Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.

[Oct 06, 2021] 312-38 Dumps Full Questions - Exam Study Guide [Q55-Q77]

Share

[Oct 06, 2021] 312-38 Dumps Full Questions - Exam Study Guide

Certified Ethical Hacker  Free Certification Exam Material from BraindumpsIT with 112 Questions

NEW QUESTION 55
Which of the following tools is used for wireless LANs detection?

  • A. Airopeek
  • B. NetStumbler
  • C. Sniffer
  • D. Fort Knox

Answer: B

 

NEW QUESTION 56
CORRECT TEXT
Fill in the blank with the appropriate term. In computing, ______________ is a class of data storage devices that read their data in sequence.

Answer:

Explanation:
SAM
Explanation:
In computing, sequential access memory (SAM) is a class of data storage devices that read their data in sequence. This is in contrast to random access memory (RAM) where data can be accessed in any order. Sequential access devices are usually a form of magnetic memory.While sequential access memory is read in sequence, access can still be made to arbitrary locations by "seeking" to the requested location. Magnetic sequential access memory is typically used for secondary storage in general-purpose computers due to their higher density at lower cost compared to RAM, as well as resistance to wear and non-volatility. Examples of SAM devices include hard disks, CD-ROMs, and magnetic tapes.

 

NEW QUESTION 57
You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile users working from laptops on Windows 8. Last week 10 of your company's laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information.
While
doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?

  • A. You should have used 3DES.
  • B. You could have implemented the Encrypted File System (EFS)
  • C. You should have implemented the Distributed File System (DFS).
  • D. If you would have implemented Pretty Good Privacy (PGP).

Answer: B

 

NEW QUESTION 58
Which of the following policies is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly?

  • A. Password policy
  • B. Remote access policy
  • C. Group policy
  • D. Information protection policy

Answer: A

Explanation:
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. Password policies are account policies that are related to the users' accounts. Such policies are password-related settings that provide different constraints for the password's usage. Password policies can be configured to enforce users to provide passwords only in a specific way when they try to log on to their computers. These policies increase the effectiveness of the user's computers. Answer option C is incorrect. A group policy specifies how programs, network resources, and the operating system work for users and computers in an organization.
Answer option A is incorrect. An information protection policy ensures that information is appropriately protected from modification or disclosure.
Answer option B is incorrect. Remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.

 

NEW QUESTION 59
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

  • A. Cross site scripting
  • B. Fire walking
  • C. Replay
  • D. Session fixation

Answer: C

Explanation:
Eve is using Replay attack. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to the system. In this type of attack, the attacker does not know the actual password, but can simply replay the captured packet. Session tokens can be used to avoid replay attacks. Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different from Bob's computation. Answer option C is incorrect. In the cross site scripting attack, an attacker tricks the user's computer into running code, which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations. Answer option B is incorrect. Firewalking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. Answer option D is incorrect. In session fixation, an attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.

 

NEW QUESTION 60
Which of the following policies helps in defining what users can and should do to use network and
organization's computer equipment?

  • A. IT policy
  • B. General policy
  • C. Remote access policy
  • D. User policy

Answer: D

Explanation:
A user policy helps in defining what users can and should do to use network and organization's computer
equipment. It also defines what limitations are put on users for maintaining the network secure such as
whether users can install programs on their workstations, types of programs users are using, and how users
can access data.
Answer option C is incorrect. IT policy includes general policies for the IT department. These policies are
intended to keep the network secure and stable. It includes the following:
Virus incident and security incident
Backup policy
Client update policies
Server configuration, patch update, and modification policies (security)
Firewall policies Dmz policy, email retention, and auto forwarded email policy
Answer option A is incorrect. It defines the high level program policy and business continuity plan.
Answer option B is incorrect. Remote access policy is a document that outlines and defines acceptable
methods of remotely connecting to the internal network.

 

NEW QUESTION 61
Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP addresses to be private addresses, to prevent public Internet devices direct access to them. What should Steven implement on the firewall to ensure this happens?

  • A. Steven should enabled Network Address Translation(NAT)
  • B. Steven should use IPsec
  • C. Steven should use Open Shortest Path First (OSPF)
  • D. Steven should use a Demilitarized Zone (DMZ)

Answer: A

 

NEW QUESTION 62
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail,
and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is
highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for
switching across switched networks. It can also be used to capture authentication information for FTP, telnet,
SMTP, HTTP, POP, NNTP, IMAP, etc.

  • A. Libnids
  • B. Dsniff
  • C. Cain
  • D. LIDS

Answer: B

Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff
include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing
both switched and shared networks. It uses the arpredirect and macof tools for switching across switched
networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP,
IMAP, etc.
Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as
Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking
program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux
operating system.

 

NEW QUESTION 63
David is working in a mid-sized IT company. Management asks him to suggest a framework that can be used effectively to align the IT goals to the business goals of the company. David suggests the______framework, as it provides a set of controls over IT and consolidates them to form a framework.

  • A. COBIT
  • B. ITIL
  • C. ISO 27007
  • D. RMIS

Answer: A

 

NEW QUESTION 64
Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level. Which of the following is the correct order in the risk management phase?

  • A. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment
  • B. Risk Identification. Risk Assessment. Risk Monitoring & Review, Risk Treatment
  • C. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
  • D. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification

Answer: C

 

NEW QUESTION 65
Physical access controls help organizations monitor, record, and control access to the information assets and facility. Identify the category of physical security controls which includes security labels and warning signs.

  • A. Physical control
  • B. Technical control
  • C. Environmental control
  • D. Administrative control

Answer: D

 

NEW QUESTION 66
Kyle is an IT technician managing 25 workstations and 4 servers. The servers run applications and mostly store confidential data. Kyle must backup the server's data daily to ensure nothing is lost. The power in the company's office is not always reliable, Kyle needs to make sure the servers do not go down or are without power for too long. Kyle decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters and converters to charge the battery and provides power when needed. What type of UPS has Kyle purchased?

  • A. He purchased a True Online UPS.
  • B. Kyle purchased a Line-Interactive UPS
  • C. He has bought a Standby UPS
  • D. Kyle purchased a Ferro resonant Standby UPS.

Answer: C

 

NEW QUESTION 67
Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?

  • A. Behavior-based ID system
  • B. Network-based ID system
  • C. Host-based ID system
  • D. Signature-Based ID system

Answer: C

 

NEW QUESTION 68
Which of the following is a software tool used in passive attacks for capturing network traffic?

  • A. Warchalking
  • B. Intrusion detection system
  • C. Intrusion prevention system
  • D. Sniffer

Answer: D

Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the
LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the
network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host.
This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal,
Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to
users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.
Answer option A is incorrect. An intrusion prevention system (IPS) is a network security device that monitors
network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or
prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all
other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that
monitors network and/or system activities for malicious activities or policy violations and produces reports to a
Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to
stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on
identifying possible incidents, logging information about them, attempting to stop them, and reporting them to
security administrators.
Answer option C is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.

 

NEW QUESTION 69
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's_________integrity check mechanism provides security against a replay attack

  • A. CBC-MAC
  • B. CRC-32
  • C. CBC-32
  • D. CRC-MAC

Answer: A

 

NEW QUESTION 70
Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?

  • A. EGP
  • B. IGMP
  • C. OSPF
  • D. ICMP

Answer: A

Explanation:
EGP stands for Exterior Gateway Protocol. It is used for exchanging routing information between two gateways in a network of autonomous systems. This protocol depends upon periodic polling with proper acknowledgements to confirm that network connections are up and running, and to request for routing updates. Each router requests its neighbor at an interval of 120 to 480 seconds, for sending the routing table updates. The neighbor host then responds by sending its routing table. EGP-2 is the latest version of EGP. Answer option B is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet. Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks. Answer option D is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network.

 

NEW QUESTION 71
Which of the following is also known as slag code?

  • A. Worm
  • B. Trojan
  • C. IRC bot
  • D. Logic bomb

Answer: D

 

NEW QUESTION 72
Which of the following types of coaxial cable is used for cable TV and cable modems?

  • A. RG-62
  • B. RG-58
  • C. RG-59
  • D. RG-8

Answer: C

Explanation:
Explanation
Explanation:
RG-59 type of coaxial cable is used for cable TV and cable modems.
Answer option A is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet LAN
environment and often connects one wiring closet to another. It is also known as 10Base5 or ThickNet.
Answer option B is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio antennas.
Answer option D is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband signaling
and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.

 

NEW QUESTION 73
Which of the following tool is used for passive attacks to capture network traffic?

  • A. warchalking
  • B. Intrusion detection system
  • C. None
  • D. Intrusion prevention system
  • E. Sniffer

Answer: E

 

NEW QUESTION 74
Which of the following is virtually unsolicited e-mail messages, often with commercial content, in large quantities of indiscriminate set of recipients? Each correct answer represents a complete solution.

  • A. spam
  • B. E-mail harassment
  • C. E-mail scam

Answer: A

 

NEW QUESTION 75
John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for his
organization. For this, he needs to decide the appropriate devices and policies required to set up the network.
Which of the following phases of the incident handling process will help him accomplish the task?

  • A. Containment
  • B. Eradication
  • C. Recovery
  • D. Preparation

Answer: D

Explanation:
Preparation is the first step in the incident handling process. It includes processes like backing up copies of all
key data on a regular basis, monitoring and updating software on a regular basis, and creating and
implementing a documented security policy. To apply this step a documented security policy is formulated that
outlines the responses to various incidents, as a reliable set of instructions during the time of an incident. The
following list contains items that the incident handler should maintain in the preparation phase i.e. before an
incident occurs:
Establish applicable policies
Build relationships with key players
Build response kit
Create incident checklists
Establish communication plan
Perform threat modeling
Build an incident response team
Practice the demo incidents
Answer option A is incorrect. The Containment phase of the Incident handling process is responsible for
supporting and building up the incident combating process. It ensures the stability of the system and also
confirms that the incident does not get any worse. The Containment phase includes the process of preventing
further contamination of the system or network, and preserving the evidence of the contamination.
Answer option D is incorrect. The Eradication phase of the Incident handling process involves the cleaning-up
of the identified harmful incidents from the system. It includes the analyzing of the information that has been
gathered for determining how the attack was committed. To prevent the incident from happening again, it is
vital to recognize how it was conceded out so that a prevention technique is applied.
Answer option B is incorrect. Recovery is the fifth step of the incident handling process. In this phase, the
Incident Handler places the system back into the working environment. In the recovery phase the Incident
Handler also works with the questions to validate that the system recovery is successful. This involves testing
the system to make sure that all the processes and functions are working normal. The Incident Handler also
monitors the system to make sure that the systems are not compromised again. It looks for additional signs of
attack.

 

NEW QUESTION 76
John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for his organization. For this, he needs to decide the appropriate devices and policies required to set up the network. Which of the following phases of the incident handling process will help him accomplish the task?

  • A. Containment
  • B. Eradication
  • C. Recovery
  • D. Preparation

Answer: D

Explanation:
Preparation is the first step in the incident handling process. It includes processes like backing up copies of all key data on a regular basis, monitoring and updating software on a regular basis, and creating and implementing a documented security policy. To apply this step a documented security policy is formulated that outlines the responses to various incidents, as a reliable set of instructions during the time of an incident. The following list contains items that the incident handler should maintain in the preparation phase i.e. before an incident occurs: Establish applicable policies Build relationships with key players Build response kit Create incident checklists Establish communication plan Perform threat modeling Build an incident response team Practice the demo incidents Answer option A is incorrect. The Containment phase of the Incident handling process is responsible for supporting and building up the incident combating process. It ensures the stability of the system and also confirms that the incident does not get any worse. The Containment phase includes the process of preventing further contamination of the system or network, and preserving the evidence of the contamination. Answer option D is incorrect. The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the information that has been gathered for determining how the attack was committed. To prevent the incident from happening again, it is vital to recognize how it was conceded out so that a prevention technique is applied. Answer option B is incorrect. Recovery is the fifth step of the incident handling process. In this phase, the Incident Handler places the system back into the working environment. In the recovery phase the Incident Handler also works with the questions to validate that the system recovery is successful. This involves testing the system to make sure that all the processes and functions are working normal. The Incident Handler also monitors the system to make sure that the systems are not compromised again. It looks for additional signs of attack.

 

NEW QUESTION 77
......

Dumps Brief Outline Of The 312-38 Exam: https://www.braindumpsit.com/312-38_real-exam.html

Use Real 312-38 - 100% Cover Real Exam Questions: https://drive.google.com/open?id=1DlQ4Uy-OpAIvYn1N3Ro3Ds_5LV5LbXDh