Login / Register   My Cart (0)

CramPDF Co., ltd provides valid exam cram PDF & dumps PDF materials to help candidates pass exam certainly. If you want to get certifications in the short time please choose CramPDF exam cram or dumps PDF file.

All Products Contact now
  • Home
  • Articles
  • New EC-COUNCIL 312-38 Dumps & Questions Updated on 2023 [Q85-Q108]

New EC-COUNCIL 312-38 Dumps & Questions Updated on 2023 [Q85-Q108]

Share

New EC-COUNCIL 312-38 Dumps & Questions Updated on 2023

Dumps to Pass your 312-38 Exam with 100% Real Questions and Answers


EC-COUNCIL 312-38 (EC-Council Certified Network Defender CND) Exam is a certification program designed for individuals who aspire to become network security professionals. EC-Council Certified Network Defender CND certification is recognized globally and is specifically designed to test the knowledge and practical skills required to protect an organization's network infrastructure against cyber threats. The EC-COUNCIL 312-38 Exam covers a broad range of topics, including network security, risk management, and ethical hacking.

 

NEW QUESTION # 85
Adam works as a Security Analyst for Umbrella Inc. The company has a Linux-based network comprising an Apache server for Web applications. He received the following Apache Web server log, which is as follows:
[Sat Nov 16 14:32:52 2009] [error] [client 128.0.0.7] client denied by server configuration: /export/home/htdocs/ test The first piece in the log entry is the date and time of the log message. The second entry determines the severity of the error being reported.
Now Adam wants to change the severity level to control the types of errors that are sent to the error log. Which of the following directives will Adam use to accomplish the task?

  • A. LogFormat
  • B. LogLevel
  • C. CustomLog
  • D. ErrorLog

Answer: B

Explanation:
The LogLevel directive is used in server Error log of the Apache Web server log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level. Eight different levels are present in the LogLevel directive, which are shown below in order of their descending significance:

Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when LogLevel crit is specified, then messages with log levels of alert and emerg will also be reported.
Answer option B is incorrect. The ErrorLog directive is used to set the name and location of the file to which the server will log any errors it encounters. If the file-path does not begin with a slash sign (/), it is assumed to be relative to the ServerRoot. If the file-path begins with a pipe sign (|), then it is assumed to be a command that handles the error log.
Answer option A is incorrect. The CustomLog directive is used to log requests to the server. The format of the log is specified and the logging can be made conditional on request characteristics with the help of environment variables. Environment variables can be adjusted on a per-request basis with the help of the mod_setenvif or mod_rewrite module.
Answer option C is incorrect. The LogFormat directive can exist in one of the two forms. In the first form, only one argument is specified; and in the second form explicit format with a nickname is associated. This directive specifies the log format that is used by logs specified in subsequent TransferLog directives.


NEW QUESTION # 86
Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?

  • A. Transport Layer
  • B. Link layer
  • C. Internet layer
  • D. Application layer

Answer: B

Explanation:
The Link Layer of TCP/IP model is the networking scope of the local network connection to which a host is attached. This is the lowest component layer of the Internet protocols, as TCP/IP is designed to be hardware independent. As a result TCP/IP has been implemented on top of virtually any hardware networking technology in existence. The Link Layer is used to move packets between the Internet Layer interfaces of two different hosts on the same link. The processes of transmitting and receiving packets on a given link can be controlled both in the software device driver for the network card, as well as on firmware or specialized chipsets. Answer option B is incorrect. The Internet Layer of the TCP/IP model solves the problem of sending packets across one or more networks. Internetworking requires sending data from the source network to the destination network. This process is called routing. IP can carry data for a number of different upper layer protocols. Answer option D is incorrect. The Transport Layer of TCP/IP model is responsible for end-to-end message transfer capabilities independent of the underlying network, along with error control, segmentation, flow control, congestion control, and application addressing (port numbers). End to end message transmission or connecting applications at the transport layer can be categorized as either connection-oriented, implemented in Transmission Control Protocol (TCP), or connectionless, implemented in User Datagram Protocol (UDP). Answer option is incorrect. The Application Layer of TCP/IP model refers to the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application layer protocols are then encapsulated into one or more transport layer protocols, which in turn use lower layer protocols to affect actual data transfer.


NEW QUESTION # 87
Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?

