Verified 312-38 dumps Q&As - 100% Pass from TrainingDumps [Q99-Q115]

Verified 312-38 dumps Q&As - 100% Pass from TrainingDumps

Pass 312-38 Exam in First Attempt Guaranteed 2022 Dumps!

EC-Council 312-38 Exam Syllabus Topics:

Topic	Details	Weights
Secure IDS Configuration and Management	- Understanding different types of intrusions and their indications - Understanding IDPS - Importance of implementing IDPS - Describing role of IDPS in network defense - Describing functions, components, and working of IDPS - Explaining various types of IDS implementation - Describing staged deployment of NIDS and HIDS - Describing fine-tuning of IDS by minimizing false positive and false negative rate - Discussing characteristics of good IDS implementation - Discussing common IDS implementation mistakes and their remedies - Explaining various types of IPS implementation - Discussing requirements for selecting appropriate IDSP product - Technologies complementing IDS functionality	8%
Wireless Network Defense	- Understanding wireless network - Discussing various wireless standards - Describing various wireless network topologies - Describing possible use of wireless networks - Explaining various wireless network components - Explaining wireless encryption (WEP, WPA,WPA2) technologies - Describing various authentication methods for wireless networks - Discussing various types of threats on wireless networks - Creation of inventory for wireless network components - Appropriate placement of wireless Access Point (AP) - Appropriate placement of wireless antenna - Monitoring of wireless network traffic - Detection and locating of rogue access points - Prevention of wireless network from RF interference - Describing various security implications for wireless network	6%
Host Security	- Understanding host security - Understanding the importance of securing individual hosts - Understanding threats specific to hosts - Identifying paths to host threats - Purpose of host before assessment - Describing host security baselining - Describing OS security baselining - Understanding and describing security requirements for different types of servers - Understanding security requirements for hardening of routers - Understanding security requirements for hardening of switches - Understanding data security concerns when data is at rest, in use, and in motion - Understanding virtualization security	7%
Network Risk and Vulnerability Management	- Understanding risk and risk management - Key roles and responsibilities in risk management - Understanding Key Risk Indicators (KRI) in risk management - Explaining phase involves in risk management - Understanding enterprise network risk management - Describing various risk management frameworks - Discussing best practices for effective implementation of risk management - Understanding vulnerability management - Explaining various phases involve in vulnerability management - Understanding vulnerability assessment and its importance - Discussing requirements for effective network vulnerability assessment - Discussing internal and external vulnerability assessment - Discussing steps for effective external vulnerability assessment - Describing various phases involve in vulnerability assessment - Selection of appropriate vulnerability assessment tool - Discussing best practices and precautions for deploying vulnerability assessment tool - Describing vulnerability reporting, mitigation, remediation and verification	9%
Network Security Threats, Vulnerabilities, and Attacks	- Understanding threat, attack, and vulnerability - Discussing network security concerns - Reasons behind network security concerns - Effect of network security breach on business continuity - Understanding different types of network threats - Understanding different types of network security vulnerabilities - Understanding different types of network attacks - Describing various network attacks	5%
Secure Firewall Configuration and Management	- Understanding firewalls - Understanding firewall security concerns - Describing various firewall technologies - Describing firewall topologies - Appropriate selection of firewall topologies - Designing and configuring firewall ruleset - Implementation of firewall policies - Explaining the deployment and implementation of firewall - Factors to considers before purchasing any firewall solution - Describing the configuring, testing and deploying of firewalls - Describing the management, maintenance and administration of firewall implementation - Understanding firewall logging - Measures for avoiding firewall evasion - Understanding firewall security best practices	8%
Network Traffic Monitoring and Analysis	- Understanding network traffic monitoring - Importance of network traffic monitoring - Discussing techniques used for network monitoring and analysis - Appropriate position for network monitoring - Connection of network monitoring system with managed switch - Understanding network traffic signatures - Baselining for normal traffic - Disusing the various categories of suspicious traffic signatures - Various techniques for attack signature analysis - Understanding Wireshark components, working and features - Demonstrating the use of various Wireshark filters - Demonstrating the monitoring LAN traffic against policy violation - Demonstrating the security monitoring of network traffic - Demonstrating the detection of various attacks using Wireshark - Discussing network bandwidth monitoring and performance improvement	9%

 

NEW QUESTION 99
Adam works as a Security Analyst for Umbrella Inc. The company has a Linux-based network comprising an Apache server for Web applications. He received the following Apache Web server log, which is as follows:
[Sat Nov 16 14:32:52 2009] [error] [client 128.0.0.7] client denied by server configuration: /export/home/htdocs/test
The first piece in the log entry is the date and time of the log message. The second entry determines the severity of the error being reported.
Now Adam wants to change the severity level to control the types of errors that are sent to the error log. Which of the following directives will Adam use to accomplish the task?

