Practice Free 312-38 Exam Online Questions
Question #11
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2’s _________integrity check mechanism provides security against a replay attack
- A . CRC-32
- B . CRC-MAC
- C . CBC-MAC
- D . CBC-32
Correct Answer: C
C
Explanation:
The integrity check mechanism used by WPA2 to provide security against replay attacks is the Cipher Block Chaining Message Authentication Code (CBC-MAC). This mechanism is part of the protocol suite that ensures data integrity and authenticity by using a combination of cipher block chaining (CBC) and message authentication code (MAC) to produce a secure and unique code for each data packet.
Reference: This information is consistent with the security protocols outlined in WPA2 standards, which specify the use of CBC-MAC for integrity checks12.
C
Explanation:
The integrity check mechanism used by WPA2 to provide security against replay attacks is the Cipher Block Chaining Message Authentication Code (CBC-MAC). This mechanism is part of the protocol suite that ensures data integrity and authenticity by using a combination of cipher block chaining (CBC) and message authentication code (MAC) to produce a secure and unique code for each data packet.
Reference: This information is consistent with the security protocols outlined in WPA2 standards, which specify the use of CBC-MAC for integrity checks12.
Question #12
Which of the following network security protocols protects from sniffing attacks by encrypting entire communication between the clients and server including user passwords?
- A . TACACS+
- B . RADIUS
- C . CHAP
- D . PAP
Correct Answer: A
A
Explanation:
TACACS+ (Terminal Access Controller Access-Control System Plus) is a network security protocol that provides centralized authentication for users who are attempting to gain access to the network. It is designed to protect against sniffing attacks by encrypting the entire packet, which includes both the authentication credentials and the subsequent communication after the credentials have been accepted. This encryption ensures that sensitive information such as user passwords is not transmitted in plain text where it could be intercepted by unauthorized individuals. Unlike RADIUS, which only encrypts the password, TACACS+ encrypts the entire authentication process, providing a higher level of security.
Reference: The information provided here is based on my training data up to September 2021, which includes knowledge of network security protocols and their functionalities. For the most current and detailed explanations, please refer to the latest Network Defender (CND) documents and study guides from the EC-Council and other authoritative sources on network security.
A
Explanation:
TACACS+ (Terminal Access Controller Access-Control System Plus) is a network security protocol that provides centralized authentication for users who are attempting to gain access to the network. It is designed to protect against sniffing attacks by encrypting the entire packet, which includes both the authentication credentials and the subsequent communication after the credentials have been accepted. This encryption ensures that sensitive information such as user passwords is not transmitted in plain text where it could be intercepted by unauthorized individuals. Unlike RADIUS, which only encrypts the password, TACACS+ encrypts the entire authentication process, providing a higher level of security.
Reference: The information provided here is based on my training data up to September 2021, which includes knowledge of network security protocols and their functionalities. For the most current and detailed explanations, please refer to the latest Network Defender (CND) documents and study guides from the EC-Council and other authoritative sources on network security.
Question #13
———–is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)
- A . 802.15.4
- B . 802.15
- C . 802.12
- D . 802.16
Correct Answer: D
D
Explanation:
The IEEE 802.16 is a series of wireless broadband standards, also known as Wireless MAN, that are designed for Metropolitan Area Networks (MANs). It specifies the air interface, including the medium access control layer (MAC) and physical layer (PHY), of combined fixed and mobile point-to-multipoint broadband wireless access systems. This standard supports rapid deployment of broadband wireless access systems and encourages competition by providing alternatives to wireline broadband access.
Reference: The information is verified by the IEEE Standard for Local and metropolitan area networks
Part 16: Air Interface for Broadband Wireless Access Systems1, and further details can be found in the IEEE 802.16 Working Group’s documents23.
D
Explanation:
The IEEE 802.16 is a series of wireless broadband standards, also known as Wireless MAN, that are designed for Metropolitan Area Networks (MANs). It specifies the air interface, including the medium access control layer (MAC) and physical layer (PHY), of combined fixed and mobile point-to-multipoint broadband wireless access systems. This standard supports rapid deployment of broadband wireless access systems and encourages competition by providing alternatives to wireline broadband access.
Reference: The information is verified by the IEEE Standard for Local and metropolitan area networks
Part 16: Air Interface for Broadband Wireless Access Systems1, and further details can be found in the IEEE 802.16 Working Group’s documents23.
Question #14
Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?
- A . Scans/Probes/Attempted Access
- B . Malicious code
- C . Improper usage
- D . Denial-of-Service
Correct Answer: A
A
Explanation:
According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as ‘Scans/Probes/Attempted Access’. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.
