• Home
  • Articles
  • [Dec-2021] EC-COUNCIL 312-38 Exam Basic Questions With Answers [Q48-Q67]

[Dec-2021] EC-COUNCIL 312-38 Exam Basic Questions With Answers [Q48-Q67]

Share

[Dec-2021] EC-COUNCIL 312-38 Exam: Basic Questions With Answers 

New 2021 Realistic Free EC-COUNCIL 312-38 Exam Dump Questions & Answer


EC-Council 312-38 Exam Syllabus Topics:

TopicDetailsWeights
Wireless Network Defense- Understanding wireless network
- Discussing various wireless standards
- Describing various wireless network topologies
- Describing possible use of wireless networks
- Explaining various wireless network components
- Explaining wireless encryption (WEP, WPA,WPA2) technologies
- Describing various authentication methods for wireless networks
- Discussing various types of threats on wireless networks
- Creation of inventory for wireless network components
- Appropriate placement of wireless Access Point (AP)
- Appropriate placement of wireless antenna
- Monitoring of wireless network traffic
- Detection and locating of rogue access points
- Prevention of wireless network from RF interference
- Describing various security implications for wireless network		6%
Network Incident Response and Management- Understanding Incident Handling and Response (IH&R)
- Roles and responsibilities of Incident Response Team (IRT)
- Describing role of first responder
- Describing first response activities for network administrators
- Describing Incident Handling and Response (IH&R) process
- Understanding forensic investigation
- People involved in forensics investigation
- Describing forensics investigation methodology		8%
Network Risk and Vulnerability Management- Understanding risk and risk management
- Key roles and responsibilities in risk management
- Understanding Key Risk Indicators (KRI) in risk management
- Explaining phase involves in risk management
- Understanding enterprise network risk management
- Describing various risk management frameworks
- Discussing best practices for effective implementation of risk management
- Understanding vulnerability management
- Explaining various phases involve in vulnerability management
- Understanding vulnerability assessment and its importance
- Discussing requirements for effective network vulnerability assessment
- Discussing internal and external vulnerability assessment
- Discussing steps for effective external vulnerability assessment
- Describing various phases involve in vulnerability assessment
- Selection of appropriate vulnerability assessment tool
- Discussing best practices and precautions for deploying vulnerability assessment tool
- Describing vulnerability reporting, mitigation, remediation and verification		9%
Computer Network and Defense Fundamentals- Understanding computer network
- Describing OSI and TCP/IP network Models
- Comparing OSI and TCP/IP network Models
- Understanding different types of networks
- Describing various network topologies
- Understanding various network components
- Explaining various protocols in TCP/IP protocol stack
- Explaining IP addressing concept
- Understanding Computer Network Defense (CND)
- Describing fundamental CND attributes
- Describing CND elements
- Describing CND process and Approaches		5%
Host Security- Understanding host security
- Understanding the importance of securing individual hosts
- Understanding threats specific to hosts
- Identifying paths to host threats
- Purpose of host before assessment
- Describing host security baselining
- Describing OS security baselining
- Understanding and describing security requirements for different types of servers
- Understanding security requirements for hardening of routers
- Understanding security requirements for hardening of switches
- Understanding data security concerns when data is at rest, in use, and in motion
- Understanding virtualization security		7%
Network Security Threats, Vulnerabilities, and Attacks- Understanding threat, attack, and vulnerability
- Discussing network security concerns
- Reasons behind network security concerns
- Effect of network security breach on business continuity
- Understanding different types of network threats
- Understanding different types of network security vulnerabilities
- Understanding different types of network attacks
- Describing various network attacks		5%


Must-Have Revision Books to Study for EC-Council 312-38 Exam

Now, let's review the best revision books for your 312-38 validation:

  • EC-Council Certified Network Defender Certification (312-38) Latest Exam Questions

    This is one of the best options if you’ve been looking for valid 312-38 exam dumps and practice test questions in one place. The author, Lade Davies, has designed a comprehensive question bank to help learners master the test details and succeed on the first try. Also, the questions are frequently updated to ensure they align with the latest curriculum details. Covering the latest exam testing pattern, studying with this book will mark an important step in your career journey, one that could turn out to be the defining path in the long run. Want guaranteed success on the first attempt? Then get started with this impressive guide for only $3.59 and see for yourself what it can bring you.

