Month End Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certified Network Defender (CND) Question and Answers

Certified Network Defender (CND)

Last Update Mar 21, 2023
Total Questions : 177

We are offering FREE 312-38 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 312-38 free exam questions and then go for complete pool of Certified Network Defender (CND) test questions that will help you more.

312-38 pdf

312-38 PDF

$35  $99.99
312-38 Engine

312-38 Testing Engine

$42  $119.99
312-38 PDF + Engine

312-38 PDF + Testing Engine

$56  $159.99
Questions 1

James was inspecting ARP packets in his organization's network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are

originating. Which type of attack is James analyzing?

Options:

A.  

ARP Sweep

B.  

ARP misconfiguration

C.  

ARP spoofinq

D.  

ARP Poisioning

Discussion 0
Questions 2

How is application whitelisting different from application blacklisting?

Options:

A.  

It allows all applications other than the undesirable applications

B.  

It allows execution of trusted applications in a unified environment

C.  

It allows execution of untrusted applications in an isolated environment

D.  

It rejects all applications other than the allowed applications

Discussion 0
Questions 3

Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

Options:

A.  

Use firewalls in Network Address Transition (NAT) mode

B.  

Implement IPsec

C.  

Implement Simple Network Management Protocol (SNMP)

D.  

Use Network Time Protocol (NTP)

Discussion 0
Questions 4

An US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that require a minimum of six drives but will meet high fault tolerance and with a

high speed for the data read and write operations. What RAID level is John considering to meet this requirement?

Options:

A.  

RAID level 1

B.  

RAID level 10

C.  

RAID level 5

D.  

RAID level 50

Discussion 0
Questions 5

Eric is receiving complaints from employees that their systems are very slow and experiencing odd issues including restarting automatically and frequent system hangs. Upon investigating, he is convinced the systems

are infected with a virus that forces systems to shut down automatically after period of time. What type of security incident are the employees a victim of?

Options:

A.  

Scans and probes

B.  

Malicious Code

C.  

Denial of service

D.  

Distributed denial of service

Discussion 0
Questions 6

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for

disabling a service?

Options:

A.  

$ sudo system-ctl disable [service]

B.  

$ sudo systemctl disable [service]

C.  

$ sudo system.ctl disable [service]

D.  

$ sudo system ctl disable [service]

Discussion 0
Questions 7

Identify the correct statements regarding a DMZ zone:

Options:

A.  

It is a file integrity monitoring mechanism

B.  

It is a Neutral zone between a trusted network and an untrusted network

C.  

It serves as a proxy

D.  

It includes sensitive internal servers such as database servers

Discussion 0
Questions 8

You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile

users working from laptops on Windows 8. Last week 10 of your company's laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information. While

doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information. What built-in Windows feature could you have implemented to protect the

sensitive information on these laptops?

Options:

A.  

You should have used 3DES.

B.  

You should have implemented the Distributed File System (DFS).

C.  

If you would have implemented Pretty Good Privacy (PGP).

D.  

You could have implemented the Encrypted File System (EFS)

Discussion 0
Questions 9

A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0. What IP address class is the network range a part of?

Options:

A.  

Class C

B.  

Class A

C.  

Class B

D.  

Class D

Discussion 0
Questions 10

Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this

source address signify?

Options:

A.  

This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.

B.  

This source address is IPv6 and translates as 13.1.68.3

C.  

This source address signifies that the originator is using 802dot1x to try and penetrate into Frank's network

D.  

This means that the source is using IPv4

Discussion 0
Questions 11

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what

command should he execute?

Options:

A.  

# update-rc.d -f [service name] remove

B.  

# service [service name] stop

C.  

# ps ax | grep [Target Process]

D.  

# kill -9 [PID]

Discussion 0
Questions 12

Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of

incident in the plan. Unsuccessful scans and probes are at what severity level?

Options:

A.  

Extreme severity level

B.  

Low severity level

C.  

Mid severity level

D.  

High severity level

Discussion 0
Questions 13

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. Which step should Malone list as the last step in the incident response methodology?

Options:

A.  

Malone should list a follow-up as the last step in the methodology

B.  

Recovery would be the correct choice for the last step in the incident response methodology

C.  

He should assign eradication to the last step.

D.  

Containment should be listed on Malone's plan for incident response.