Reference: The NIST Special Publication 800-61 Revision 2, titled “Computer Security Incident Handling Guide,” outlines the various categories of incidents and recommends best practices for incident response. It details how to handle incidents such as scans, probes, and attempted access, which are precursors to more serious attacks12.
A
Explanation:
According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as ‘Scans/Probes/Attempted Access’. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.
Reference: The NIST Special Publication 800-61 Revision 2, titled “Computer Security Incident Handling Guide,” outlines the various categories of incidents and recommends best practices for incident response. It details how to handle incidents such as scans, probes, and attempted access, which are precursors to more serious attacks12.
Question #15
You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network.
What will be your first reaction as a first responder?
- A . Avoid Fear, Uncertainty and Doubt
- B . Communicate the incident
- C . Make an initial assessment
- D . Disable Virus Protection
Correct Answer: C
C
Explanation:
As a first responder to a suspected DoS incident, the initial reaction should be to make an initial assessment. This involves quickly evaluating the situation to understand the scope and impact of the incident. An initial assessment helps in determining whether the unusual traffic is indeed a DoS attack or a false positive. It also aids in deciding the next steps, such as whether to escalate the incident, what resources are required, and how to communicate the issue to relevant stakeholders.
Reference: The approach aligns with best practices for incident response, which emphasize the importance of an initial assessment to understand the nature and extent of a security incident before proceeding with further actions123.
C
Explanation:
As a first responder to a suspected DoS incident, the initial reaction should be to make an initial assessment. This involves quickly evaluating the situation to understand the scope and impact of the incident. An initial assessment helps in determining whether the unusual traffic is indeed a DoS attack or a false positive. It also aids in deciding the next steps, such as whether to escalate the incident, what resources are required, and how to communicate the issue to relevant stakeholders.
Reference: The approach aligns with best practices for incident response, which emphasize the importance of an initial assessment to understand the nature and extent of a security incident before proceeding with further actions123.
Question #16
Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?
- A . Application sandboxing
- B . Deployment of WAFS
- C . Application whitelisting
- D . Application blacklisting
Correct Answer: A
A
Explanation:
Application sandboxing is a security mechanism that helps prevent the execution of untrusted or untested programs or code from untrusted or unverified third-parties. It does this by running such programs in a restricted environment, known as a sandbox, where they have limited access to files and system resources. This containment ensures that any malicious code or behavior is isolated from the host system, thereby protecting it from potential harm. Sandboxing is a proactive security measure that can significantly reduce the attack surface and mitigate the risk of security breaches.
Reference: The concept of application sandboxing is covered in the Certified Network Defender (CND) course, which discusses various strategies for protecting networks and systems, including the use of sandboxing to contain and control the execution of potentially harmful code12.
A
Explanation:
Application sandboxing is a security mechanism that helps prevent the execution of untrusted or untested programs or code from untrusted or unverified third-parties. It does this by running such programs in a restricted environment, known as a sandbox, where they have limited access to files and system resources. This containment ensures that any malicious code or behavior is isolated from the host system, thereby protecting it from potential harm. Sandboxing is a proactive security measure that can significantly reduce the attack surface and mitigate the risk of security breaches.
Reference: The concept of application sandboxing is covered in the Certified Network Defender (CND) course, which discusses various strategies for protecting networks and systems, including the use of sandboxing to contain and control the execution of potentially harmful code12.
Question #17
Identify the type of event that is recorded when an application driver loads successfully in Windows.
- A . Success Audit
- B . Error
- C . Warning
- D . Information
Correct Answer: D
D
Explanation:
When an application driver loads successfully in Windows, the event is recorded as an Information event. This type of event is used to describe the successful operation of an application, driver, or service. For instance, when a network driver loads successfully, it is appropriate to log an Information event. This is to provide confirmation that the driver has been loaded without issues, which can be useful for troubleshooting and monitoring system health12.
Reference: Microsoft’s documentation on event types1.
GFI EventsManager Support article on Windows Event Logs2.
D
Explanation:
When an application driver loads successfully in Windows, the event is recorded as an Information event. This type of event is used to describe the successful operation of an application, driver, or service. For instance, when a network driver loads successfully, it is appropriate to log an Information event. This is to provide confirmation that the driver has been loaded without issues, which can be useful for troubleshooting and monitoring system health12.
Reference: Microsoft’s documentation on event types1.
GFI EventsManager Support article on Windows Event Logs2.