  • Intelligence-Driven Incident Response: Outwitting the Adversary (1st Edition)

    Now, a manual like this is designed to achieve one goal: to welcome you to the world of incident response through intelligently-driven initiatives. With cyber threats skyrocketing in the modern IT world, Scott J. Roberts and Rebekah Brown felt the need to accurately demonstrate how intelligence can be integrated into the exciting world of incident response. Thus, this book is a useful tool that aims to help candidates understand how they can sufficiently reduce the average time it takes to detect, respond to, and manage intrusions. In particular, it targets all individuals who play a key role in incident response. It could be a malware analyst, reverse engineer, incident manager, or digital forensic specialist looking to take their career to another level by mastering these concepts.

  • EC-Council Certified Network Defender Exam Practice Questions and Dumps: EXAM REVIEW QUESTIONS FOR 312-38 Exam Prep Updated

    A quick look at this material by Aiva Books shows a comprehensive guide with well-researched content and up-to-date questions to help candidates crack the EC Council 312-38 exam easily. The content of this book corresponds with the current exam curriculum, built around the detection and prevention of network security threats. Also, here, the author wants to be sure that you are familiar with the major topic areas before you schedule the actual test. This means that upon completing your training using this resource, you should be well versed in such concepts as network topology, security policy, network components, traffic, and performance alongside utilization among the rest. With over 180 practice questions for the EC-Council 312-38 exam, you will absolutely have no reason to fail such a test after studying with this resource. However, you must first pay at least $9.60 to get your Kindle copy from Amazon.

 

NEW QUESTION 48
Identify the type of event that is recorded when an application driver loads successfully in Windows.

  • A. Information
  • B. Warning
  • C. Error
  • D. Success Audit

Answer: A

 

NEW QUESTION 49
Which of the following fields in the IPv6 header replaces the TTL field in the IPv4 header?

  • A. Version
  • B. Traffic class
  • C. Hop limit
  • D. Next header

Answer: C

 

NEW QUESTION 50
Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and
capturing username and password?

  • A. AirSnort
  • B. Ettercap
  • C. BackTrack
  • D. Aircrack

Answer: B

Explanation:
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing. It is capable
of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping
against a number of common protocols. It is a free open source software. Ettercap supports active and passive
dissection of many protocols (including ciphered ones) and provides many features for network and host
analysis.
Answer option C is incorrect. BackTrack is a Linux distribution distributed as a Live CD, which is used for
penetration testing. It allows users to include customizable scripts, additional tools and configurable kernels in
personalized distributions. It contains various tools, such as Metasploit integration, RFMON injection capable
wireless drivers, kismet, autoscan-network (network discovering and managing application), nmap, ettercap,
wireshark (formerly known as Ethereal).
Answer option A is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption
keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures
approximately 5 to 10 million packets to decrypt the WEP keys. Answer option D is incorrect. Aircrack is the
fastest WEP/WPA cracking tool used for 802.11a/b/g WEP and WPA cracking.

 

NEW QUESTION 51
Which of the following is a method of authentication that uses physical characteristics?

  • A. Honeypot
  • B. ACL
  • C. COMSEC
  • D. Biometrics

Answer: D

 

NEW QUESTION 52
Which of the following is the full form of SAINT?

  • A. System Automated Integrated Network Tool
  • B. System Admin Integrated Network Tool
  • C. System Administrators Integrated Network Tool
  • D. Security Admin Integrated Network Tool

Answer: C

 

NEW QUESTION 53
Which of the following policies is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly?

