Practice Free 312-38 Exam Online Questions
Question #21
A newly joined network administrator wants to assess the organization against possible risk. He notices the organization doesn’t have a________identified which helps measure how risky an activity is.
- A . Risk Severity
- B . Risk Matrix
- C . Key Risk Indicator
- D . Risk levels
Correct Answer: B
B
Explanation:
A Risk Matrix is a tool used to define and prioritize risks. It helps in assessing the likelihood of an event occurring and the impact it would have on the organization, thus measuring how risky an activity is. By not having a Risk Matrix, the network administrator lacks a structured approach to identify, assess, and prioritize risks, which is crucial for effective risk management.
Reference: The Certified Network Defender (CND) program by EC-Council includes the use of a Risk Matrix as part of its approach to network security, which is essential for identifying and mitigating risks within an organization12. The CND curriculum covers the importance of risk assessment and the tools used for this purpose, including the Risk Matrix3.
B
Explanation:
A Risk Matrix is a tool used to define and prioritize risks. It helps in assessing the likelihood of an event occurring and the impact it would have on the organization, thus measuring how risky an activity is. By not having a Risk Matrix, the network administrator lacks a structured approach to identify, assess, and prioritize risks, which is crucial for effective risk management.
Reference: The Certified Network Defender (CND) program by EC-Council includes the use of a Risk Matrix as part of its approach to network security, which is essential for identifying and mitigating risks within an organization12. The CND curriculum covers the importance of risk assessment and the tools used for this purpose, including the Risk Matrix3.
Question #22
What is Azure Key Vault?
- A . It is secure storage for the keys used to encrypt data at rest in Azure services
- B . It is secure storage for the keys used to encrypt data in motion in Azure services
- C . It is secure storage for the keys used to encrypt data in use in Azure services
- D . It is secure storage for the keys used to configure IAM in Azure services
Correct Answer: A
A
Explanation:
Azure Key Vault is a cloud service provided by Microsoft Azure that allows users to securely store and manage sensitive information such as encryption keys, secrets, and certificates. It is designed to safeguard cryptographic keys and other secrets used by cloud applications and services. Azure Key Vault helps ensure that data at rest is protected by providing secure storage for encryption keys, which can be used to encrypt data stored in Azure services. It also supports key management tasks such as creating, importing, rotating, and controlling access to keys, making it an essential tool for managing data security in the cloud.
Reference: The use and management of Azure Key Vault are integral to the Certified Network Defender (CND) curriculum, which aligns with EC-Council’s objectives for network security and defense. The CND materials provide guidance on implementing and managing key vaults as part of a comprehensive security strategy1.
A
Explanation:
Azure Key Vault is a cloud service provided by Microsoft Azure that allows users to securely store and manage sensitive information such as encryption keys, secrets, and certificates. It is designed to safeguard cryptographic keys and other secrets used by cloud applications and services. Azure Key Vault helps ensure that data at rest is protected by providing secure storage for encryption keys, which can be used to encrypt data stored in Azure services. It also supports key management tasks such as creating, importing, rotating, and controlling access to keys, making it an essential tool for managing data security in the cloud.
Reference: The use and management of Azure Key Vault are integral to the Certified Network Defender (CND) curriculum, which aligns with EC-Council’s objectives for network security and defense. The CND materials provide guidance on implementing and managing key vaults as part of a comprehensive security strategy1.
Question #23
Tom works as a network administrator in a multinational organization having branches across North America and Europe. Tom wants to implement a storage technology that can provide centralized data storage and provide free data backup on the server. He should be able to perform data backup and recovery more efficiently with the selected technology.
Which of the following storage technologies best suits Tom’s requirements?
