Certified Network Defender (CND)
Last Update Dec 14, 2024
Total Questions : 362
We are offering FREE 312-38 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 312-38 free exam questions and then go for complete pool of Certified Network Defender (CND) test questions that will help you more.
In what type of IoT communication model do devices interact with each other through the internet, primarily using protocols such as ZigBee, Z-Wave, or Bluetooth?
Clement is the CEO of an IT firm. He wants to implement a policy allowing employees with a preapproved set of devices from which the employees choose devices (laptops, smartphones, and tablets) to access company data as per the organization's access privileges. Which among the following policies does Clement want to enforce?
According to standard loT security practice, loT Gateway should be connected to a -------------
HexCom, a leading IT Company in the USA, realized that their employees were having trouble accessing multiple servers with different passwords. Due to this, the centralized server was also being
overburdened by avoidable network traffic. To overcome the issue, what type of authentication can be given to the employees?
Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?
Which of the following is a data destruction technique that protects the sensitivity of information against a laboratory attack where an unauthorized individual uses signal processing recovery tools in a laboratory environment to recover the information?
Which of the following refers to a potential occurrence of an undesired event that can eventually damage and interrupt the operational and functional activities of an organization?
Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend
them against this allegation.
Which encryption algorithm does S/MIME protocol implement for digital signatures in emails?
Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?
Will is working as a Network Administrator. Management wants to maintain a backup of all the company data as soon as it starts operations. They decided to use a RAID backup storage technology for their data backup
plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data written to one disk is copied automatically to the other disk as well. This maintains an additional copy of the data.
Which RAID level is used here?
Geon Solutions INC., had only 10 employees when it started. But as business grew, the organization had to increase the amount of staff. The network administrator is finding it difficult to accommodate an increasing
number of employees in the existing network topology. So the organization is planning to implement a new topology where it will be easy to accommodate an increasing number of employees. Which network topology
will help the administrator solve the problem of needing to add new employees and expand?
Identify the attack where an attacker manipulates or tricks people into revealing their confidential details like bank account information, credit card details, etc.?
Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?
If a network is at risk from unskilled individuals, what type of threat is this?
Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is
encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.
Which of the following wireless encryption provides enhanced password protection, secured IoT connections, and encompasses stronger encryption techniques?
Frank is a network technician working for a medium-sized law firm in Memphis. Frank and two other IT employees take care of all the technical needs for the firm. The firm's partners have asked that a secure wireless
network be implemented in the office so employees can move about freely without being tied to a network cable. While Frank and his colleagues are familiar with wired Ethernet technologies, 802.3, they are not familiar
with how to setup wireless in a business environment. What IEEE standard should Frank and the other IT employees follow to become familiar with wireless?
You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your
first reaction as a first responder?
During the recovery process, RTO and RPO should be the main parameters of your disaster
recovery plan. What does RPO refer to?
Physical access controls help organizations monitor, record, and control access to the information assets and facility. Identify the category of physical security controls which includes security labels and
warning signs.
You want to increase your network security implementing a technology that only allows certain MAC addresses in specific ports in the switches; which one of the above is the best choice?
Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as
PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?
What is the IT security team responsible for effectively managing the security of the organization’s IT infrastructure, called?
The GMT enterprise is working on their internet and web usage policies. GMT would like to control
internet bandwidth consumption by employees. Which group of policies would this belong to?
Patrick wants to change the file permission of a file with permission value 755 to 744. He used a Linux command chmod [permission Value] [File Name] to make these changes. What will be the change
in the file access?
Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:
According to the company's security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows
Authentication. What needs to happen to force this server to use Windows Authentication?
The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in
transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?
Who acts as an intermediary to provide connectivity and transport services between cloud consumers and providers?
Which of the following is not part of the recommended first response steps for network defenders?
Which of the following provides the target for designing DR and BC solutions?
An attacker has access to password hashes of a Windows 7 computer. Which of the following attacks can the attacker use to reveal the passwords?
The SNMP contains various commands that reduce the burden on the network administrators.
Which of the following commands is used by SNMP agents to notify SNMP managers about an event occurring in the network?
Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?
An employee of a medical service company clicked a malicious link in an email sent by an attacker. Suddenly, employees of the company are not able to access billing information or client record as it is
encrypted. The attacker asked the company to pay money for gaining access to their data. Which type of malware attack is described above?
Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal
advice to defend them against this allegation.
The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager
talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed. What is/are the reason(s) Alex is suggesting that James use a differential backup?
(Select all that apply)
An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then
upload this file into the cracking application that runs against the user accounts. Which of the following password cracking techniques is the attacker trying?
Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to
ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?
Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what
command should he execute?
Which of the following indicators are discovered through an attacker's intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?
Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?
Which type of training can create awareness among employees regarding compliance issues?
