EC-Council 312-38 Certified Network Defender Online Training
EC-Council 312-38 Online Training
The questions for 312-38 were last updated at Nov 19,2024.
- Exam Code: 312-38
- Exam Name: Certified Network Defender
- Certification Provider: EC-Council
- Latest update: Nov 19,2024
Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching.
Which type of network-based IDS is Sam implementing?
- A . Behavior-based IDS
- B . Anomaly-based IDS
- C . Stateful protocol analysis
- D . Signature-based IDS
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information.
Which type of firewall service is John thinking of implementing?
- A . Application level gateway
- B . Stateful Multilayer Inspection
- C . Circuit level gateway
- D . Packet Filtering
You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification.
What type of device are you suggesting?
- A . The best solution to cover the needs of this company would be a HIDS device.
- B . A NIDS device would work best for the company
- C . You are suggesting a NIPS device
- D . A HIPS device would best suite this company
Management wants to calculate the risk factor for their organization. Kevin, a network administrator in the organization knows how to calculate the risk factor. Certain parameters are required before calculating risk factor.
What are they? (Select all that apply) Risk factor =………….X……………X………..
- A . Vulnerability
- B . Impact
- C . Attack
- D . Threat
Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle’s company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide.
What type of solution would be best for Lyle?
- A . A NEPT implementation would be the best choice.
- B . To better serve the security needs of his company, Lyle should use a HIDS system.
- C . Lyle would be best suited if he chose a NIPS implementation
- D . He should choose a HIPS solution, as this is best suited to his needs.
Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt.
Which filter will he use to view the traffic?
- A . Tcp.flags==0x000
- B . Tcp.flags==0000x
- C . Tcp.flags==000×0
- D . Tcp.flags==x0000
Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21.
What does this source address signify?
- A . This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.
- B . This source address is IPv6 and translates as 13.1.68.3
- C . This source address signifies that the originator is using 802dot1x to try and penetrate into Frank’s network
- D . This means that the source is using IPv4
The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident.
Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)
- A . Complying with the company’s security policies
- B . Implementing strong authentication schemes
- C . Implementing a strong password policy
- D . Install antivirus software
Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees.
Under which category of an information security policy does AUP fall into?
- A . System Specific Security Policy (SSSP)
- B . Incident Response Policy (IRP)
- C . Enterprise Information Security Policy (EISP)
- D . Issue Specific Security Policy (ISSP)
The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers.
What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?
- A . You should run the up2date -d -f -u command
- B . You should run the up2data -u command
- C . You should run the WSUS -d -f -u command.
- D . You should type the sysupdate -d command
Latest 312-38 Dumps Valid Version with 120 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