  • A. Information protection policy
  • B. Password policy
  • C. Group policy
  • D. Remote access policy

Answer: B

Explanation:
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. Password policies are account policies that are related to the users' accounts. Such policies are password-related settings that provide different constraints for the password's usage. Password policies can be configured to enforce users to provide passwords only in a specific way when they try to log on to their computers. These policies increase the effectiveness of the user's computers. Answer option C is incorrect. A group policy specifies how programs, network resources, and the operating system work for users and computers in an organization.
Answer option A is incorrect. An information protection policy ensures that information is appropriately protected from modification or disclosure.
Answer option B is incorrect. Remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.

 

NEW QUESTION 54
Which of the following commands is used for port scanning?

  • A. nc -v
  • B. nc -t
  • C. nc -z
  • D. nc -d

Answer: C

Explanation:
Explanation

 

NEW QUESTION 55
Which of the following wireless networks provides connectivity over distance up to 20 feet?

  • A. WLAN
  • B. WWAN
  • C. WPAN
  • D. WMAN

Answer: C

 

NEW QUESTION 56
Which of the following processes helps the business units to understand the impact of a disruptive event?

  • A. Business impact assessment
  • B. Plan approval and implementation
  • C. Business continuity plan development
  • D. Scope and plan initiation

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 57
Which of the following techniques is used for drawing symbols in public places for advertising an open Wi-Fi wireless network?

  • A. War dialing
  • B. War driving
  • C. Warchalking
  • D. Spamming

Answer: C

Explanation:
Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving. Answer option B is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources. Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers (hackers that specialize in computer security) for password guessing. Answer option A is incorrect. Spamming is the technique of flooding the Internet with a number of copies of the same message. The most widely recognized form of spams are e-mail spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam.

 

NEW QUESTION 58
Which among the following is used to limit the number of cmdlets or administrative privileges of administrator, user, or service accounts?

  • A. User Account Control (UAC)
  • B. Windows Security Identifier (SID)
  • C. Just Enough Administration (EA)
  • D. Credential Guard

Answer: C

 

NEW QUESTION 59
Token Ring is standardized by which of the following IEEE standards?

  • A. 802.3
  • B. 802.2
  • C. 802.1
  • D. 802.4

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 60
Which of the following honeypots provides an attacker access to the real operating system without any restriction and collects a vast amount of information about the attacker?

  • A. Honeyd
  • B. High-interaction honeypot
  • C. Medium-interaction honeypot
  • D. Low-interaction honeypot

Answer: B

Explanation:
A high-interaction honeypot offers a vast amount of information about attackers. It provides an attacker access to the real operating system without any restriction. A high-interaction honeypot is a powerful weapon that provides opportunities to discover new tools, to identify new vulnerabilities in the operating system, and to learn how blackhats communicate with one another.
Answer option D is incorrect. A low-interaction honeypot captures limited amounts of information that are mainly transactional data and some limited interactive information. Because of simple design and basic functionality, low-interaction honeypots are easy to install, deploy, maintain, and configure. A low-interaction honeypot detects unauthorized scans or unauthorized connection attempts. A low-interaction honeypot is like a one-way connection, as the honeypot provides services that are limited to listening ports. Its role is very passive and does not alter any traffic. It generates logs or alerts when incoming packets match their patterns.
Answer option B is incorrect. A medium-interaction honeypot offers richer interaction capabilities than a low- interaction honeypot, but does not provide any real underlying operating system target. Installing and configuring a medium-interaction honeypot takes more time than a low-interaction honeypot. It is also more complicated to deploy and maintain as compared to a low-interaction honeypot. A medium-interaction honeypot captures a greater amount of information but comes with greater risk. Answer option C is incorrect. Honeyd is an example of a low-interaction honeypot.

 

NEW QUESTION 61
Which of the following statements are true about volatile memory? Each correct answer represents a complete solution. Choose all that apply.

  • A. The content is stored permanently, and even the power supply is switched off.
  • B. Read-Only Memory (ROM) is an example of volatile memory.
  • C. The volatile storage device is faster in reading and writing data.
  • D. It is computer memory that requires power to maintain the stored information.

