• Home
  • Blogs
  • [Oct 22, 2021] New 2021 EC-COUNCIL 312-38 Exam Dumps with PDF from ExamPrepAway (Updated 171 Questions) [Q25-Q40]

[Oct 22, 2021] New 2021 EC-COUNCIL 312-38 Exam Dumps with PDF from ExamPrepAway (Updated 171 Questions) [Q25-Q40]

Share

New 2021 312-38 exam questions Welcome to download the newest ExamPrepAway 312-38 PDF dumps (171  Q&As)

P.S. Free 2021 Certified Ethical Hacker 312-38  dumps are available on Google Drive shared by ExamPrepAway

NEW QUESTION 25
Which of the following are the various methods that a device can use for logging information on a Cisco router?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Buffered logging
  • B. Terminal logging
  • C. Console logging
  • D. NTP logging
  • E. SNMP logging
  • F. Syslog logging

Answer: A,B,C,E,F

Explanation:
There are different methods that a device can use for logging information on a Cisco router:
Terminal logging: In this method, log messages are sent to the VTY session.
Console logging: In this method, log messages are sent directly to the console port.
Buffered logging: In this method, log messages are kept in the RAM on the router. As the buffer fills, the older messages are overwritten by the newer messages.
Syslog logging: In this method, log messages are sent to an external syslog server where they are stored and sorted.
SNMP logging: In this method, log messages are sent to an SNMP server in the network.
Answer option C is incorrect. This is an invalid option.

 

NEW QUESTION 26
Which of the following is a mandatory password-based and key-exchange authentication protocol?

  • A. VRRP
  • B. PPP
  • C. CHAP
  • D. DH-CHAP

Answer: D

 

NEW QUESTION 27
Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply.

  • A. Human resources
  • B. Legal representative
  • C. Information security representative
  • D. Lead investigator
  • E. Technical representative
  • F. Sales representative

Answer: A,B,C,D,E

Explanation:
Incident response is a process that detects a problem, determines the cause of an issue,
minimizes the damages, resolves the problem, and documents each step of process for future
reference. To perform all these roles, an incident response team is needed. The incident response
team includes the following representatives who are involved in the incident response process:
Lead investigator: The lead investigator is the manager of an incident response team. He is
always involved in the creation of an incident response plan. The duties of a lead investigator are
as follows:
Keep the management updated.
Ensure that the incident response moves smoothly and efficiently.
Interview and interrogate the suspects and witnesses.
Information security representative: The information security representative is a member of the
incident response team who alerts the team about possible security safeguards that can impact
their ability to respond to an incident.
Legal representative: The legal representative is a member of the incident response team who
ensures that the process follows all the laws during the response to an incident.
Technical representative: Technical representative is a representative of the incident response
team. More than one technician can be deployed to an incident. The duties of a technical
representative are as follows:
Perform forensic backups of the systems that are involved in an incident.
Human resources: Human resources personnel ensure that the policies of the organization are
enforced during the incident response process. They suspend access to a suspect if it is needed.
Human resources personnel are closely related with the legal representatives and cover up the
organization's legal responsibility.
Answer option E is incorrect. This is an invalid option.

 

NEW QUESTION 28
John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for his organization. For this, he needs to decide the appropriate devices and policies required to set up the network. Which of the following phases of the incident handling process will help him accomplish the task?