- A . DAS
- B . PAS
- C . RAID
- D . NAS
Correct Answer: D
D
Explanation:
Network-attached storage (NAS) is the most suitable technology for Tom’s requirements. NAS systems are designed to provide centralized data storage, allowing multiple clients or computers to access the same storage space. This centralization simplifies data management, protection, and backup. NAS systems typically include features that support efficient data backup and recovery, such as automatic backup to other devices and fault tolerance through RAID configurations. Unlike direct-attached storage (DAS), which is limited to one user at a time, NAS allows multiple users to access the storage simultaneously, making it ideal for a multinational organization with dispersed teams. NAS also offers remote data availability, which is beneficial for Tom’s organization that spans across different regions.
Reference: The information aligns with the Certified Network Defender (CND) course’s focus on network security, data protection, and efficient network operation as outlined in the EC-Council’s CND documentation12. Additionally, the benefits of NAS in centralized data storage and backup are supported by various sources that discuss the advantages of NAS for organizational use34.
D
Explanation:
Network-attached storage (NAS) is the most suitable technology for Tom’s requirements. NAS systems are designed to provide centralized data storage, allowing multiple clients or computers to access the same storage space. This centralization simplifies data management, protection, and backup. NAS systems typically include features that support efficient data backup and recovery, such as automatic backup to other devices and fault tolerance through RAID configurations. Unlike direct-attached storage (DAS), which is limited to one user at a time, NAS allows multiple users to access the storage simultaneously, making it ideal for a multinational organization with dispersed teams. NAS also offers remote data availability, which is beneficial for Tom’s organization that spans across different regions.
Reference: The information aligns with the Certified Network Defender (CND) course’s focus on network security, data protection, and efficient network operation as outlined in the EC-Council’s CND documentation12. Additionally, the benefits of NAS in centralized data storage and backup are supported by various sources that discuss the advantages of NAS for organizational use34.
Question #24
Andrew would like to configure IPsec in a manner that provides confidentiality for the content of packets.
What component of IPsec provides this capability?
- A . ESP
- B . AH
- C . IKE
- D . ISAKMP
Correct Answer: A
A
Explanation:
The Encapsulating Security Payload (ESP) component of IPsec is designed to provide confidentiality for the content of packets. ESP encrypts the data payload of IP packets to ensure that the information being transmitted remains confidential and cannot be accessed or intercepted by unauthorized parties. This encryption is crucial for protecting sensitive data as it travels across insecure networks, such as the internet.
Reference: The role of ESP in providing confidentiality within the IPsec protocol is well-documented and aligns with the security objectives of IPsec to protect IP traffic through encryption and other security measures1234.
A
Explanation:
The Encapsulating Security Payload (ESP) component of IPsec is designed to provide confidentiality for the content of packets. ESP encrypts the data payload of IP packets to ensure that the information being transmitted remains confidential and cannot be accessed or intercepted by unauthorized parties. This encryption is crucial for protecting sensitive data as it travels across insecure networks, such as the internet.
Reference: The role of ESP in providing confidentiality within the IPsec protocol is well-documented and aligns with the security objectives of IPsec to protect IP traffic through encryption and other security measures1234.
Question #25
Heather has been tasked with setting up and implementing VPN tunnels to remote offices. She will most likely be implementing IPsec VPN tunnels to connect the offices.
At what layer of the OSI model does an IPsec tunnel function on?
- A . They work on the session layer.
- B . They function on either the application or the physical layer.
- C . They function on the data link layer
- D . They work on the network layer
Correct Answer: D
D
Explanation:
IPsec VPN tunnels operate at the network layer of the OSI model. This is because IPsec is designed to secure IP communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to be used during the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). By functioning at the network layer, IPsec VPNs are able to secure all traffic that passes through them, not just specific applications or sessions.
Reference: The information provided is based on standard networking protocols and the OSI model as covered in the EC-Council’s Certified Network Defender (CND) program, which includes a comprehensive understanding of network security measures like IPsec123.
D
Explanation:
IPsec VPN tunnels operate at the network layer of the OSI model. This is because IPsec is designed to secure IP communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to be used during the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). By functioning at the network layer, IPsec VPNs are able to secure all traffic that passes through them, not just specific applications or sessions.
