Practice Free 312-38 Exam Online Questions
Question #51
How is application whitelisting different from application blacklisting?
- A . It allows all applications other than the undesirable applications
- B . It allows execution of trusted applications in a unified environment
- C . It allows execution of untrusted applications in an isolated environment
- D . It rejects all applications other than the allowed applications
Correct Answer: D
D
Explanation:
Application whitelisting is a security approach that allows only pre-approved applications to execute within a system or network. This method operates on a ‘default deny’ principle, meaning if an application is not explicitly listed as approved, it will not be allowed to run. This is in contrast to application blacklisting, which operates on a ‘default allow’ principle where all applications are allowed to run unless they have been specifically identified as malicious or undesirable and added to a blacklist. Whitelisting is generally considered more secure because it prevents any unapproved applications from running, which can include new or unknown threats. However, it can be more challenging to maintain as it requires a comprehensive understanding of all the necessary applications for business operations.
Reference: The concept of application whitelisting and its differentiation from blacklisting is well-documented in cybersecurity literature and aligns with the guidelines provided by the EC-Council’s Certified Network Defender (CND) program. It is also supported by various cybersecurity frameworks and best practices, including those from authoritative sources such as the National Institute of Standards and Technology (NIST).
D
Explanation:
Application whitelisting is a security approach that allows only pre-approved applications to execute within a system or network. This method operates on a ‘default deny’ principle, meaning if an application is not explicitly listed as approved, it will not be allowed to run. This is in contrast to application blacklisting, which operates on a ‘default allow’ principle where all applications are allowed to run unless they have been specifically identified as malicious or undesirable and added to a blacklist. Whitelisting is generally considered more secure because it prevents any unapproved applications from running, which can include new or unknown threats. However, it can be more challenging to maintain as it requires a comprehensive understanding of all the necessary applications for business operations.
Reference: The concept of application whitelisting and its differentiation from blacklisting is well-documented in cybersecurity literature and aligns with the guidelines provided by the EC-Council’s Certified Network Defender (CND) program. It is also supported by various cybersecurity frameworks and best practices, including those from authoritative sources such as the National Institute of Standards and Technology (NIST).
Question #52
What is the name of the authority that verifies the certificate authority in digital certificates?
- A . Directory management system
- B . Certificate authority
- C . Registration authority
- D . Certificate Management system
Correct Answer: C
C
Explanation:
In the context of digital certificates, the Registration Authority (RA) is responsible for verifying the identity of entities requesting a certificate before the Certificate Authority (CA) issues it. The RA acts as a verifier for the CA, ensuring that the entity requesting the certificate is who they claim to be. This process is crucial for maintaining trust within a digital environment, as it prevents the issuance of certificates to fraudulent or unauthorized entities.
Reference: The role of the Registration Authority in the verification process is outlined in the EC-Council’s Certified Network Defender (CND) curriculum, which covers the essential concepts of network security, including the management and issuance of digital certificates.
C
Explanation:
In the context of digital certificates, the Registration Authority (RA) is responsible for verifying the identity of entities requesting a certificate before the Certificate Authority (CA) issues it. The RA acts as a verifier for the CA, ensuring that the entity requesting the certificate is who they claim to be. This process is crucial for maintaining trust within a digital environment, as it prevents the issuance of certificates to fraudulent or unauthorized entities.
Reference: The role of the Registration Authority in the verification process is outlined in the EC-Council’s Certified Network Defender (CND) curriculum, which covers the essential concepts of network security, including the management and issuance of digital certificates.
Question #53
How does Windows’ in-built security component, AppLocker, whitelist applications?
- A . Using Path Rule
- B . Using Signature Rule
- C . Using Certificate Rule
- D . Using Internet Zone Rule
Correct Answer: A
A
Explanation:
AppLocker whitelists applications by creating rules that specify which files are allowed to run. One of the primary methods for specifying these rules is through the use of Path Rules. Path Rules allow administrators to specify an allowed file or folder path, and any application within that path is permitted to run. This method is particularly useful for allowing applications from a known directory while blocking others that are not explicitly approved.
