Practice Free 312-38 Exam Online Questions
Question #1
Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and
out of the network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets.
What is this type of server called?
- A . Bastion host
- B . Edge transport server
- C . SOCKS hsot
- D . Session layer firewall
Correct Answer: A
A
Explanation:
The server described in the question is known as a Bastion host. A Bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. It is typically placed in a network’s demilitarized zone (DMZ) and acts as a proxy server, offering limited services and filtering packets to protect the internal private network from the public network. It is hardened due to its exposure to potential attacks and usually hosts a single application, like a proxy server, while all other services are removed or limited to reduce the threat surface1.
Reference: The definition and role of a Bastion host align with the objectives and documents of the EC-Council’s Certified Network Defender (CND) course, which emphasizes the importance of securing network devices and managing traffic between internal and external networks1
A
Explanation:
The server described in the question is known as a Bastion host. A Bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. It is typically placed in a network’s demilitarized zone (DMZ) and acts as a proxy server, offering limited services and filtering packets to protect the internal private network from the public network. It is hardened due to its exposure to potential attacks and usually hosts a single application, like a proxy server, while all other services are removed or limited to reduce the threat surface1.
Reference: The definition and role of a Bastion host align with the objectives and documents of the EC-Council’s Certified Network Defender (CND) course, which emphasizes the importance of securing network devices and managing traffic between internal and external networks1
Question #2
James was inspecting ARP packets in his organization’s network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are originating.
Which type of attack is James analyzing?
- A . ARP Sweep
- B . ARP misconfiguration
- C . ARP spoofinq
- D . ARP Poisioning
Correct Answer: D
D
Explanation:
James is analyzing an ARP Poisoning attack. This type of attack occurs when an attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker has inserted their MAC address into the ARP cache of other devices, they can intercept, modify, or stop data in transit, effectively performing a man-in-the-middle or denial of service attack.
Reference: The analysis of ARP packets to identify potential ARP Poisoning is a critical skill for network defenders, as outlined in the EC-Council’s Certified Network Defender (CND) course. The course emphasizes understanding and identifying various network threats, including ARP-related attacks, which are fundamental to maintaining network security123.
D
Explanation:
James is analyzing an ARP Poisoning attack. This type of attack occurs when an attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker has inserted their MAC address into the ARP cache of other devices, they can intercept, modify, or stop data in transit, effectively performing a man-in-the-middle or denial of service attack.
Reference: The analysis of ARP packets to identify potential ARP Poisoning is a critical skill for network defenders, as outlined in the EC-Council’s Certified Network Defender (CND) course. The course emphasizes understanding and identifying various network threats, including ARP-related attacks, which are fundamental to maintaining network security123.
Question #3
Which command is used to change the permissions of a file or directory?
- A . rmdir
- B . systemctl
- C . kill
- D . chmod
Correct Answer: D
D
Explanation:
The command used to change the permissions of a file or directory in Linux is chmod (change mode). The chmod command allows users to set or modify the access permissions for file system objects (files and directories). These permissions determine the actions that can be performed by different classes of users: the file owner, members of the file’s group, and others. The command syntax typically includes the permissions to be set, which can be expressed in either symbolic or numeric format, and the name of the target file or directory.
Reference: The use of the chmod command is a fundamental concept covered in the EC-Council’s Certified Network Defender (CND) program, as it pertains to securing data by correctly setting file
and directory permissions as part of system hardening practices123.
D
Explanation:
The command used to change the permissions of a file or directory in Linux is chmod (change mode). The chmod command allows users to set or modify the access permissions for file system objects (files and directories). These permissions determine the actions that can be performed by different classes of users: the file owner, members of the file’s group, and others. The command syntax typically includes the permissions to be set, which can be expressed in either symbolic or numeric format, and the name of the target file or directory.
Reference: The use of the chmod command is a fundamental concept covered in the EC-Council’s Certified Network Defender (CND) program, as it pertains to securing data by correctly setting file
and directory permissions as part of system hardening practices123.
Question #4
How can organizations obtain information about threats through human intelligence?
- A . By extracting information from security blogs and forums
- B . By discovering vulnerabilities through exploration, understanding malware behavior through malware processing, etc.
- C . From the data of past incidents and network monitoring
- D . From attackers through the dark web and honeypots
Correct Answer: A
A
Explanation:
Human intelligence (HUMINT) in the context of network defense involves the collection of information from human sources. This can include extracting insights from security blogs, forums, and other platforms where cybersecurity professionals and enthusiasts discuss vulnerabilities, threats, and incidents. By monitoring these discussions, organizations can gain valuable information about emerging threats, techniques used by attackers, and potential security weaknesses that need to be addressed.
Reference: The role of human intelligence in gathering threat information is highlighted in cybersecurity literature. For example, CrowdStrike discusses the importance of HUMINT in cybersecurity, noting that it involves engaging with threat actors on various platforms to gather information about their activities1. Additionally, the IEEE paper on “Gathering threat intelligence through computer network deception” emphasizes the significance of proactive threat intelligence development by network defenders2.