Discussion 0
Questions 14

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal

advice to defend them against this allegation.

Options:

A.  

Evidence Manager

B.  

Incident Handler

C.  

Attorney

D.  

PR Specialist

Discussion 0
Questions 15

Syslog and SNMP are the two main _______ protocols through which log records are transferred.

Options:

A.  

Pull-based

B.  

Push-based

C.  

Host-based

D.  

Network-based

Discussion 0
Questions 16

Based on which of the following registry key, the Windows Event log audit configurations are recorded?

Options:

A.  

HKEY_LOCAL_MACHINE\SYSTEM\Services\EventLog\ < ErrDev >

B.  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EventLog\ < EntAppsvc >

C.  

HKEY_LOCAL_MACHINE\CurrentControlSet\Services\EventLog\< ESENT >

D.  

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ < Event Log >

Discussion 0
Questions 17

A company wants to implement a data backup method which allows them to encrypt the data ensuring its security as well as access at any time and from any location. What is the appropriate backup method that

should be implemented?

Options:

A.  

Onsite backup

B.  

Hot site backup

C.  

Offsite backup

D.  

Cloud backup

Discussion 0
Questions 18

Larry is responsible for the company's network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because

it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server

outside of the company's internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls. What

logical area is Larry putting the new email server into?

Options:

A.  

He is going to place the server in a Demilitarized Zone (DMZ)

B.  

He will put the email server in an IPsec zone.

C.  

Larry is going to put the email server in a hot-server zone.

D.  

For security reasons, Larry is going to place the email server in the company's Logical Buffer Zone (LBZ).

Discussion 0
Questions 19

John is a senior network security administrator working at a multinational company. He wants to block specific syscalls from being used by container binaries. Which Linux kernel feature restricts actions

within the container?

Options:

A.  

Cgroups

B.  

LSMs

C.  

Seccomp

D.  

Userns

Discussion 0
Questions 20

David is working in a mid-sized IT company. Management asks him to suggest a framework that can be used effectively to align the IT goals to the business goals of the company. David suggests the______framework,

as it provides a set of controls over IT and consolidates them to form a framework.

Options:

A.  

RMIS

B.  

ITIL

C.  

ISO 27007

D.  

COBIT

Discussion 0
Questions 21

How is a “risk” represented?

Options:

A.  

Asset + threat

B.  

Motive (goal) + method

C.  

Asset + threat + vulnerability

D.  

Motive (goal) + method + vulnerability

Discussion 0
Questions 22

Which of the following is true regarding any attack surface?

Options:

A.  

Decrease in vulnerabilities decreases the attack surface

B.  

Increase in vulnerabilities decreases the attack surface

C.  

Decrease in risk exposures increases the attack surface

D.  

Decrease in vulnerabilities increases the attack surface

Discussion 0
Questions 23

Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when

deciding on the appropriate backup medium?

Options:

A.  

Capability

B.  

Accountability

C.  

Extensibility

D.  

Reliability

Discussion 0
Questions 24

Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With

suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic

normally recorded by the IDS. What type of detection is this network-based IDS system using?

Options:

A.  

This network-based IDS system is using anomaly detection.

B.  

This network-based IDS system is using dissimilarity algorithms.

C.  

This system is using misuse detection.

D.  

This network-based IDS is utilizing definition-based detection.

Discussion 0
Questions 25

Frank is a network technician working for a medium-sized law firm in Memphis. Frank and two other IT employees take care of all the technical needs for the firm. The firm's partners have asked that a secure wireless

network be implemented in the office so employees can move about freely without being tied to a network cable. While Frank and his colleagues are familiar with wired Ethernet technologies, 802.3, they are not familiar

with how to setup wireless in a business environment. What IEEE standard should Frank and the other IT employees follow to become familiar with wireless?

Options:

A.  

The IEEE standard covering wireless is 802.9 and they should follow this.

B.  

802.7 covers wireless standards and should be followed

C.  

They should follow the 802.11 standard

D.  

Frank and the other IT employees should follow the 802.1 standard.

Discussion 0
Questions 26

An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then

upload this file into the cracking application that runs against the user accounts. Which of the following password cracking techniques is the attacker trying?

Options:

A.  

Bruteforce

B.  

Rainbow table

C.  

Hybrid

D.  

Dictionary

Discussion 0