Question #18
A CCTV camera, which can be accessed on the smartphone from a remote location, is an example of _____
- A . Device-to-Device communication model
- B . Device-to-Cloud communication model
- C . Device-to-Gateway communication model
- D . Back-End Data-Sharing communication model
Correct Answer: B
B
Explanation:
A CCTV camera that can be accessed on a smartphone from a remote location typically uses the Device-to-Cloud communication model. This model involves devices that connect directly to the cloud where data is stored and processed. Users can access this data through an application on their smartphones, allowing for remote monitoring and control. This setup is common for IP cameras that transmit data over the internet, enabling users to view live footage or recordings from anywhere with an internet connection123.
Reference: The Device-to-Cloud communication model is widely recognized in the context of remote access to surveillance systems, as it provides the necessary infrastructure for transmitting and storing data from CCTV cameras to a cloud platform, which users can then access via smartphones or other devices123.
B
Explanation:
A CCTV camera that can be accessed on a smartphone from a remote location typically uses the Device-to-Cloud communication model. This model involves devices that connect directly to the cloud where data is stored and processed. Users can access this data through an application on their smartphones, allowing for remote monitoring and control. This setup is common for IP cameras that transmit data over the internet, enabling users to view live footage or recordings from anywhere with an internet connection123.
Reference: The Device-to-Cloud communication model is widely recognized in the context of remote access to surveillance systems, as it provides the necessary infrastructure for transmitting and storing data from CCTV cameras to a cloud platform, which users can then access via smartphones or other devices123.
Question #19
Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.
- A . FHSS
- B . DSSS
- C . OFDM
- D . ISM
Correct Answer: B
B
Explanation:
The spread spectrum technique that involves multiplying the original data signal with a pseudo-random noise spreading code is known as Direct Sequence Spread Spectrum (DSSS). In DSSS, the data signal is combined with a higher data-rate bit sequence, also known as a chipping code, which divides the data according to a spreading ratio. The chipping code is a pseudo-random code sequence that spreads the signal across a wider bandwidth. This process allows the signal to be more resistant to interference and eavesdropping.
Reference: The information is consistent with the principles of spread spectrum techniques as outlined in various educational resources on the subject, including academic publications and industry standards related to network security and wireless communications12.
B
Explanation:
The spread spectrum technique that involves multiplying the original data signal with a pseudo-random noise spreading code is known as Direct Sequence Spread Spectrum (DSSS). In DSSS, the data signal is combined with a higher data-rate bit sequence, also known as a chipping code, which divides the data according to a spreading ratio. The chipping code is a pseudo-random code sequence that spreads the signal across a wider bandwidth. This process allows the signal to be more resistant to interference and eavesdropping.
Reference: The information is consistent with the principles of spread spectrum techniques as outlined in various educational resources on the subject, including academic publications and industry standards related to network security and wireless communications12.
Question #20
Which of the following is a drawback of traditional perimeter security?
- A . Traditional firewalls are static in nature
- B . Traditional VPNs follow identity centric instead of trust based network centric approach
- C . Traditional perimeter security is identity-centric
- D . Traditional firewalls are dynamic in nature
Correct Answer: A
A
Explanation:
One of the main drawbacks of traditional perimeter security is that it is based on a static model. Traditional firewalls, which are a core component of perimeter security, operate under the assumption that threats can be prevented by establishing a strong, static boundary. This model does not adapt well to the dynamic nature of modern networks, where users, devices, and applications are constantly changing and may exist outside of the traditional network boundary. The static nature of traditional firewalls means they cannot effectively handle the fluid and evolving security demands of today’s interconnected environments.
Reference: The explanation provided aligns with the principles of network security and the limitations of traditional perimeter security models as discussed in various authoritative sources, including Microsoft’s insights on transforming to a Zero Trust model1, and other industry discussions on the need for a shift from traditional network perimeter security to more dynamic and adaptive security approaches23.
A
Explanation:
One of the main drawbacks of traditional perimeter security is that it is based on a static model. Traditional firewalls, which are a core component of perimeter security, operate under the assumption that threats can be prevented by establishing a strong, static boundary. This model does not adapt well to the dynamic nature of modern networks, where users, devices, and applications are constantly changing and may exist outside of the traditional network boundary. The static nature of traditional firewalls means they cannot effectively handle the fluid and evolving security demands of today’s interconnected environments.
Reference: The explanation provided aligns with the principles of network security and the limitations of traditional perimeter security models as discussed in various authoritative sources, including Microsoft’s insights on transforming to a Zero Trust model1, and other industry discussions on the need for a shift from traditional network perimeter security to more dynamic and adaptive security approaches23.