EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 501:

  Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?

  A. Log analysis
  B. Patch management
  C. Incident handling
  D. Business Continuity Management
  D. Business Continuity Management

  ---

  Explanation/Reference:

  Business Continuity Management is a management process that determines potential impacts that are likely to threaten an organization. It provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders. Business continuity management includes disaster recovery, business recovery, crisis management, incident management, emergency management, product recall, contingency planning, etc. Answer option B is incorrect. Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management includes the following tasks: Maintaining current knowledge of available patches Deciding what patches are appropriate for particular systems Ensuring that patches are installed properly Testing systems after installation, and documenting all associated procedures, such as specific configurations required A number of products are available to automate patch management tasks, including Ring Master's Automated Patch Management, Patch Link Update, and Gibraltar's Ever guard. Answer option A is incorrect. This option is invalid. Answer option C is incorrect. Incident handling is the process of managing incidents in an Enterprise, Business, or an Organization. It involves the thinking of the prospective suitable to the enterprise and then the implementation of the prospective in a clean and manageable manner. It involves completing the incident report and presenting the conclusion to the management and providing ways to improve the process both from a technical and administrative aspect. Incident handling ensures that the overall process of an enterprise runs in an uninterrupted continuity.

• Question 502:

  Which among the following filter is used to detect a SYN/FIN attack?

  A. tcp.flags==0x002
  B. tcp.flags==0x004
  C. tcp.flags==0x003
  D. tcp.flags==0x001
  D. tcp.flags==0x001

• Question 503:

  Which of the following systems includes an independent NAS Head and multiple storage arrays?

  A. FreeNAS
  B. None of these
  C. Gateway NAS System
  D. Integrated NAS System
  C. Gateway NAS System

• Question 504:

  John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

  A. Packet Filtering
  B. Circuit level gateway
  C. Application level gateway
  D. Stateful Multilayer Inspection
  B. Circuit level gateway

• Question 505:

  Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?

  A. ISO/IEC 27005
  B. ISO/IEC 27006
  C. ISO/IEC 27002
  D. ISO/IEC 27004
  A. ISO/IEC 27005

• Question 506:

  Based on which of the following registry key, the Windows Event log audit configurations are recorded?

  A. HKEY_LOCAL_MACHINE\SYSTEM\Services\EventLog\ < ErrDev >
  B. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EventLog\ < EntAppsvc >
  C. HKEY_LOCAL_MACHINE\CurrentControlSet\Services\EventLog\< ESENT >
  D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ < Event Log >
  D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ < Event Log >

• Question 507:

  Which of the following is the type of documented business rule for protecting information and the systems, which store and process the information

  A. Information protection policy
  B. Information protection document
  C. Information storage policy
  D. Information security policy
  D. Information security policy

• Question 508:

  Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic?

  A. PSAD
  B. Hping
  C. NetRanger
  D. Nmap
  A. PSAD

  ---

  Explanation/Reference:

  PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic. It includes many signatures from the IDS to detect probes for various backdoor programs such as EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS). If it is combined with fwsnort and the Netfilter string match extension, it detects most of the attacks described in the Snort rule set that involve application layer data. Answer option C is incorrect. NetRanger is the complete network configuration and information toolkit that includes the following tools: Ping tool, Trace Route tool, Host Lookup tool, Internet time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool, manage dialup connections tool, Quote of the day tool, and monitor Network Settings tool. These tools are integrated in order to use an application interface with full online help. NetRanger is designed for both new and experienced users. This tool is used to help diagnose network problems and to get information about users, hosts, and networks on the Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection technologies in order to be very fast and efficient. Answer option D is incorrect. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows, etc.

• Question 509:

  Which of the following UTP cables supports transmission up to 20MHz?

  A. Category 2
  B. Category 5e
  C. Category 4
  D. Category 1
  C. Category 4

• Question 510:

  Which of the following protocols supports source-specific multicast (SSM)?

  A. DHCP
  B. ARP
  C. DNS
  D. BGMP
  D. BGMP