John, a network administrator, is configuring Amazon EC2 cloud service for his organization. Identify the type of cloud service modules his organization adopted.
Which type of modulation technique is used in local area wireless networks (LAWNs)?
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of
following physical security measures should the administrator use?
What defines the maximum time period an organization is willing to lose data during a major IT outage event?
Riya bought some clothes and a watch from an online shopping site a few days back. Since then,
whenever she accesses any other application (games, browser, etc.) on her mobile, she is spammed with
advertisements for clothes and watches similar to the ones she bought. What can be the underlying
reason for Riya’s situation?
Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?
Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on
the network?
Martin is a professional hacker. He is performing reconnaissance on an organization to hack a few
target systems. As a part of this method, he needs to determine what hosts are available on the
network, what services those hosts are offering, what operating systems they are running, what type of
packet filters/firewalls, etc. To obtain such information, Martin decided to use automated tools.
Which of the following tool must be employed by Martin?
A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0. What IP address class is the network range a part of?
Which of the following data security technology can ensure information protection by obscuring specific areas of information?
Cindy is the network security administrator for her company. She just got back from a security
conference in Las Vegas where they talked about all kinds of old and new security threats; many of
which she did not know of. She is worried about the current security state of her company's network so
she decides to start scanning the network from an external IP address. To see how some of the hosts on
her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK
response. Before the connection is established, she sends RST packets to those hosts to stop the session.
She has done this to see how her intrusion detection system will log the traffic. What type of scan is
Cindy attempting here?
An IT company has just been hit with a severe external security breach. To enhance the company’s security posture, the network admin has decided to first block all the services and then individually
enable only the necessary services. What is such an Internet access policy called?
Bankofamerica Enterprise is working on an internet and usage policy in a way to control the
internet demand. What group of policy does this belong to?
Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?
Which of the following type of UPS is used to supply power above 10kVA and provides an ideal electric output presentation, and its constant wear on the power components reduces the
dependability?
Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?
A network designer needs to submit a proposal for a company, which has just published a web
portal for its clients on the internet. Such a server needs to be isolated from the internal network,
placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with
three interfaces, one for the internet network, another for the DMZ server farm and another for the
internal network. What kind of topology will the designer propose?
Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of
incident in the plan. Unsuccessful scans and probes are at what severity level?
Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?
The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank's business is very high. How should this risk be categorized in the
risk matrix?
Maximus Tech Is a multinational company that uses Cisco ASA Firewalls for their systems. Jason is the one of the members of the team that checks the logs at Maximus Tech. As a part of his job. he is going through me logs and he came across a firewall log that looks like this:
May 06 2018 21:27:27 asa 1: % ASA -6-11008: User enable_16' executed the 'configure term' command
Based on the security level mentioned in the log, what did Jason understand about the description of this message?
An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
Assume that you are working as a network defender at the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?
Henry needs to design a backup strategy for the organization with no service level downtime. Which backup method will he select?
Which event type indicates a significant problem such as loss of data or loss of functionality?
Which of the following systems includes an independent NAS Head and multiple storage arrays?
Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?
Which wireless networking topology setup requires same channel name and SSID?
Under which of the following acts can an international financial institution be prosecuted if it fails to maintain the privacy of its customer’s information?
Individuals in the organization using system resources against acceptable usage policies indicates which of the following security incident:
Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other. How will they ensure the authenticity of their emails?
Jeanne is working as a network administrator in an IT company. She wants to control/limit container
access to CPU, memory, swap, block IO (rates), network. Which Linux kernel feature allows Jeanne to
manage, restrict, and audit groups of the process?
Which filter to locate unusual ICMP request an Analyst can use in order to detect a ICMP probes
from the attacker to a target OS looking for the response to perform ICMP fingerprinting?
You are using Wireshark to monitor your network traffic and you see a lot of packages with FIN,
PUSH and URG flags activated; what can you infer about this behavior?
Which subdirectory in /var/log directory stores information related to Apache web server?
Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?
Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for
disabling a service?
Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication
before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?
A popular e-commerce company has recently received a lot of complaints from its customers. Most
of the complaints are about the customers being redirected to some other website when trying to
access the e-com site, leading to all their systems being compromised and corrupted. Upon
investigation, the network admin of the firm discovered that some adversary had manipulated the
company’s IP address in the domain name server’s cache. What is such an attack called?
In ______ method, event logs are arranged in the form of a circular buffer.
Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?
Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With
suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic
normally recorded by the IDS. What type of detection is this network-based IDS system using?
Delta IT solutions suffered a substantial data loss translating into a huge monetary loss for them. While investigation, the network admin analyzed all the packets and traffic transmitted across the
network and identified that some user, within the organization, had leaked the data. Which of the following devices could have helped the network admin reach this conclusion?
Which of the following filters car be applied to detect an ICMP ping sweep attempt using Wireshark?
Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?