• A. CustomLog
• B. LogLevel
• C. LogFormat
• D. ErrorLog

Answer: B

Explanation:
The LogLevel directive is used in server Error log of the Apache Web server log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level. Eight different levels are present in the LogLevel directive, which are shown below in order of their descending significance:

Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when LogLevel crit is specified, then messages with log levels of alert and emerg will also be reported. Answer option B is incorrect. The ErrorLog directive is used to set the name and location of the file to which the server will log any errors it encounters. If the file-path does not begin with a slash sign (/), it is assumed to be relative to the ServerRoot. If the file-path begins with a pipe sign (|), then it is assumed to be a command that handles the error log. Answer option A is incorrect. The CustomLog directive is used to log requests to the server. The format of the log is specified and the logging can be made conditional on request characteristics with the help of environment variables. Environment variables can be adjusted on a per-request basis with the help of the mod_setenvif or mod_rewrite module. Answer option C is incorrect. The LogFormat directive can exist in one of the two forms. In the first form, only one argument is specified; and in the second form explicit format with a nickname is associated. This directive specifies the log format that is used by logs specified in subsequent TransferLog directives.

 

NEW QUESTION 100
Which of the following TCP commands are used to allocate a receiving buffer associated with the specified connection?

• A. Close
• B. Interrupt
• C. Receive
• D. Send
• E. None

Answer: C

Explanation:
The Receive command is used to allocate a receiving buffer associated with the specified connection. An error is returned if no OPEN precedes this command or the calling process is not authorized to use this connection.
Answer option A is incorrect. The Send command causes the data contained in the indicated user buffer to be sent to the indicated connection.
Answer option C is incorrect. The Abort command causes all pending SENDs and RECEIVES to be aborted.
Answer option B is incorrect. The Close command causes the connection specified to be closed.

 

NEW QUESTION 101
Which of the following is a type of scam that entices a user to disclose personal information?

• A. Smurfing
• B. Spamming
• C. Phishing
• D. Sniffing

Answer: C

 

NEW QUESTION 102
Which of the following attacks combines dictionary and brute force attacks?

• A. Phishing attack
• B. Replay attack
• C. Man-in-the-middle attack
• D. Hybrid attack

Answer: D

 

NEW QUESTION 103
Which of the following protocols supports source-specific multicast (SSM)?

• A. DHCP
• B. DNS
• C. ARP
• D. BGMP

Answer: D

 

NEW QUESTION 104
Which of the following is a worldwide organization that aims to establish, refine, and promote Internet security standards?

• A. WASC
• B. ANSI
• C. ITU
• D. IEEE

Answer: A

Explanation:
Web Application Security Consortium (WASC) is a worldwide organization that aims to establish, refine, and promote Internet security standards. WASC is vendor-neutral, although members may belong to corporations involved in the research, development, design, and distribution of Web security-related products.
Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for fostering the development of technology standards in the United States. ANSI works with industry groups and is the U.S. member of the International Organization for Standardization (ISO) and the International Electro- technical Commission (IEC). Long-established computer standards from ANSI include the American Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).
Answer option D is incorrect. The International Telecommunication Union (ITU) is an organization established to standardize and regulate international radio and telecommunications. Its main tasks include standardization, allocation of the radio spectrum, and organizing interconnection arrangements between different countries to allow international phone calls. ITU sets standards for global telecom networks.
The ITU's telecommunications division (ITU-T) produces more than 200 standard recommendations each year in the converging areas of telecommunications, information technology, consumer electronics, broadcasting and multimedia communications. ITU was streamlined into the following three sectors:
ITU-D (Telecommunication Development)
ITU-R (Radio communication)
ITU-T (Telecommunication Standardization)
Answer option C is incorrect. The Institute of Electrical and Electronic Engineers (IEEE) is a society of technical professionals. It promotes the development and application of electro-technology and allied sciences. IEEE develops communications and network standards, among other activities. The organization publishes number of journals, has many local chapters, and societies in specialized areas.

 

NEW QUESTION 105
Which of the following routing metrics refers to the length of time that is required to move a packet from source to destination through the internetwork?

• A. Bandwidth
• B. Routing delay
• C. Load
• D. Path length

Answer: B

Explanation:
Routing delay refers to the length of time that is required to move a packet from source to destination through the internetwork. Delay depends on many factors, including the following:
Bandwidth of intermediate network links
Port queues at each router along the way
Network congestion on all intermediate network links
Physical distance to be traveled
Since delay is a conglomeration of several important variables, it is a common and useful metric.
Answer option D is incorrect. Path length is defined as the sum of the costs associated with each link traversed.
Answer option B is incorrect. Bandwidth refers to the available traffic capacity of a link.
Answer option C is incorrect. Load refers to the degree to which a network resource, such as a router, is busy.

 

NEW QUESTION 106
Which of the following techniques is used for drawing symbols in public places for advertising an open Wi-Fi wireless network?

• A. Spamming
• B. War dialing
• C. Warchalking
• D. War driving

Answer: C

Explanation:
Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.
Answer option B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car.
Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers (hackers that specialize in computer security) for password guessing.
Answer option A is incorrect. Spamming is the technique of flooding the Internet with a number of copies of the same message. The most widely recognized form of spams are e-mail spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam.

 

NEW QUESTION 107
Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?

• A. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol
• B. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
• C. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol
• D. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

Answer: D

 

NEW QUESTION 108
In an Ethernet peer-to-peer network, which of the following cables is used to connect two computers, using RJ-45 connectors and Category-5 UTP cable?

• A. Crossover
• B. Loopback
• C. Parallel
• D. Serial

Answer: A

Explanation:
In an Ethernet peer-to-peer network, a crossover cable is used to connect two computers, using
RJ-45 connectors and Category-5 UTP cable. Answer options C and B are incorrect. Parallel and
serial cables do not use RJ-45 connectors and Category-5 UTP cable. Parallel cables are used to
connect printers, scanners etc., to computers, whereas serial cables are used to connect modems,
digital cameras etc., to computers.
Answer option A is incorrect. A loopback cable is used for testing equipments.

 

NEW QUESTION 109
Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden's organization.

• A. Hybrid virtualization
• B. Full virtualization
• C. Para virtualization
• D. Hardware-assisted virtualization

Answer: D

 

NEW QUESTION 110
Which NIST Incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?

• A. Malicious code
• B. Scans/ Probes/ Attempted Access
• C. Improper usage
• D. Denial-of-Service

Answer: B

 

NEW QUESTION 111
A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other f unction(s) of the device? (Select all that apply)

• A. Assigns user addresses
• B. Manages security keys
• C. Provides access memory, achieving high efficiency
• D. Enables input/output (I/O) operations

Answer: A,B,D

 

NEW QUESTION 112
Which of the following attack surface increase when you keep USB ports enabled on your laptop unnecessarily?

• A. Physical attack surface
• B. Software attack surface
• C. Network attack surface
• D. Human attack surface

Answer: A

 

NEW QUESTION 113
You are taking over the security of an existing network. You discover a machine that is not being used as such, but has software on it that emulates the activity of a sensitive database server. What is this?

• A. A Polymorphic Virus
• B. A Virus
• C. A Honey Pot
• D. A reactive IDS.

Answer: C

Explanation:
A honey pot is a device specifically designed to emulate a high value target such as a database server or entire sub section of your network. It is designed to attract the hacker's attention.

 

NEW QUESTION 114
CSMA/CD is specified in which of the following IEEE standards?

• A. 802.15
• B. 802.1
• C. 802.2
• D. 802.3

Answer: D

 

NEW QUESTION 115
......

312-38 Dumps Full Questions - Exam Study Guide: https://pdfvce.trainingdumps.com/312-38-valid-vce-dumps.html