Reference: The official Microsoft documentation explains that AppLocker functions as an allowlist by default, where only files covered by one or more allow rules are permitted to run. Path Rules are a fundamental part of this allowlisting approach1. Additionally, other resources like security guidelines and best practices for Windows reinforce the use of Path Rules as a method for application whitelisting within AppLocker2
A
Explanation:
AppLocker whitelists applications by creating rules that specify which files are allowed to run. One of the primary methods for specifying these rules is through the use of Path Rules. Path Rules allow administrators to specify an allowed file or folder path, and any application within that path is permitted to run. This method is particularly useful for allowing applications from a known directory while blocking others that are not explicitly approved.
Reference: The official Microsoft documentation explains that AppLocker functions as an allowlist by default, where only files covered by one or more allow rules are permitted to run. Path Rules are a fundamental part of this allowlisting approach1. Additionally, other resources like security guidelines and best practices for Windows reinforce the use of Path Rules as a method for application whitelisting within AppLocker2
Question #54
A network designer needs to submit a proposal for a company, which has just published a web portal for its clients on the internet. Such a server needs to be isolated from the internal network, placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with three interfaces, one for the internet network, another for the DMZ server farm and another for the internal network.
What kind of topology will the designer propose?
- A . Screened subnet
- B . DMZ, External-Internal firewall
- C . Multi-homed firewall
- D . Bastion host
Correct Answer: A
A
Explanation:
The topology that the network designer will propose is known as a screened subnet. This topology involves the use of two or more firewalls to create a network segment referred to as a demilitarized zone (DMZ). The DMZ acts as a buffer zone between the public internet and the internal network. It contains the public-facing servers, such as the web portal mentioned, which is isolated from the internal network for added security. The screened subnet topology typically includes a firewall at the network’s edge connected to the internet, another firewall separating the DMZ from the internal network, and the DMZ itself. This setup allows for strict control of traffic between the internet, the DMZ, and the internal network, providing an additional layer of security.
Reference: The concept of a screened subnet as a network topology is consistent with the Certified Network Defender (CND) course materials, which cover network perimeter security and the implementation of firewalls to protect networked systems12.
A
Explanation:
The topology that the network designer will propose is known as a screened subnet. This topology involves the use of two or more firewalls to create a network segment referred to as a demilitarized zone (DMZ). The DMZ acts as a buffer zone between the public internet and the internal network. It contains the public-facing servers, such as the web portal mentioned, which is isolated from the internal network for added security. The screened subnet topology typically includes a firewall at the network’s edge connected to the internet, another firewall separating the DMZ from the internal network, and the DMZ itself. This setup allows for strict control of traffic between the internet, the DMZ, and the internal network, providing an additional layer of security.
Reference: The concept of a screened subnet as a network topology is consistent with the Certified Network Defender (CND) course materials, which cover network perimeter security and the implementation of firewalls to protect networked systems12.
Question #55
Arman transferred some money to his friend’s account using a net banking service. After a few hours, his friend informed him that he hadn’t received the money yet. Arman logged on to the bank’s website to investigate and discovered that the amount had been transferred to an unknown account instead. The bank, upon receiving Arman’s complaint, discovered that someone had established a station between Arman’s and the bank server’s communication system. The station intercepted the communication and inserted another account number replacing his friend’s account number.
What is such an attack called?
- A . Privilege Escalation
- B . DNS Poisoning
- C . Man-in-the-Middle Attack
- D . DNS Cache Poisoning
Correct Answer: C
C
Explanation:
The scenario described is a classic example of a Man-in-the-Middle (MitM) attack. In this type of cyberattack, the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker has inserted themselves between the two parties, in this case, Arman and the bank’s server, and has intercepted the communication to redirect the funds to a different account. This type of attack can occur in various forms, such as eavesdropping on or altering the communication over an insecure network service, but it is characterized by the attacker’s ability to intercept and modify the data being exchanged without either legitimate party noticing.
Reference: The definition and explanation of a Man-in-the-Middle attack are based on standard cybersecurity knowledge and documented instances of such attacks123456.
C
Explanation:
The scenario described is a classic example of a Man-in-the-Middle (MitM) attack. In this type of cyberattack, the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker has inserted themselves between the two parties, in this case, Arman and the bank’s server, and has intercepted the communication to redirect the funds to a different account. This type of attack can occur in various forms, such as eavesdropping on or altering the communication over an insecure network service, but it is characterized by the attacker’s ability to intercept and modify the data being exchanged without either legitimate party noticing.
Reference: The definition and explanation of a Man-in-the-Middle attack are based on standard cybersecurity knowledge and documented instances of such attacks123456.
Question #56
Should not be expensive.
The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements.
What RAID level will she suggest?
- A . RAID 0
- B . RAID 10
- C . RAID 3
- D . RAID 1
Correct Answer: C
C
Explanation:
RAID 3 is a level of RAID that uses striping with a dedicated parity disk. This means that data is spread across multiple disks, and parity information is stored on one dedicated disk. RAID 3 allows for good read and write speeds and can reconstruct data if one drive fails, thanks to the parity information. It is also a cost-effective solution because it requires only one additional disk for parity, regardless of the size of the array. This makes it suitable for environments where data throughput and fault tolerance are important but budget constraints are a consideration.
Reference: The explanation aligns with the RAID level characteristics and the requirements specified by the management team. RAID 3’s ability to provide parity checks, data reconstruction during downtime, and process data at a good speed while being cost-effective makes it an appropriate choice123.
C
Explanation:
RAID 3 is a level of RAID that uses striping with a dedicated parity disk. This means that data is spread across multiple disks, and parity information is stored on one dedicated disk. RAID 3 allows for good read and write speeds and can reconstruct data if one drive fails, thanks to the parity information. It is also a cost-effective solution because it requires only one additional disk for parity, regardless of the size of the array. This makes it suitable for environments where data throughput and fault tolerance are important but budget constraints are a consideration.
Reference: The explanation aligns with the RAID level characteristics and the requirements specified by the management team. RAID 3’s ability to provide parity checks, data reconstruction during downtime, and process data at a good speed while being cost-effective makes it an appropriate choice123.
Question #57
Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?
- A . RPO
- B . RFO
- C . RSP
- D . RTO
Correct Answer: D
D
Explanation:
The term that defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption is the Recovery Time Objective (RTO). RTO is a critical metric in business continuity and disaster recovery planning. It refers to the maximum acceptable length of time that a service, product, or activity can be offline after a disaster before significantly impacting the organization. This metric helps businesses determine the amount of time they can afford to be without their critical functions before the loss becomes unacceptable.
Reference: The concept of RTO is widely recognized in business continuity planning and is a fundamental part of the disaster recovery strategy, ensuring that businesses can continue to operate or quickly resume key operations after an interruption12345.
D
Explanation:
The term that defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption is the Recovery Time Objective (RTO). RTO is a critical metric in business continuity and disaster recovery planning. It refers to the maximum acceptable length of time that a service, product, or activity can be offline after a disaster before significantly impacting the organization. This metric helps businesses determine the amount of time they can afford to be without their critical functions before the loss becomes unacceptable.
Reference: The concept of RTO is widely recognized in business continuity planning and is a fundamental part of the disaster recovery strategy, ensuring that businesses can continue to operate or quickly resume key operations after an interruption12345.
Question #58
Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization.
- A . Hybrid virtualization
- B . Hardware-assisted virtualization
- C . Full virtualization
- D . Para virtualization
Correct Answer: D
D
Explanation:
Para virtualization is a virtualization technique where the guest operating system is aware of the virtual environment and can communicate directly with the host machine’s hypervisor to request resources. This direct communication allows for a more efficient system, as it does not require the same level of emulation and overhead as full virtualization. In para virtualization, the guest OS is typically modified to interact with a thin layer of software called a hypervisor, which coordinates access to the physical hardware resources. This setup is designed to reduce the performance overhead that typically occurs with full virtualization, where the guest OS must go through a more complex abstraction layer to access resources.
Reference: The information provided is based on standard practices of para virtualization in network security and aligns with the Certified Network Defender (CND) curriculum, which includes understanding various virtualization techniques as part of network infrastructure management12.
D
Explanation:
Para virtualization is a virtualization technique where the guest operating system is aware of the virtual environment and can communicate directly with the host machine’s hypervisor to request resources. This direct communication allows for a more efficient system, as it does not require the same level of emulation and overhead as full virtualization. In para virtualization, the guest OS is typically modified to interact with a thin layer of software called a hypervisor, which coordinates access to the physical hardware resources. This setup is designed to reduce the performance overhead that typically occurs with full virtualization, where the guest OS must go through a more complex abstraction layer to access resources.
Reference: The information provided is based on standard practices of para virtualization in network security and aligns with the Certified Network Defender (CND) curriculum, which includes understanding various virtualization techniques as part of network infrastructure management12.
Question #59
Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled.
Which of the following command allows Sophie to do so?
- A . Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
- B . Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
- C . Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol
- D . Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol
Correct Answer: B
B
Explanation:
To check if SMB1 is enabled or disabled, the correct PowerShell command is Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol. This command queries the status of the SMB1Protocol feature in the running instance of Windows. If SMB1 is enabled, the command will return its status as ‘Enabled’, and if it is disabled, it will return ‘Disabled’.
Reference: The correct syntax for the command is documented in various official Windows resources, including Microsoft’s own documentation on managing SMB protocols1. It is also aligned with the objectives of the EC-Council’s Certified Network Defender (CND) program, which includes knowledge of managing Windows network protocols and features.
B
Explanation:
To check if SMB1 is enabled or disabled, the correct PowerShell command is Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol. This command queries the status of the SMB1Protocol feature in the running instance of Windows. If SMB1 is enabled, the command will return its status as ‘Enabled’, and if it is disabled, it will return ‘Disabled’.
Reference: The correct syntax for the command is documented in various official Windows resources, including Microsoft’s own documentation on managing SMB protocols1. It is also aligned with the objectives of the EC-Council’s Certified Network Defender (CND) program, which includes knowledge of managing Windows network protocols and features.
Question #60
Which of the following connects the SDN application layer and SDN controller and allows communication between the network services and business applications?
- A . Eastbound API
- B . Westbound API
- C . Northbound API
- D . Southbound API
Correct Answer: C
C
Explanation:
In the context of Software-Defined Networking (SDN), the Northbound API is the interface that connects the SDN application layer to the SDN controller. It facilitates communication between the network services and business applications. The Northbound API allows applications to communicate their network requirements to the controller, which then translates these requirements into the network configurations necessary to provide the requested services.
Reference: This information is consistent with the SDN architecture overview provided by the Open Networking Foundation1 and further explained in resources like GeeksforGeeks2 and SDxCentral3, which describe the role of Northbound APIs in SDN environments. These APIs are crucial for enabling the application layer to interact with the control layer, allowing for a dynamic, programmable networking infrastructure.
C
Explanation:
In the context of Software-Defined Networking (SDN), the Northbound API is the interface that connects the SDN application layer to the SDN controller. It facilitates communication between the network services and business applications. The Northbound API allows applications to communicate their network requirements to the controller, which then translates these requirements into the network configurations necessary to provide the requested services.
Reference: This information is consistent with the SDN architecture overview provided by the Open Networking Foundation1 and further explained in resources like GeeksforGeeks2 and SDxCentral3, which describe the role of Northbound APIs in SDN environments. These APIs are crucial for enabling the application layer to interact with the control layer, allowing for a dynamic, programmable networking infrastructure.