  • A. Containment
  • B. Eradication
  • C. Recovery
  • D. Preparation

Answer: D

Explanation:
Preparation is the first step in the incident handling process. It includes processes like backing up copies of all key data on a regular basis, monitoring and updating software on a regular basis, and creating and implementing a documented security policy. To apply this step a documented security policy is formulated that outlines the responses to various incidents, as a reliable set of instructions during the time of an incident. The following list contains items that the incident handler should maintain in the preparation phase i.e. before an incident occurs: Establish applicable policies Build relationships with key players Build response kit Create incident checklists Establish communication plan Perform threat modeling Build an incident response team Practice the demo incidents Answer option A is incorrect. The Containment phase of the Incident handling process is responsible for supporting and building up the incident combating process. It ensures the stability of the system and also confirms that the incident does not get any worse. The Containment phase includes the process of preventing further contamination of the system or network, and preserving the evidence of the contamination. Answer option D is incorrect. The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the information that has been gathered for determining how the attack was committed. To prevent the incident from happening again, it is vital to recognize how it was conceded out so that a prevention technique is applied. Answer option B is incorrect. Recovery is the fifth step of the incident handling process. In this phase, the Incident Handler places the system back into the working environment. In the recovery phase the Incident Handler also works with the questions to validate that the system recovery is successful. This involves testing the system to make sure that all the processes and functions are working normal. The Incident Handler also monitors the system to make sure that the systems are not compromised again. It looks for additional signs of attack.

 

NEW QUESTION 29
Damian is the chief security officer of Enigma Electronics. To block intruders and prevent any environmental accidents, he needs to set a two-factor authenticated keypad lock at the entrance, rig a fire suppression system, and link any video cameras at various corridors to view the feeds in the surveillance room. What layer of network defense-in-depth strategy is he trying to follow?

  • A. Perimeter
  • B. Policies and procedures
  • C. Host
  • D. Physical

Answer: D

 

NEW QUESTION 30
Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?

  • A. Confidentiality
  • B. Non-repudiation
  • C. Integrity
  • D. Authentication

Answer: B

 

NEW QUESTION 31
Adam, malicious hacker, has just succeeded in stealing through a secure cookie XSS attack. He is able to play back the cookie even if the session is valid on the server. Which of the following is the most likely cause of this issue?

  • A. Encryption does not apply.
  • B. Scrambling is performed in the network (layer 1 encryption)
  • C. Two-way encryption is used.
  • D. None
  • E. Encryption is performed at the application level (one encryption key).

Answer: E

 

NEW QUESTION 32
The SNMP contains various commands that reduce the burden on the network administrators. Which of the following commands is used by SNMP agents to notify SNMP managers about an event occurring in the network?

  • A. INFORM
  • B. SET
  • C. TRAPS
  • D. RESPONSE

Answer: C

 

NEW QUESTION 33
Which of the following are valid steps to secure routers? Each correct answer represents a complete solution.
Choose all that apply.

  • A. Use a password that is easy to remember the router's administrative console.
  • B. Use a complex password of the router management console.
  • C. Configure access list entries to prevent unauthorized connections and routing.
  • D. Keep routers updated with the latest security updates.

Answer: B,C,D

 

NEW QUESTION 34
Which of the following is a software tool used in passive attacks for capturing network traffic?

  • A. Intrusion detection system
  • B. Sniffer
  • C. Intrusion prevention system
  • D. Warchalking

Answer: B

Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the
LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the
network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host.
This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal,
Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to
users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.
Answer option A is incorrect. An intrusion prevention system (IPS) is a network security device that monitors
network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or
prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all
other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that
monitors network and/or system activities for malicious activities or policy violations and produces reports to a
Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to
stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on
identifying possible incidents, logging information about them, attempting to stop them, and reporting them to
security administrators.
Answer option C is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.

 

NEW QUESTION 35
Which of the following is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium?

  • A. Gateway
  • B. Network adapter
  • C. Transceiver
  • D. Repeater

Answer: D

Explanation:
A repeater is an electronic device that receives a signal and retransmits it at a higher level and/or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances. A repeater is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium. In electromagnetic media, repeaters overcome the attenuation caused by free-space electromagnetic-field divergence or cable loss. A series of repeaters make possible the extension of a signal over a distance. Repeaters remove the unwanted noise in an incoming signal. Unlike an analog signal, the original digital signal, even if weak or distorted, can be clearly perceived and restored. With analog transmission, signals are restrengthened with amplifiers which unfortunately also amplify noise as well as information. An example of a wireless repeater is shown in the figure below:

Answer option D is incorrect. A transceiver is a device that has both a transmitter and a receiver in a single package.
Answer option A is incorrect. A gateway is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as a translator and a router. Gateways are slower than bridges and routers. A gateway is an application layer device.
Answer option C is incorrect. A network adapter is used to interface a computer to a network. "Device driver" is a piece of software through which Windows and other operating systems support both wired and wireless network adapters. Network drivers allow application software to communicate with the adapter hardware.
Network device drivers are often installed automatically when adapter hardware is first powered on.