A
Explanation:
Human intelligence (HUMINT) in the context of network defense involves the collection of information from human sources. This can include extracting insights from security blogs, forums, and other platforms where cybersecurity professionals and enthusiasts discuss vulnerabilities, threats, and incidents. By monitoring these discussions, organizations can gain valuable information about emerging threats, techniques used by attackers, and potential security weaknesses that need to be addressed.
Reference: The role of human intelligence in gathering threat information is highlighted in cybersecurity literature. For example, CrowdStrike discusses the importance of HUMINT in cybersecurity, noting that it involves engaging with threat actors on various platforms to gather information about their activities1. Additionally, the IEEE paper on “Gathering threat intelligence through computer network deception” emphasizes the significance of proactive threat intelligence development by network defenders2.
Question #5
Blake is working on the company’s updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of incident in the plan.
Unsuccessful scans and probes are at what severity level?
- A . Extreme severity level
- B . Low severity level
- C . Mid severity level
- D . High severity level
Correct Answer: B
B
Explanation:
In the context of incident response, unsuccessful scans and probes are typically considered a low severity level. This is because they often indicate an attempted reconnaissance rather than a successful breach or compromise. These activities are usually automated and widespread, affecting many networks, not just the targeted one. They are often the preliminary steps of an attack, trying to find vulnerabilities but not yet exploiting them. Therefore, while they should be monitored and logged, they do not usually signify an immediate threat to the network’s integrity or the confidentiality of the data.
Reference: The EC-Council’s Certified Network Defender (C|ND) program emphasizes a defense-in-depth security strategy, which includes continuous threat monitoring and incident response. The program outlines that not all incidents require the same level of response, and categorizing the severity of incidents is crucial for effective prioritization and resource allocation1.
B
Explanation:
In the context of incident response, unsuccessful scans and probes are typically considered a low severity level. This is because they often indicate an attempted reconnaissance rather than a successful breach or compromise. These activities are usually automated and widespread, affecting many networks, not just the targeted one. They are often the preliminary steps of an attack, trying to find vulnerabilities but not yet exploiting them. Therefore, while they should be monitored and logged, they do not usually signify an immediate threat to the network’s integrity or the confidentiality of the data.
Reference: The EC-Council’s Certified Network Defender (C|ND) program emphasizes a defense-in-depth security strategy, which includes continuous threat monitoring and incident response. The program outlines that not all incidents require the same level of response, and categorizing the severity of incidents is crucial for effective prioritization and resource allocation1.
Question #6
To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?
- A . Prudent policy
- B . Paranoid policy
- C . Promiscuous policy
- D . Permissive policy
Correct Answer: A
A
Explanation:
The Prudent policy is the most appropriate choice for Brian, the network administrator, to provide optimum security while enabling necessary services and blocking known dangerous ones. This policy strikes a balance between security and usability, allowing safe and necessary services to operate while preventing potentially harmful activities. It also includes measures to make employees accountable for their online activity, which is essential for maintaining a secure network environment.
Reference: The EC-Council’s Certified Network Defender (CND) program emphasizes the importance of implementing a prudent Internet Access policy as part of a defense-in-depth security strategy. This approach is critical for protecting the network, data, and ensuring that the organization’s security policies are enforced effectively12.
A
Explanation:
The Prudent policy is the most appropriate choice for Brian, the network administrator, to provide optimum security while enabling necessary services and blocking known dangerous ones. This policy strikes a balance between security and usability, allowing safe and necessary services to operate while preventing potentially harmful activities. It also includes measures to make employees accountable for their online activity, which is essential for maintaining a secure network environment.
Reference: The EC-Council’s Certified Network Defender (CND) program emphasizes the importance of implementing a prudent Internet Access policy as part of a defense-in-depth security strategy. This approach is critical for protecting the network, data, and ensuring that the organization’s security policies are enforced effectively12.
Question #7
Which among the following options represents professional hackers with an aim of attacking systems for profit?
- A . Script kiddies
- B . Organized hackers
- C . Hacktivists
- D . Cyber terrorists
Correct Answer: B
B
Explanation:
Organized hackers are professional cybercriminals who often work in groups and are motivated by financial gain. They are known for their skills and the ability to carry out sophisticated attacks on systems for profit. Unlike script kiddies, who lack advanced skills and typically use readily available tools, organized hackers use custom-developed tools and methods. Hacktivists are motivated by political or social causes, and cyber terrorists aim to use cyber attacks to create fear or political change, not necessarily for profit.
Reference: The EC-Council’s Certified Network Defender (CND) program covers various types of cyber threats and the motivations behind them, including the distinction between different types of hackers and their objectives. The CND curriculum includes understanding the threat landscape, which encompasses organized hackers and their profit-driven attacks12.
B
Explanation:
Organized hackers are professional cybercriminals who often work in groups and are motivated by financial gain. They are known for their skills and the ability to carry out sophisticated attacks on systems for profit. Unlike script kiddies, who lack advanced skills and typically use readily available tools, organized hackers use custom-developed tools and methods. Hacktivists are motivated by political or social causes, and cyber terrorists aim to use cyber attacks to create fear or political change, not necessarily for profit.
Reference: The EC-Council’s Certified Network Defender (CND) program covers various types of cyber threats and the motivations behind them, including the distinction between different types of hackers and their objectives. The CND curriculum includes understanding the threat landscape, which encompasses organized hackers and their profit-driven attacks12.
Question #8
How can a WAF validate traffic before it reaches a web application?
- A . It uses a role-based filtering technique
- B . It uses an access-based filtering technique
- C . It uses a sandboxing filtering technique
- D . It uses a rule-based filtering technique
Correct Answer: D
D
Explanation:
A Web Application Firewall (WAF) validates traffic before it reaches a web application by using a rule-based filtering technique. This involves inspecting HTTP requests and applying predefined rules to identify and block potentially malicious traffic. The rules are designed to detect common web-based threats and vulnerabilities, ensuring that only safe traffic is allowed to reach the application. By analyzing parts of the HTTP conversation such as GET and POST requests, headers, query strings, and the body of requests, the WAF can effectively prevent data breaches and other attacks by blocking traffic that matches known malicious patterns12345.
Reference: The function and operation of WAFs are detailed in cybersecurity resources and align with the Certified Network Defender (CND) program’s objectives and documents. These sources explain how WAFs use rule-based filtering to protect web applications from various cyber threats12345.
D
Explanation:
A Web Application Firewall (WAF) validates traffic before it reaches a web application by using a rule-based filtering technique. This involves inspecting HTTP requests and applying predefined rules to identify and block potentially malicious traffic. The rules are designed to detect common web-based threats and vulnerabilities, ensuring that only safe traffic is allowed to reach the application. By analyzing parts of the HTTP conversation such as GET and POST requests, headers, query strings, and the body of requests, the WAF can effectively prevent data breaches and other attacks by blocking traffic that matches known malicious patterns12345.
Reference: The function and operation of WAFs are detailed in cybersecurity resources and align with the Certified Network Defender (CND) program’s objectives and documents. These sources explain how WAFs use rule-based filtering to protect web applications from various cyber threats12345.
Question #9
Which of the following entities is responsible for cloud security?
- A . Cloud provider
- B . Cloud consumer
- C . Cloud broker
- D . Both cloud consumer and provider
Correct Answer: D
D
Explanation:
In the context of cloud security, the responsibility is shared between the cloud provider and the cloud consumer. This is known as the shared responsibility model. The cloud provider is responsible for securing the infrastructure that runs all of the services offered in the cloud. On the other hand, the cloud consumer is responsible for managing the security of their data, applications, and operating systems that they run on the cloud infrastructure. The specific responsibilities can vary depending on the service model being used (IaaS, PaaS, SaaS), but the underlying principle is that both parties have a role to play in ensuring the security of cloud services.
Reference: The concept of shared responsibility in cloud security is widely acknowledged and documented by various cloud service providers and security organizations, including Microsoft Azure1 and the Center for Internet Security (CIS)2. These sources provide detailed explanations of the shared responsibility model and outline the security tasks handled by the cloud provider and those that fall under the cloud consumer’s purview.
D
Explanation:
In the context of cloud security, the responsibility is shared between the cloud provider and the cloud consumer. This is known as the shared responsibility model. The cloud provider is responsible for securing the infrastructure that runs all of the services offered in the cloud. On the other hand, the cloud consumer is responsible for managing the security of their data, applications, and operating systems that they run on the cloud infrastructure. The specific responsibilities can vary depending on the service model being used (IaaS, PaaS, SaaS), but the underlying principle is that both parties have a role to play in ensuring the security of cloud services.
Reference: The concept of shared responsibility in cloud security is widely acknowledged and documented by various cloud service providers and security organizations, including Microsoft Azure1 and the Center for Internet Security (CIS)2. These sources provide detailed explanations of the shared responsibility model and outline the security tasks handled by the cloud provider and those that fall under the cloud consumer’s purview.
Question #10
Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?
- A . Hash rule
- B . Path rule
- C . Internet zone rule
- D . Certificate rule
Correct Answer: B
B
Explanation:
The Path rule is used to specify a path to a folder or application and control access based on that path. By setting a Path rule, an administrator can disallow a system or user from accessing all applications except for those located in a specified folder. This is particularly useful for creating a secure environment where users can only run applications from a trusted location, thereby preventing the execution of unauthorized or potentially harmful programs.
Reference: This explanation is consistent with the principles of application whitelisting and access control in network security, as outlined in the Certified Network Defender (CND) course materials and objectives, which emphasize the importance of controlling access to system resources to protect against threats.
B
Explanation:
The Path rule is used to specify a path to a folder or application and control access based on that path. By setting a Path rule, an administrator can disallow a system or user from accessing all applications except for those located in a specified folder. This is particularly useful for creating a secure environment where users can only run applications from a trusted location, thereby preventing the execution of unauthorized or potentially harmful programs.
Reference: This explanation is consistent with the principles of application whitelisting and access control in network security, as outlined in the Certified Network Defender (CND) course materials and objectives, which emphasize the importance of controlling access to system resources to protect against threats.