Reference: The information provided is based on standard networking protocols and the OSI model as covered in the EC-Council’s Certified Network Defender (CND) program, which includes a comprehensive understanding of network security measures like IPsec123.
Question #26
Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control measures for their files and folders.
Which access control did Ross implement?
- A . Discretionary access control
- B . Mandatory access control
- C . Non-discretionary access control
- D . Role-based access control
Correct Answer: A
A
Explanation:
Ross implemented Discretionary Access Control (DAC) in the organization’s peer-to-peer network. DAC is a type of access control where the data owner has the authority to decide who can access their data and what permissions they have. In a peer-to-peer network, where each peer can act as both a client and a server, DAC allows individual users to set access controls for their own files and folders. This is consistent with Ross allowing employees to set their own control measures, which aligns with the principles of DAC where owners or creators of the resources have the discretion to grant or restrict access to other users based on their own criteria1.
Reference: The explanation aligns with the standard definitions and functions of Discretionary Access Control as outlined in cybersecurity resources such as Built In’s guide to DAC1 and is in accordance with the Certified Network Defender (CND) program’s objectives regarding understanding and implementing access control measures.
A
Explanation:
Ross implemented Discretionary Access Control (DAC) in the organization’s peer-to-peer network. DAC is a type of access control where the data owner has the authority to decide who can access their data and what permissions they have. In a peer-to-peer network, where each peer can act as both a client and a server, DAC allows individual users to set access controls for their own files and folders. This is consistent with Ross allowing employees to set their own control measures, which aligns with the principles of DAC where owners or creators of the resources have the discretion to grant or restrict access to other users based on their own criteria1.
Reference: The explanation aligns with the standard definitions and functions of Discretionary Access Control as outlined in cybersecurity resources such as Built In’s guide to DAC1 and is in accordance with the Certified Network Defender (CND) program’s objectives regarding understanding and implementing access control measures.
Question #27
Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on the network?
- A . tcp.flags==0x003
- B . tcp.flags==0X029
- C . TCP.flags==0x300
- D . tcp.dstport==7
Correct Answer: B
B
Explanation:
The correct Wireshark filter to detect a SYN/FIN DDoS attempt is tcp.flags==0X029. This filter is designed to capture packets where both the SYN and FIN flags are set, which is an unusual combination and indicative of a SYN/FIN attack. In a typical three-way TCP handshake, the SYN and FIN flags are not set in the same TCP segment. A SYN flag is used to initiate a connection, and a FIN flag is used to politely close a connection. Therefore, seeing both flags set in the same packet suggests a possible SYN/FIN DDoS attack.
Reference: The answer is based on the standard behavior of TCP flags in network communications and the detection of anomalous flag combinations that signify potential DDoS attacks. While specific references to the EC-Council’s Certified Network Defender (CND) course materials cannot be provided here, the explanation aligns with the general knowledge of network security practices and the use of Wireshark for network analysis.
B
Explanation:
The correct Wireshark filter to detect a SYN/FIN DDoS attempt is tcp.flags==0X029. This filter is designed to capture packets where both the SYN and FIN flags are set, which is an unusual combination and indicative of a SYN/FIN attack. In a typical three-way TCP handshake, the SYN and FIN flags are not set in the same TCP segment. A SYN flag is used to initiate a connection, and a FIN flag is used to politely close a connection. Therefore, seeing both flags set in the same packet suggests a possible SYN/FIN DDoS attack.
Reference: The answer is based on the standard behavior of TCP flags in network communications and the detection of anomalous flag combinations that signify potential DDoS attacks. While specific references to the EC-Council’s Certified Network Defender (CND) course materials cannot be provided here, the explanation aligns with the general knowledge of network security practices and the use of Wireshark for network analysis.
Question #28
Who offers formal experienced testimony in court?
- A . Incident analyzer
- B . Evidence documenter
- C . Expert witness
- D . Attorney
Correct Answer: C
C
Explanation:
The individual who offers formal experienced testimony in court is known as an Expert Witness. This person is typically engaged due to their specialized knowledge, skills, or experience in a particular field, which is relevant to the case at hand. They provide informed opinions and insights to help the court understand complex matters that are beyond the general knowledge of the layperson. Unlike other witnesses, an expert witness is allowed to offer opinions and draw conclusions based on the facts presented in the case.
Reference: The role and qualifications of an expert witness are well-documented within legal frameworks and align with the Certified Network Defender (CND) program’s objectives, which include understanding the legal and ethical implications of network security.
C
Explanation:
The individual who offers formal experienced testimony in court is known as an Expert Witness. This person is typically engaged due to their specialized knowledge, skills, or experience in a particular field, which is relevant to the case at hand. They provide informed opinions and insights to help the court understand complex matters that are beyond the general knowledge of the layperson. Unlike other witnesses, an expert witness is allowed to offer opinions and draw conclusions based on the facts presented in the case.
Reference: The role and qualifications of an expert witness are well-documented within legal frameworks and align with the Certified Network Defender (CND) program’s objectives, which include understanding the legal and ethical implications of network security.
Question #29
What command is used to terminate certain processes in an Ubuntu system?
- A . #grep Kill [Target Process}
- B . #kill-9[PID]
- C . #ps ax Kill
- D . # netstat Kill [Target Process]
Correct Answer: B
B
Explanation:
In Ubuntu, to terminate a specific process, you would use the kill command followed by the signal you want to send and the Process ID (PID) of the target process. The -9 signal is the SIGKILL signal, which forcefully terminates the process. The correct syntax is kill -9 [PID], where [PID] is replaced with the actual numerical ID of the process you wish to terminate.
Reference: This information is consistent with standard Linux documentation and practices as well as the Certified Network Defender (CND) course material, which covers system administration and security tasks including process management. The kill command is a fundamental tool for process management in Unix-like operating systems, which is covered in the CND curriculum.
B
Explanation:
In Ubuntu, to terminate a specific process, you would use the kill command followed by the signal you want to send and the Process ID (PID) of the target process. The -9 signal is the SIGKILL signal, which forcefully terminates the process. The correct syntax is kill -9 [PID], where [PID] is replaced with the actual numerical ID of the process you wish to terminate.
Reference: This information is consistent with standard Linux documentation and practices as well as the Certified Network Defender (CND) course material, which covers system administration and security tasks including process management. The kill command is a fundamental tool for process management in Unix-like operating systems, which is covered in the CND curriculum.
Question #30
Henry needs to design a backup strategy for the organization with no service level downtime.
Which backup method will he select?
- A . Normal backup
- B . Warm backup
- C . Hot backup
- D . Cold backup
Correct Answer: C
C
Explanation:
A hot backup, also known as an online backup or dynamic backup, is the process of backing up data while the system continues to be in operation. This means that there is no need for system downtime or interruption in services while the backup is taking place. It is mostly used in systems where operations are critical and cannot afford any downtime, such as databases and servers that must be available 24/7. The hot backup method allows for data to be backed up at regular intervals with minimal impact on the system’s performance, ensuring that the organization can maintain continuous service levels.
Reference: The concept of hot backup is aligned with the ECCouncil’s Network Defender (CND) objectives and is supported by industry best practices as detailed in sources like MiniTool1 and NinjaOne2, which discuss the advantages of hot backups in maintaining uninterrupted service and business continuity.
C
Explanation:
A hot backup, also known as an online backup or dynamic backup, is the process of backing up data while the system continues to be in operation. This means that there is no need for system downtime or interruption in services while the backup is taking place. It is mostly used in systems where operations are critical and cannot afford any downtime, such as databases and servers that must be available 24/7. The hot backup method allows for data to be backed up at regular intervals with minimal impact on the system’s performance, ensuring that the organization can maintain continuous service levels.
Reference: The concept of hot backup is aligned with the ECCouncil’s Network Defender (CND) objectives and is supported by industry best practices as detailed in sources like MiniTool1 and NinjaOne2, which discuss the advantages of hot backups in maintaining uninterrupted service and business continuity.