EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 101:

  Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities. What type of network security approach is Daniel adopting?

  A. Preventative
  B. Reactive
  C. Retrospective
  D. Defense-in-depth
  B. Reactive

• Question 102:

  Which of the following is an intrusion detection system that monitors and analyzes the internals of a computing system rather than the network packets on its external interfaces?

  A. IPS
  B. HIDS
  C. DMZ
  D. NIDS
  B. HIDS

  ---

  Explanation/Reference:

  A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than the network packets on its external interfaces. A host-based Intrusion Detection System (HIDS) monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and checks that the contents of these appear as expected. Answer option D is incorrect. A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect incoming shell codes in the same manner that an ordinary intrusion detection system does. Answer option A is incorrect. IPS (Intrusion Prevention Systems), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of "intrusion prevention systems" are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. An IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct CRC, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Answer option C is incorrect. DMZ, or demilitarized zone, is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ rather than any other part of the network.

• Question 103:

  John works Incident Director of Tech World Inc. His job is to set up a wireless network in his organization. For this purpose, he needs to decide on appropriate equipment and policies need to set up a network. Which of the following stages of the incident handling process to help him accomplish the task?

  A. Preparation
  B. None
  C. Recovery
  D. the eradication of
  E. containment
  A. Preparation

• Question 104:

  What should an administrator do while installing a sniffer on a system to listen to all data transmitted over the network?

  A. Set the system's NIC to managed mode
  B. Set the system's NIC to master mode
  C. Set the system's NIC to ad-hoc mode
  D. Set the system's NIC to promiscuous mode
  D. Set the system's NIC to promiscuous mode

• Question 105:

  The attacks are classified as which of the following? Each correct answer represents a complete solution. Choose all that apply.

  A. replay attack
  B. active attack
  C. session hijacking
  D. passive attack
  B. active attack
  D. passive attack

• Question 106:

  Ivan needs to pick an encryption method that is scalable even though it might be slower. He has settled on a method that works where one key is public and the other is private. What encryption method did Ivan settle on?

  A. Ivan settled on the hashing encryption method.
  B. Ivan settled on the asymmetric encryption method.
  C. Ivan settled on the private encryption method.
  D. Ivan settled on the symmetric encryption method.
  B. Ivan settled on the asymmetric encryption method.

• Question 107:

  Which of the following is a presentation layer protocol?

  A. TCP
  B. RPC
  C. BGP
  D. LWAPP
  D. LWAPP

• Question 108:

  You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile users working from laptops on Windows 8. Last week 10 of your company's laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information. While doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?

  A. You should have used 3DES.
  B. You should have implemented the Distributed File System (DFS).
  C. If you would have implemented Pretty Good Privacy (PGP).
  D. You could have implemented the Encrypted File System (EFS)
  D. You could have implemented the Encrypted File System (EFS)

• Question 109:

  Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic normally recorded by the IDS. What type of detection is this network-based IDS system using?

  A. This network-based IDS system is using anomaly detection.
  B. This network-based IDS system is using dissimilarity algorithms.
  C. This system is using misuse detection.
  D. This network-based IDS is utilizing definition-based detection.
  A. This network-based IDS system is using anomaly detection.

• Question 110:

  Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

  A. NetResident
  B. Wireshark
  C. Bridle
  D. NetWitness
  E. None
  B. Wireshark

  ---

  Explanation/Reference:

  Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development,

  and education. Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but

  support is being added for others) by putting the network interface into promiscuous mode.

  Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features:

  Data can be captured "from the wire" from a live network connection or read from a file that records the already-captured packets.

  Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.

  Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.

  Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.

  Data display can be refined using a display filter. Plugins can be created for dissecting new protocols.

  Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be

  designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

  Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity.

  Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events and activities.