EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 321:

  Who oversees all the incident response activities in an organization and is responsible for all actions of the IR team and IR function?

  A. IR officer
  B. Attorney
  C. IR custodians
  D. PR specialist
  A. IR officer

• Question 322:

  Which Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

  A. Rule-Based Approach
  B. Graph-Based Approach
  C. Field-Based Approach
  D. Automated Field Correlation
  D. Automated Field Correlation

• Question 323:

  Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

  A. Contingency plan
  B. Disaster recovery plan
  C. Business continuity plan
  D. Continuity of Operations Plan
  A. Contingency plan

  ---

  Explanation/Reference:

  A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option D is incorrect. It includes the plans and procedures documented that ensure the continuity of critical operations during any period where normal operations are impossible. Answer option B is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. Answer option C is incorrect. Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. The BCP lifecycle is as follows:

  

• Question 324:

  Which of the following is a network point that acts as an entrance to another network?

  A. Receiver
  B. Hub
  C. Bridge
  D. Gateway
  D. Gateway

• Question 325:

  Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends a large number of unsolicited commercial e-mail (UCE) messages to these addresses. Which of the following e-mail crimes is Peter committing?

  A. E-mail spam
  B. E-mail storm
  C. E-mail bombing
  D. E-mail spoofing
  A. E-mail spam

  ---

  Explanation/Reference:

  Peter is performing spamming activity. Spam is a term that refers to the unsolicited e-mails sent to a large number of e-mail users. The number of such e-mails is increasing day by day, as most companies now prefer to use e-mails for promoting their products. Because of these unsolicited e-mails, legitimate e-mails take a much longer time to deliver to their destination. The attachments sent through spam may also contain viruses. However, spam can be stopped by implementing spam filters on servers and e-mail clients. Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending a large number of unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for protection against this type of attack. Answer option B is incorrect. An e-mail storm is a sudden spike of Reply All messages on an e-mail distribution list, usually caused by a controversial or misdirected message. Such storms start when multiple members of the distribution list reply to the entire list at the same time in response to an instigating message. Other members soon respond, usually adding vitriol to the discussion, asking to be removed from the list, or pleading for the cessation of messages. If enough members reply to these unwanted messages, this triggers a chain reaction of e-mail messages. The sheer load of traffic generated by these storms can render the e-mail servers carrying them inoperative, similar to a DDoS attack. Some e-mail viruses also have the capacity to create e-mail storms, by sending copies of themselves to an infected user's contacts, including distribution lists, infecting the contacts in turn. Answer option D is incorrect. E-mail spoofing is a term used to describe e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path, and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field, it actually comes from another source.

• Question 326:

  Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?

  A. Log analysis
  B. Incident handling
  C. Business Continuity Management
  D. Patch management
  C. Business Continuity Management

  ---

  Explanation/Reference:

  Business Continuity Management is a management process that determines potential impacts that are likely to threaten an organization. It provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders. Business continuity management includes disaster recovery, business recovery, crisis management, incident management, emergency management, product recall, contingency planning, etc. Answer option D is incorrect. Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management includes the following tasks: Maintaining current knowledge of available patches Deciding what patches are appropriate for particular systems Ensuring that patches are installed properly Testing systems after installation, and documenting all associated procedures, such as specific configurations requiredA number of products are available to automate patch management tasks, including RingMaster's Automated Patch Management, PatchLink Update, and Gibraltar's Everguard. Answer option A is incorrect. This option is invalid. Answer option B is incorrect. Incident handling is the process of managing incidents in an Enterprise, Business, or an Organization. It involves the thinking of the prospective suitable to the enterprise and then the implementation of the prospective in a clean and manageable manner. It involves completing the incident report and presenting the conclusion to the management and providing ways to improve the process both from a technical and administrative aspect. Incident handling ensures that the overall process of an enterprise runs in an uninterrupted continuity.

• Question 327:

  Which of the following is a kind of security, which deals with the protection of false signals transmitted by the electrical system?

  A. None
  B. emanation Safety
  C. hardware security
  D. physical security
  E. communications Security
  B. emanation Safety

• Question 328:

  Fill in the blank with the appropriate term. management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system.

  Patch

  Explanation/Reference:

  Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management includes the following tasks: Maintaining current knowledge of available patches Deciding what patches are appropriate for particular systems Ensuring that patches are installed properly Testing systems after installation, and documenting all associated procedures, such as specific configurations required A number of products are available to automate patch management tasks, including RingMaster's Automated Patch Management, PatchLink Update, and Gibraltar's Everguard.

• Question 329:

  How can one identify the baseline for normal traffic?

  A. When the SYN flag appears at the beginning and the FIN flag appears at the end of the connection
  B. When the RST flag appears at the beginning and the ACK flag appears at the end of the connection
  C. When the ACK flag appears at the beginning and the RST flag appears at the end of the connection
  D. When the FIN flag appears at the beginning and the SYN flag appears at the end of the connection
  A. When the SYN flag appears at the beginning and the FIN flag appears at the end of the connection

• Question 330:

  Which of the following network monitoring techniques requires extra monitoring software or hardware?

  A. Non-router based
  B. Switch based
  C. Hub based
  D. Router based
  A. Non-router based