Answer: C,D

Explanation:
Volatile memory, also known as volatile storage, is computer memory that requires power to maintain the stored information, unlike non-volatile memory which does not require a maintained power supply. It has been less popularly known as temporary memory. Most forms of modern random access memory (RAM) are volatile storage, including dynamic random access memory (DRAM) and static random access memory (SRAM). A volatile storage device is faster in reading and writing data. Answer options B and A are incorrect. Non-volatile memory, nonvolatile memory, NVM, or non-volatile storage, in the most basic sense, is computer memory that can retain the stored information even when not powered. Examples of non-volatile memory include read-only memory, flash memory, most types of magnetic computer storage devices (e.g. hard disks, floppy disks, and magnetic tape), optical discs, and early computer storage methods such as paper tape and punched cards.

 

NEW QUESTION 62
Which of the following standards is a change in the original IEEE 802.11 and defines the security mechanisms for wireless networks?

  • A. None
  • B. 802.11e
  • C. 802.11i
  • D. 802.11b
  • E. 802.11a

Answer: C

 

NEW QUESTION 63
Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?

  • A. Hash rule
  • B. Certificate rule
  • C. Internet zone rule
  • D. Path rule

Answer: A

 

NEW QUESTION 64
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts.
Which of the following attacks is being used by Eve?

  • A. Session fixation
  • B. Fire walking
  • C. Replay
  • D. Cross site scripting

Answer: C

Explanation:
Explanation
Explanation:
Eve is using Replay attack. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to the system. In this type of attack, the attacker does not know the actual password, but can simply replay the captured packet. Session tokens can be used to avoid replay attacks. Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different from Bob's computation.
Answer option C is incorrect. In the cross site scripting attack, an attacker tricks the user's computer into running code, which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Answer option B is incorrect. Firewalking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.
Answer option D is incorrect. In session fixation, an attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.

 

NEW QUESTION 65
Which of the following IP class addresses are not allotted to hosts? Each correct answer represents a complete solution. Choose all that apply.

  • A. Class B
  • B. Class E
  • C. Class A
  • D. Class D
  • E. Class C

Answer: B,D

Explanation:
Explanation
Explanation:
Class addresses D and E are not allotted to hosts. Class D addresses are reserved for multicasting, and their address range can extend from 224 to 239. Class E addresses are reserved for experimental purposes. Their addresses range from 240 to 254.
Answer option C is incorrect. Class A addresses are specified for large networks. It consists of up to
16,777,214 client devices (hosts), and their address range can extend from 1 to 126.
Answer option D is incorrect. Class B addresses are specified for medium size networks. It consists of up to
65,534 client devices, and their address range can extend from 128 to 191.
Answer option A is incorrect. Class C addresses are specified for small local area networks (LANs). It consists of up to 245 client devices, and their address range can extend from 192 to 223.

 

NEW QUESTION 66
Larry is responsible for the company's network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server outside of the company's internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls. What logical area is Larry putting the new email server into?

  • A. He will put the email server in an IPsec zone.
  • B. For security reasons, Larry is going to place the email server in the company's Logical Buffer Zone (LBZ).
  • C. He is going to place the server in a Demilitarized Zone (DMZ)
  • D. Larry is going to put the email server in a hot-server zone.

Answer: C

 

NEW QUESTION 67
......


Understanding functional and technical aspects of Certified Network Defender Business Principles and Practices

The following will be discussed in ECCOUNCIL EC 312-38 dumps:

  • Perform application testing to validate WLAN performance (CHAPTER 12)
  • Wireless Intrusion Prevention System (WIPS) and/or rogue AP detection
  • Protocol and spectrum analyzers
  • Verify and document that design requirements are met including coverage, throughput, roaming, and connectivity with a post-implementation validation survey (CHAPTER 12)
  • Identify sources of RF interference from non-802.11 wireless devices based on the investigation of airtime and frequency utilization

 

Guaranteed Success in Certified Ethical Hacker 312-38 Exam Dumps: https://www.testvalid.com/312-38-exam-collection.html

312-38 Practice Test Engine: Try These 171 Exam Questions: https://drive.google.com/open?id=1Pf490Hix8R6zp3c60OYM-2qvs6q3XTuY 

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam

Copyright © 2026 TestValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy