping
  • D. SuperScan

Answer: D


NEW QUESTION # 76
Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching. Which type of network-based IDS is Sam implementing?

  • A. Behavior-based IDS
  • B. Anomaly-based IDS
  • C. Stateful protocol analysis
  • D. Signature-based IDS

Answer: D


NEW QUESTION # 77
Which of the following protocols permits users to enter a user-friendly computer name into the Windows browser and to map network drives and view shared folders?

  • A. NetBEUI
  • B. VoIP
  • C. ARP
  • D. RADIUS

Answer: A

Explanation:
NetBIOS Extended User Interface (NetBEUI) is a Microsoft proprietary protocol. NetBEUI is usually used in single LANs comprising one to two hundred clients. It is a non-routable protocol. NetBEUI was developed by IBM for its LAN Manager product and has been adopted by Microsoft for its Windows NT, LAN Manager, and Windows for Workgroups products. It permits users to enter a user-friendly computer name into the Windows browser and to map network drives and view shared folders.
Answer option C is incorrect. Voice over Internet Protocol (VoIP) is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet- switched networks. Other terms frequently encountered and synonymous with VoIP are IP telephony, Internet telephony, Voice over Broadband (VoBB), broadband telephony, and broadband phone.
VoIP systems employ session control protocols to control the set-up and tear-down of calls as well as audio codecs that encode speech, allowing transmission over an IP network as digital audio via an audio stream.
Answer option A is incorrect. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine.
RADIUS serves three functions:
To authenticate users or devices before granting them access to a network; To authorize those users or devices for certain network services; To account for usage of those services.
Answer option D is incorrect. Address Resolution Protocol (ARP) is a computer networking protocol used to determine a network host's Link Layer or hardware address when only its Internet Layer (IP) or Network Layer address is known. This function is critical in local area networking as well as for routing internetworking traffic across gateways (routers) based on IP addresses when the next-hop router must be determined.


NEW QUESTION # 78
Tom works as a network administrator in a multinational organization having branches across North America and Europe. Tom wants to implement a storage technology that can provide centralized data storage and provide free data backup on the server. He should be able to perform data backup and recovery more efficiently with the selected technology. Which of the following storage technologies best suits Tom's requirements?

  • A. NAS
  • B. RAID
  • C. PAS
  • D. DAS

Answer: A

Explanation:
Network-attached storage (NAS) is the most suitable technology for Tom's requirements. NAS systems are designed to provide centralized data storage, allowing multiple clients or computers to access the same storage space. This centralization simplifies data management, protection, and backup. NAS systems typically include features that support efficient data backup and recovery, such as automatic backup to other devices and fault tolerance through RAID configurations. Unlike direct-attached storage (DAS), which is limited to one user at a time, NAS allows multiple users to access the storage simultaneously, making it ideal for a multinational organization with dispersed teams. NAS also offers remote data availability, which is beneficial for Tom's organization that spans across different regions.


NEW QUESTION # 79
An IT company has just been hit with a severe external security breach. To enhance the company's security posture, the network admin has decided to first block all the services and then individually enable only the necessary services. What is such an Internet access policy called?

  • A. Paranoid Policy
  • B. Promiscuous Policy
  • C. Prudent Policy
  • D. Permissive Policy

Answer: A

Explanation:
The Paranoid Policy is a type of Internet access policy that is characterized by initially blocking all services and then selectively enabling only those that are necessary. This approach is often taken as a security measure following a severe external breach, as it allows the network administrator to ensure that only essential and secure services are accessible, minimizing potential vulnerabilities.


NEW QUESTION # 80
Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and out of the network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets. What is this type of server called?

  • A. Bastion host
  • B. Edge transport server
  • C. Session layer firewall
  • D. SOCKS hsot

Answer: A

Explanation:
The server described in the question is known as a Bastion host. A Bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. It is typically placed in a network's demilitarized zone (DMZ) and acts as a proxy server, offering limited services and filtering packets to protect the internal private network from the public network. It is hardened due to its exposure to potential attacks and usually hosts a single application, like a proxy server, while all other services are removed or limited to reduce the threat surface1.


NEW QUESTION # 81
DRAG DROP
George works as a Network Administrator for Blue Soft Inc. The company uses Windows Vista operating system. The network of the company is continuously connected to the Internet. What will George use to protect the network of the company from intrusion?

ECCouncil 312-38 Exam

Answer:

Explanation:

Explanation:

A firewall is a set of related programs configured to protect private networks connected to the Internet from intrusion. It is used to regulate the network traffic between different computer networks. It permits or denies the transmission of a network packet to its destination based on a set of rules. A firewall is often installed on a separate computer so that an incoming packet does not get into the network directly.


NEW QUESTION # 82
Which of the following is a communication protocol that multicasts messages and information among all member devices in an IP multicast group?

  • A. ICMP
  • B. EGP
  • C. IGMP
  • D. BGP

Answer: C

Explanation:
Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks. Answer option A is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet. Answer option C is incorrect. BGP stands for Border Gateway Protocol. It is an interautonomous system routing protocol and is a form of Exterior Gateway Protocol (EGP). This protocol is defined in RFC-1267 and RFC-1268. It is used for exchanging network reachability information with other BGP systems. This information includes a complete list of intermediate autonomous systems that the network traffic has to cover in order to reach a particular network. This information is used for figuring out loop-free interdomain routing between autonomous systems. BGP-4 is the latest version of BGP. Answer option D is incorrect. Exterior Gateway Protocol (EGP) is a protocol that exchanges routing information between different autonomous systems. It is commonly used between hosts on the Internet to exchange routing table information. Border Gateway Protocol (BGP) is the only active EGP.


NEW QUESTION # 83
Which of the following protocols is described as a connection-oriented and reliable delivery transport layer protocol?

  • A. UDP
  • B. IP
  • C. TCP
  • D. SSL

Answer: C


NEW QUESTION # 84
James is a network administrator working at a student loan company in Minnesot a. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails. What should James use?

  • A. James can use MD5 algorithm to encrypt all the emails
  • B. James should utilize the free OTP software package.
  • C. James can enforce mandatory HTTPS in the email clients to encrypt emails
  • D. James could use PGP as a free option for encrypting the company's emails.

Answer: D

Explanation:
James should opt for PGP (Pretty Good Privacy) as it is a widely recognized method for encrypting emails. PGP provides a cost-effective solution for securing email communication, which is essential for the sensitive information handled by his company. It uses a combination of data compression, symmetric-key cryptography, and public key cryptography to secure emails. Each user has a pair of keys: a public key that is shared with others to encrypt emails to the user, and a private key that is kept secret by the user to decrypt emails they receive. This method ensures that even if the email is intercepted, without the corresponding private key, the contents remain unreadable.


NEW QUESTION # 85
Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic?

  • A. Nmap
  • B. NetRanger
  • C. PSAD
  • D. Hping

Answer: C

Explanation:
PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic. It includes many signatures from the IDS to detect probes for various backdoor programs such as EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS). If it is combined with fwsnort and the Netfilter string match extension, it detects most of the attacks described in the Snort rule set that involve application layer data. Answer option C is incorrect. NetRanger is the complete network configuration and information toolkit that includes the following tools: a Ping tool, Trace Route tool, Host Lookup tool, Internet time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool, manage dialup connections tool, Quote of the day tool, and monitor Network Settings tool. These tools are integrated in order to use an application interface with full online help. NetRanger is designed for both new and experienced users. This tool is used to help diagnose network problems and to get information about users, hosts, and networks on the Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection technologies in order to be very fast and efficient. Answer option D is incorrect. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows, etc.


NEW QUESTION # 86
Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?

  • A. Disconnect the five infected devices from the network
  • B. Contain the damage
  • C. Inform everybody in the organization about the attack
  • D. Inform the IRT about the incident and wait for their response

Answer: B

Explanation:
When a Trojan is suspected to have infected a computer, the first course of action should be to contain the damage to prevent the malware from spreading or causing further harm. This involves disconnecting the infected device from the network to isolate it and prevent the Trojan from communicating with potential command and control servers or infecting other systems123.
While informing the Incident Response Team (IRT) and other members of the organization is also important, these actions come after the immediate threat has been contained. Therefore, the correct answer is to contain the damage (A), which aligns with the Certified Network Defender (CND) objectives that prioritize immediate containment to minimize the impact of security incidents45678.


NEW QUESTION # 87
The GMT enterprise is working on their internet and web usage policies. GMT would like to control internet bandwidth consumption by employees. Which group of policies would this belong to?

  • A. Network Services Specific Security Policy
  • B. Issue Specific Security Policy
  • C. System Specific Security Policy
  • D. Enterprise Information Security Policy

Answer: A

Explanation:
The control of internet bandwidth consumption by employees falls under the Network Services Specific Security Policy. This category of policy is designed to manage and secure the services that are provided over the network, which includes internet access and usage. It encompasses the rules and procedures that govern how network services, such as bandwidth, are allocated and used within an organization. By implementing such policies, GMT enterprise aims to ensure that the network's bandwidth is utilized effectively and in alignment with the company's operational requirements and objectives.


NEW QUESTION # 88
Which scan attempt can penetrate through a router and a firewall that filter incoming packets with particular flags set and is not supported by Windows?