 

NEW QUESTION 36
Which of the following statements are TRUE about Demilitarized zone (DMZ)?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Hosts in the DMZ have full connectivity to specific hosts in the internal network.
  • B. Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network.
  • C. The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization.
  • D. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet.

Answer: B,C,D

Explanation:
A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.

 

NEW QUESTION 37
Which of the following protocols supports source-specific multicast (SSM)?

  • A. DNS
  • B. BGMP
  • C. ARP
  • D. DHCP

Answer: B

 

NEW QUESTION 38
Which of the following is NOT a WEP authentication method?

  • A. Shared key authentication
  • B. Media access authentication
  • C. Open system authentication
  • D. Kerberos authentication

Answer: D

 

NEW QUESTION 39
Which of the following is a credit card-sized device used to securely store personal information and used in
conjunction with a PIN number to authenticate users?

  • A. Proximity card
  • B. Smart card
  • C. SD card
  • D. Java card

Answer: B

Explanation:
A smart card is a credit card-sized device used to securely store personal information such as certificates,
public and private keys, passwords, etc. It is used in conjunction with a PIN number to authenticate users. In
Windows, smart cards are used to enable certificate-based authentication. To use smart cards, Extensible
Authentication Protocol (EAP) must be configured in Windows.
Answer option B is incorrect. Java Card is a technology that allows Java-based applications to be run securely
on smart cards and small memory footprint devices. Java Card gives a user the ability to program devices and
make them application specific. It is widely used in SIM
cards and ATM cards. Java Card products are based on the Java Card Platform specifications developed by
Sun Microsystems, a supplementary of Oracle Corporation. Many Java card products also rely on the global
platform specifications for the secure management of applications on the card. The main goals of the Java
Card technology are portability and security.
Answer option A is incorrect. Proximity card (or Prox Card) is a generic name for contactless integrated circuit
devices used for security access or payment systems. It can refer to the older 125 kHz devices or the newer
13.56 MHz contactless RFID cards, most commonly known as contactless smartcards. Modern proximity cards
are covered by the ISO/IEC 14443 (Proximity Card) standard. There is also a related ISO/IEC 15693 (Vicinity
Card) standard. Proximity cards are powered by resonant energy transfer and have a range of 0-3 inches in
most instances. The user will usually be able to leave the card inside a wallet or purse. The price of the cards is
also low, usually US$2-$5, allowing them to be used in applications such as identification cards, keycards,
payment cards and public transit fare cards.
Answer option C is incorrect. Secure Digital (SD) card is a non-volatile memory card format used in portable
devices such as mobile phones, digital cameras, and handheld computers. SD cards are based on the older
MultiMediaCard (MMC) format, but they are a little thicker than MMC cards. Generally an SD card offers a
write-protect switch on its side. SD cards generally measure 32 mm x 24 mm x 2.1 mm, but they can be as thin
as 1.4 mm. The devices that have SD card slots can use the thinner MMC cards, but the standard SD cards
will not fit into the thinner MMC slots. Some SD cards are also available with a USB connector. SD card
readers allow SD cards to be accessed via many connectivity ports such as USB, FireWire, and the common
parallel port.

 

NEW QUESTION 40
......

312-38 exam questions from ExamPrepAway dumps: https://www.examprepaway.com/EC-COUNCIL/braindumps.312-38.ete.file.html (171  Q&As)

Free 2021 Certified Ethical Hacker 312-38 dumps are available on Google Drive shared by ExamPrepAway: https://drive.google.com/open?id=1SDxf1ko3dOAamVL_KzKMa4eXK4xGUIYf

Related Blogs

more
EC-COUNCIL 312-38 Certification Practice Exam