  • A. Analysis of Threats
  • B. Analysis of Vulnerabilities
  • C. Assessment of Risk
  • D. Identification of Critical Information
  • E. Application of Appropriate OPSEC Measures

Answer: B

Explanation:
OPSEC is a 5-step process that helps in developing protection mechanisms in order to safeguard sensitive information and preserve essential secrecy.
The OPSEC process has five steps, which are as follows:
1.Identification of Critical Information: This step includes identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.
2.Analysis of Threats: This step includes the research and analysis of intelligence, counter-intelligence, and open source information to identify likely adversaries to a planned operation.
3.Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary's intelligence collection capabilities identified in the previous action.
4.Assessment of Risk: Firstly, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Secondly, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.
5.Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.


NEW QUESTION # 88
CORRECT TEXT
Fill in the blank with the appropriate term. A ______________ is a physical or logical subnetwork that adds an additional layer of security to an organization's Local Area Network (LAN).

Answer:

Explanation:
demilitarized zone
Explanation:
A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.


NEW QUESTION # 89
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

  • A. NetResident
  • B. Wireshark
  • C. NetWitness
  • D. None
  • E. Bridle

Answer: B

Explanation:
Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet
sniffer computer application. It is used for network troubleshooting, analysis, software and communications
protocol development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end,
and many more information sorting and filtering options. It allows the user to see all traffic being passed over
the network (usually an Ethernet network but support is being added for others) by putting the network interface
into promiscuous mode.
Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by
pcap. It has the following features:
Data can be captured "from the wire" from a live network connection or read from a file that records the
already-captured packets.
Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility,
tshark.
Captured files can be programmatically edited or converted via command-line switches to the "editcap"
program.
Data display can be refined using a display filter. Plugins can be created for dissecting new protocols.
Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that
operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures.
Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity.
Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events
and activities.


NEW QUESTION # 90
Which of the following is an intrusion detection system that monitors and analyzes the internals of a computing system rather than the network packets on its external interfaces?

  • A. NIDS
  • B. HIDS
  • C. IPS
  • D. DMZ

Answer: B


NEW QUESTION # 91
A newly joined network administrator wants to assess the organization against possible risk. He notices the organization doesn't have a __________ identified which helps measure how risky an activity is.

  • A. Risk Matrix
  • B. Risk levels
  • C. Key Risk Indicator
  • D. Risk Severity

Answer: A

Explanation:
Explanation/Reference:


NEW QUESTION # 92
Which of the following is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients? Each correct answer represents a complete solution. Choose all that apply.

  • A. E-mail spam
  • B. Email spoofing
  • C. Email jamming
  • D. Junk mail

Answer: A,D

Explanation:
E-mail spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. Answer option C is incorrect. Email spoofing is a fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Email spoofing is a technique commonly used in spam and phishing emails to hide the origin of the email message. By changing certain properties of the email, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the email appear to be from someone other than the actual sender. The result is that, although the email appears to come from the address indicated in the From field (found in the email headers), it actually comes from another source. Answer option D is incorrect. Email jamming is the use of sensitive words in e-mails to jam the authorities that listen in on them by providing a form of a red herring and an intentional annoyance. In this attack, an attacker deliberately includes "sensitive" words and phrases in otherwise innocuous emails to ensure that these are picked up by the monitoring systems. As a result the senders of these emails will eventually be added to a "harmless" list and their emails will be no longer intercepted, hence it will allow them to regain some privacy.


NEW QUESTION # 93
Which of the following systems is formed by a group of honeypots?

  • A. Research honeypot
  • B. Production honeypot
  • C. Honeynet
  • D. Honeyfarm

Answer: C


NEW QUESTION # 94
A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing? Each correct answer represents a complete solution. Choose all that apply.

  • A. NetStumbler
  • B. ToneLoc
  • C. Wingate
  • D. THC-Scan

Answer: B,D

Explanation:
THC-Scan and ToneLoc are tools used for war dialing. A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides the attacker unauthorized access to a computer.
Answer option D is incorrect. NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS. It uses an 802.11 Probe Request that has been sent to the broadcast destination address.
Answer option B is incorrect. Wingate is a proxy server.


NEW QUESTION # 95
Which of the following is a network point that acts as an entrance to another network?

  • A. Receiver
  • B. Hub
  • C. Bridge
  • D. Gateway

Answer: D


NEW QUESTION # 96
Which of the following is a communication protocol that multicasts messages and information among all member devices in an IP multicast group?

  • A. IGMP
  • B. BGP
  • C. ICMP
  • D. EGP

Answer: A

Explanation:
Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks. Answer option A is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet. Answer option C is incorrect. BGP stands for Border Gateway Protocol. It is an interautonomous system routing protocol and is a form of Exterior Gateway Protocol (EGP). This protocol is defined in RFC-1267 and RFC-1268. It is used for exchanging network reachability information with other BGP systems. This information includes a complete list of intermediate autonomous systems that the network traffic has to cover in order to reach a particular network. This information is used for figuring out loop-free interdomain routing between autonomous systems. BGP-4 is the latest version of BGP. Answer option D is incorrect. Exterior Gateway Protocol (EGP) is a protocol that exchanges routing information between different autonomous systems. It is commonly used between hosts on the Internet to exchange routing table information. Border Gateway Protocol (BGP) is the only active EGP.


NEW QUESTION # 97
Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?

  • A. Behavior-based ID system
  • B. Network-based ID system
  • C. Signature-Based ID system
  • D. Host-based ID system

Answer: D


NEW QUESTION # 98
Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?

  • A. Bridge
  • B. Router
  • C. Gateway
  • D. Switch

Answer: C

Explanation:
A gateway is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as a translator and a router. Gateways are slower than bridges and routers. A gateway is an application layer device. Answer option B is incorrect. A router is an electronic device that interconnects two or more computer networks. It selectively interchanges packets of data between them. It is a networking device whose software and hardware are customized to the tasks of routing and forwarding information. It helps in forwarding data packets between networks. Answer option C is incorrect. A bridge is an interconnectivity device that connects two local area networks (LANs) or two segments of the same LAN using the same communication protocols, and provides address filtering between them. Users can use this device to divide busy networks into segments and reduce network traffic. A bridge broadcasts data packets to all the possible destinations within a specific segment. Bridges operate at the data-link layer of the OSI model. Answer option D is incorrect. A switch is a network device that selects a path or circuit for sending a data unit to its next destination. It is not required in smaller networks, but is required in large inter-networks, where there can be many possible ways of transmitting a message from a sender to destination. The function of switch is to select the best possible path. On an Ethernet local area network (LAN), a switch determines from the physical device (Media Access Control or MAC) address in each incoming message frame which output port to forward it to and out of. In a wide area packet-switched network, such as the Internet, a switch determines from the IP address in each packet which output port to use for the next part of its trip to the intended destination.


NEW QUESTION # 99
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

  • A. Bonk attack
  • B. Buffer-overflow attack
  • C. DDoS attack
  • D. Smurf attack

Answer: C

Explanation:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack.
Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests.
Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:
stack-based buffer overflow attack:
Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow.
heap-based buffer overflow attack:
Heap-based overflow attack floods the memory space reserved for the programs.
Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-of-service (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.


NEW QUESTION # 100
CORRECT TEXT
Fill in the blank with the appropriate term. The ____________ is used for routing voice conversations over the Internet. It is also known by other names such as IP Telephony, Broadband Telephony, etc.

Answer:

Explanation:
VoIP
Explanation:
The Voice over Internet Protocol (VoIP) is used for routing of voice conversation over the Internet. The VoIP is also known by other names such as IP Telephony, Broadband Telephony, etc. Analog signals are used in telephones in which the sound is received as electrical pulsation, which is amplified and then carried to a small loudspeaker attached to the other phone, and the call receiver can hear the sound. In VoIP, analog signals are changed into digital signals, which are transmitted on the Internet. VoIP is used to make free phone calls using an Internet connection, and this can be done by using any VoIP software available in the market. There are various modes for making phone calls through the Internet. Some of the important modes are as follows: Through Analog Telephone Adapter (ATA) In this mode, the traditional phone is attached to the computer through AT
A. ATA receives analog signals from the phone and then converts these signals to digital signals. The digital signals are then received by the Internet Service Providers (ISP), and the system is ready to make calls over VoIP. Through IP Phone IP Phones look exactly like the traditional phones, but they differ in that they have RJ-45 Ethernet connectors, instead of RJ-11 phone connectors, for connecting to the computers. Computer To Computer This is the easiest way to use VoIP. For this, we need software, microphone, speakers, sound card and an Internet connection through a cable or a DSL modem. Soft Phones Soft phone is a software application that can be loaded onto a computer and used anywhere in the broadband connectivity area.