  • A. TCP null scan attempt
  • B. ARP scan attempt
  • C. TCP full connect scan attempt
  • D. PINC sweep attempt

Answer: A


NEW QUESTION # 89
An US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that require a minimum of six drives but will meet high fault tolerance and with a high speed for the data read and write operations. What RAID level is John considering to meet this requirement?

  • A. RAID level 10
  • B. RAID level 50
  • C. RAID level 1
  • D. RAID level 5

Answer: B

Explanation:
RAID level 50, also known as RAID 5+0, combines the features of RAID 5 and RAID 0. It requires a minimum of six drives and offers high fault tolerance and high speed for data read and write operations. RAID 50 arrays are created by striping data across RAID 5 arrays, which are themselves striped sets with distributed parity. This configuration provides both the speed of RAID 0 and the redundancy of RAID 51.
Reference:
The TechTarget article on "RAID 50: How to select the right RAID level" explains that RAID 50 is suitable for applications that require high reliability and can handle high request rates and high data transfer, with a lower cost of disks than RAID 101.
The DNSChecker RAID Calculator mentions that RAID 50 requires a minimum of six disks2.


NEW QUESTION # 90
Which of the following is a method of authentication that uses physical characteristics?

  • A. ACL
  • B. Honeypot
  • C. Biometrics
  • D. COMSEC

Answer: C


NEW QUESTION # 91
Which of the following attacks are computer threats that try to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct answer represents a complete solution. Choose all that apply.

  • A. Zero-day
  • B. Zero-hour
  • C. Spoofing
  • D. Buffer overflow

Answer: A,B

Explanation:
A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User awareness training is the most effective technique to mitigate such attacks.
Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected.
Answer option A is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application.


NEW QUESTION # 92
Which of the following biometric devices is used to take impressions of the friction ridges of the skin on the underside of the tip of the fingers?

  • A. Facial recognition device
  • B. Iris camera
  • C. Voice recognition voiceprint
  • D. Fingerprint reader

Answer: D

Explanation:
A fingerprint reader is used to take impressions of the friction ridges of the skin on the underside of the tip of the fingers. Fingerprints help in identifying users and are unique and different to everyone and do not change over time. Even identical twins who share their DNA do not have the same fingerprints. Police and Government agencies have used these modes in order to identify humans for many years, but other agencies are starting to use biometric fingerprint readers for identification in many different applications. A fingerprint is created when the friction ridges of the skin come in contact with a surface that is receptive to a print by means of an agent to form the print like perspiration, oil, ink, grease, and many more. The agent is then transferred to the surface and leaves an impression which creates the fingerprint.
Answer option B is incorrect. An iris camera is used to perform recognition detection of a user's identity by mathematical analysis of the random patterns that are visible within the iris of an eye from some distance. It is used to combine computer vision, pattern recognition, statistical inference, and optics.
Answer option A is incorrect. A facial recognition device helps in viewing an image or video of a person and compares it to one that is in the database. It performs facial recognition by comparing the following: Structure, shape, and proportions of the face Distance between the eyes, nose, mouth, and jaw Upper outlines of the eye sockets The sides of the mouth Location of the nose and eyes The area surrounding the check bones. Answer option C is incorrect. A voice recognition voiceprint is a spectrogram, which is a graph that shows a sound's frequency on the vertical axis and time on the horizontal axis. Different speech sounds help in creating different shapes on the graph. Spectrograms also use color or shades of gray to represent the acoustical qualities of sound.


NEW QUESTION # 93
Which of the following can be performed with software or hardware devices in order to record everything a person types using his or her keyboard?

  • A. War dialing
  • B. Keystroke logging
  • C. IRC bot
  • D. Warchalking

Answer: B

Explanation:
Keystroke logging is a method of logging and recording user keystrokes. It can be performed with software or hardware devices. Keystroke logging devices can record everything a person types using his or her keyboard, such as to measure employee's productivity on certain clerical tasks. These types of devices can also be used to get usernames, passwords, etc.
Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers (hackers that specialize in computer security) for password guessing.
Answer option A is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.
Answer option D is incorrect. An Internet Relay Chat (IRC) bot is a set of scripts or an independent program that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. An IRC bot differs from a regular client in that instead of providing interactive access to IRC for a human user, it performs automated functions.


NEW QUESTION # 94
Fill in the blank with the appropriate term. ________________ is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

Answer:

Explanation:
Disaster recovery


NEW QUESTION # 95
......

Latest EC-COUNCIL 312-38 Real Exam Dumps PDF: https://www.actualtests4sure.com/312-38-test-questions.html

312-38 Exam Dumps, 312-38 Practice Test Questions: https://drive.google.com/open?id=1kiX3sF6Gp8YV1PckE3mjwXkkq-WGJtoK