EC-COUNCIL 312-38 Online Practice
Questions and Exam Preparation
312-38 Exam Details
Exam Code
:312-38
Exam Name
:EC-Council Certified Network Defender (CND)
Certification
:EC-COUNCIL Certifications
Vendor
:EC-COUNCIL
Total Questions
:653 Q&As
Last Updated
:May 29, 2026
EC-COUNCIL 312-38 Online Questions &
Answers
Question 371:
Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level. Which of the following is the correct order in the risk management phase?
A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring and Review B. Risk Identification, Risk Assessment, Risk Monitoring and Review, Risk Treatment C. Risk Treatment, Risk Monitoring and Review, Risk Identification, Risk Assessment D. Risk Assessment, Risk Treatment, Risk Monitoring and Review, Risk Identification
A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring and Review
Question 372:
What are the responsibilities of the following disaster recovery team? Each correct answer represents a complete solution. Choose all that apply.
A. Monitor the implementation of a disaster recovery plan and evaluate the results. B. To inform the management, the injured and the third parties about the disaster. C. Amend and update the disaster recovery plan according to lessons learned from previous disaster recovery efforts. D. Starts execution disaster recovery procedures.
A. Monitor the implementation of a disaster recovery plan and evaluate the results. B. To inform the management, the injured and the third parties about the disaster. C. Amend and update the disaster recovery plan according to lessons learned from previous disaster recovery efforts. D. Starts execution disaster recovery procedures.
Question 373:
Which of the following is an Internet application protocol used for transporting Usenet news articles between news servers and for reading and posting articles by end-user client applications?
A. NNTP B. BOOTP C. DCAP D. NTP
A. NNTP
Explanation/Reference:
The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. NNTP is designed so that news articles are stored in a central database, allowing the subscriber to select only those items that he wants to read. Answer option D is incorrect. Network Time Protocol (NTP) is used to synchronize the timekeeping among the number of distributed time servers and clients. It is used for the time management in a large and diverse network that contains many interfaces. In this protocol, servers define the time, and clients have to be synchronized with the defined time. These clients can choose the most reliable source of time defined from the several NTP servers for their information transmission. Answer option C is incorrect. The Data Link Switching Client Access Protocol (DCAP) is an application layer protocol that is used between workstations and routers for transporting SNA/NetBIOS traffic over TCP sessions. It was introduced in order to address a few deficiencies by the Data Link Switching Protocol (DLSw). The DLSw raises the important issues of scalability and efficiency, and since DLSw is a switch-to-switch protocol, it is not efficient when implemented on workstations. DCAP was introduced in order to address these issues. Answer option B is incorrect. The BOOTP protocol is used by diskless workstations to collect configuration information from a network server. It is also used to acquire a boot image from the server.
Question 374:
Fill in the blank with the appropriate term.The is a communication protocol that communicates information between the network routers and the multicast end stations.
IGMP
Explanation/Reference:
The Internet Group Management Protocol (IGMP) is a communication protocol that communicates information between the network routers and the multicast end stations. It allows the receivers to request a multicast data stream from a specific group address. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. The IGMP allows an end station to connect to a multicast group and leave it, while being connected to the group address. It can be effectively used for gaming and showing online videos. Although it does not actually act as a transport protocol, it operates above the network layer. It is analogous to ICMP for unicast connections. It is susceptible to some attacks, so firewalls commonly allow the user to disable it if not needed.
Question 375:
Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?
A. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol B. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol C. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol D. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol
B. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Question 376:
Which of the following is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment?
A. Sequence Number B. Header Length C. Acknowledgment Number D. Source Port Address
D. Source Port Address
Explanation/Reference:
Source Port Address is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment. Answer option C is incorrect. This is a 32-bit field that identifies the byte number that the sender of the segment is expecting to receive from the receiver. Answer option B is incorrect. This is a 4-bit field that defines the 4-byte words in the TCP header. The header length can be between 20 and 60 bytes. Therefore, the value of this field can be between 5 and 15. Answer option A is incorrect. This is a 32-bit field that identifies the number assigned to the first byte of data contained in the segment.
Question 377:
Byron, a new network administrator at FBI, would like to ensure that Windows PCs there are up-to-date and have less internal security flaws. What can he do?
A. Centrally assign Windows PC group policies B. Dedicate a partition on HDD and format the disk using NTFS C. Download and install latest patches and enable Windows Automatic Updates D. Install antivirus software and turn off unnecessary services
D. Install antivirus software and turn off unnecessary services
Question 378:
Who is an IR custodian?
A. An individual responsible for conveying company details after an incident B. An individual who receives the initial IR alerts and leads the IR team in all the IR activities C. An individual who makes a decision on the classifications and the severity of the incident identified D. An individual responsible for the remediation and resolution of the incident that occurred
B. An individual who receives the initial IR alerts and leads the IR team in all the IR activities
Question 379:
Which of the following intrusion detection techniques observes the network for abnormal usage patterns by determining the performance parameters for regular activities and monitoring for actions beyond the normal parameters?
A. Statistical anomaly detection B. Signature/Pattern matching C. None of these D. Stateful protocol analysis
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-38 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.