NEW QUESTION # 101
What is the range for private ports?

  • A. Above 65535
  • B. 0 through 1023
  • C. 49152 through 65535
  • D. 1024 through 49151

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 102
Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?

  • A. Stateful protocol analysis
  • B. Signature-based IDS
  • C. Anomaly-based IDS
  • D. Behavior-based IDS

Answer: B


NEW QUESTION # 103
Adam works as a Professional Penetration Tester. A project has been assigned to him to test the vulnerabilities of the CISCO Router of Umbrella Inc. Adam finds out that HTTP Configuration Arbitrary Administrative Access Vulnerability exists in the router. By applying different password cracking tools, Adam gains access to the router. He analyzes the router config file and notices the following lines:
logging buffered errors
logging history critical
logging trap warnings
logging 10.0.1.103
By analyzing the above lines, Adam concludes that this router is logging at log level 4 to the syslog server
10.0.1.103. He decides to change the log level from 4 to 0.
Which of the following is the most likely reason of changing the log level?

  • A. Changing the log level from 4 to 0 will result in the logging of only emergencies. This way the modification in the router is not sent to the syslog server.
  • B. Changing the log level from 4 to 0 will result in the termination of logging. This way the modification in the router is not sent to the syslog server.
  • C. Changing the log level grants access to the router as an Administrator.
  • D. By changing the log level, Adam can easily perform a SQL injection attack.

Answer: A

Explanation:
The Router Log Level directive is used by the sys log server to specify the level of severity of the log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level.
Eight different levels are present in the Log Level directive, which are shown below in order of their descending significance:
Number Level Description
0emergEmergencies - system is unusable
1alertAction must be taken immediately
2critCritical Conditions
3errorError conditions
4warnWarning conditions
5notice Normal but significant condition
6infoInformational
7debug Debug-level messages
Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when Log Level crit is specified, then messages with log levels of alert and emerg will also be reported.


NEW QUESTION # 104
Which IEEE standard does wireless network use?

  • A. 802.18
  • B. 802.9
  • C. 802.10
  • D. 802.11

Answer: D


NEW QUESTION # 105
Michael decides to view the-----------------to track employee actions on the organization's network.

  • A. Firewall rule set
  • B. Firewall settings
  • C. Firewall policy
  • D. Firewall log

Answer: D


NEW QUESTION # 106
CORRECT TEXT
Fill in the blank with the appropriate word. The ____________________risk analysis process analyzes the effect of a risk event deriving a numerical value.

Answer:

Explanation:
quantitative
Explanation:
Quantitative risk analysis is a process to assess the probability of achieving particular project objectives, to quantify the effect of risks on the whole project objective, and to prioritize the risks based on the impact to the overall project risk. The quantitative risk analysis process analyzes the effect of a risk event deriving a numerical value. It also presents a quantitative approach to build decisions in the presence of uncertainty. The inputs for quantitative risk analysis are as follows: Organizational process assets Project scope statement Risk management plan Risk register Project management plan


NEW QUESTION # 107
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website.
After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

  • A. They can implement Wireshark
  • B. They could use Tripwire
  • C. They need to use Nessus
  • D. Snort is the best tool for their situation

Answer: B


NEW QUESTION # 108
......


The EC-Council CND certification is recognized by many organizations and is considered an essential requirement for many cybersecurity roles. EC-Council Certified Network Defender CND certification provides candidates with the knowledge and skills required to identify and mitigate network threats, as well as the ability to design and implement effective network defense strategies. EC-Council Certified Network Defender CND certification is particularly valuable for professionals who work in industries that handle sensitive information, such as finance, healthcare, and government.

 

Updated Exam 312-38 Dumps with New Questions: https://actualtests.crampdf.com/312-38-exam-prep-dumps.html

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam

CramPDF Co., ltd provides valid exam cram PDF & dumps PDF materials to help candidates pass exam certainly. If you want to get certifications in the short time please choose CramPDF exam cram or dumps PDF file.

Latest Cram PDF

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 CramPDF NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy