March Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certified Network Defender (CND) Question and Answers

Certified Network Defender (CND)

Last Update Mar 28, 2024
Total Questions : 230

We are offering FREE 312-38 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 312-38 free exam questions and then go for complete pool of Certified Network Defender (CND) test questions that will help you more.

312-38 pdf

312-38 PDF

$35  $99.99
312-38 Engine

312-38 Testing Engine

$42  $119.99
312-38 PDF + Engine

312-38 PDF + Testing Engine

$56  $159.99
Questions 1

David is working in a mid-sized IT company. Management asks him to suggest a framework that can be used effectively to align the IT goals to the business goals of the company. David suggests the______framework,

as it provides a set of controls over IT and consolidates them to form a framework.

Options:

A.  

RMIS

B.  

ITIL

C.  

ISO 27007

D.  

COBIT

Discussion 0
Questions 2

Which of the Windows security component is responsible for controlling access of a user to Windows resources?

Options:

A.  

Network Logon Service (Netlogon)

B.  

Security Accounts Manager (SAM)

C.  

Security Reference Monitor (SRM)

D.  

Local Security Authority Subsystem (LSASS)

Discussion 0
Questions 3

Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

Options:

A.  

IsEncrypted Enabled

B.  

NeverEncrypted disabled

C.  

Allow Encrypted

D.  

Always Encrypted

Discussion 0
Questions 4

Which category of suspicious traffic signatures includes SYN flood attempts?

Options:

A.  

Informational

B.  

Denial of Service

C.  

Reconnaissance

D.  

Unauthorized access

Discussion 0
Questions 5

James was inspecting ARP packets in his organization's network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are

originating. Which type of attack is James analyzing?

Options:

A.  

ARP Sweep

B.  

ARP misconfiguration

C.  

ARP spoofinq

D.  

ARP Poisioning

Discussion 0
Questions 6

Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when

deciding on the appropriate backup medium?

Options:

A.  

Capability

B.  

Accountability

C.  

Extensibility

D.  

Reliability

Discussion 0
Questions 7

Tom works as a network administrator in a multinational organization having branches across North America and Europe. Tom wants to implement a storage technology that can provide centralized data storage and

provide free data backup on the server. He should be able to perform data backup and recovery more efficiently with the selected technology. Which of the following storage technologies best suits Tom's requirements?

Options:

A.  

DAS

B.  

PAS

C.  

RAID

D.  

NAS

Discussion 0
Questions 8

Identity the method involved in purging technique of data destruction.

Options:

A.  

Incineration

B.  

Overwriting

C.  

Degaussing

D.  

Wiping

Discussion 0
Questions 9

Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of

incident in the plan. Unsuccessful scans and probes are at what severity level?

Options:

A.  

High severity level

B.  

Extreme severity level

C.  

Mid severity level

D.  

Low severity level

Discussion 0
Questions 10

Which of the following helps in viewing account activity and events for supported services made by AWS?

Options:

A.  

AWS CloudFormation

B.  

AWS Certificate Manager

C.  

AWS CloudHSM

D.  

AWS CloudTrial

Discussion 0
Questions 11

Who is responsible for conveying company details after an incident?

Options:

A.  

PR specialist

B.  

IR officer

C.  

IR manager

D.  

IR custodians

Discussion 0
Questions 12

Which firewall technology provides the best of both packet filtering and application-based filtering and is used in Cisco Adaptive Security Appliances?

Options:

A.  

VPN

B.  

Stateful multilayer inspection

C.  

Application level gateway

D.  

Network address translation

Discussion 0
Questions 13

Which among the following tools can help in identifying IoEs to evaluate human attack surface?

Options:

A.  

securiCAD

B.  

Amass

C.  

Skybox

D.  

SET

Discussion 0
Questions 14

How is an “attack” represented?

Options:

A.  

Motive (goal) + method

B.  

Motive (goal) + method + vulnerability

C.  

Asset + Threat + Vulnerability

D.  

Asset + Threat

Discussion 0
Questions 15

The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager

talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed. What is/are the reason(s) Alex is suggesting that James use a differential backup?

(Select all that apply)

Options:

A.  

Less storage space is required

B.  

Father restoration

C.  

Slower than a full backup

D.  

Faster than a full backup

E.  

Less expensive than full backup

Discussion 0
Questions 16

Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

Options:

A.  

Use firewalls in Network Address Transition (NAT) mode

B.  

Implement IPsec

C.  

Implement Simple Network Management Protocol (SNMP)

D.  

Use Network Time Protocol (NTP)

Discussion 0
Questions 17

If there is a fire incident caused by an electrical appliance short-circuit, which fire suppressant should be used to control it?

Options:

A.  

Water

B.  

Wet chemical

C.  

Dry chemical

D.  

Raw chemical

Discussion 0
Questions 18

You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations

to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From

your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?

Options:

A.  

The best solution to cover the needs of this company would be a HIDS device.

B.  

A NIDS device would work best for the company

C.  

You are suggesting a NIPS device

D.  

A HIPS device would best suite this company

Discussion 0
Questions 19

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal

advice to defend them against this allegation.

Options:

A.  

Evidence Manager

B.  

Incident Handler

C.  

Attorney

D.  

PR Specialist

Discussion 0
Questions 20

Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.

Options:

A.  

FHSS

B.  

DSSS

C.  

OFDM

D.  

ISM

Discussion 0
Questions 21

Bryson is the IT manager and sole IT employee working for a federal agency in California. The agency was just given a grant and was able to hire on 30 more employees for a new extended project. Because of this,

Bryson has hired on two more IT employees to train up and work. Both of his new hires are straight out of college and do not have any practical IT experience. Bryson has spent the last two weeks teaching the new

employees the basics of computers, networking, troubleshooting techniques etc. To see how these two new hires are doing, he asks them at what layer of the OSI model do Network Interface Cards (NIC) work on. What

should the new employees answer?

Options:

A.  

NICs work on the Session layer of the OSI model.

B.  

The new employees should say that NICs perform on the Network layer.

C.  

They should tell Bryson that NICs perform on the Physical layer

D.  

They should answer with the Presentation layer.

Discussion 0
Questions 22

Who is responsible for executing the policies and plans required for supporting the information technology and computer systems of an organization?

Options:

A.  

Senior management

B.  

IT security practitioners

C.  

Business and functional managers

D.  

Chief Information Officer (CIO)

Discussion 0
Questions 23

Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities. What type of network security approach is Daniel adopting?

Options:

A.  

Preventative

B.  

Reactive

C.  

Retrospective

D.  

Defense-in-depth

Discussion 0
Questions 24

Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?

Options:

A.  

Response

B.  

Recovery

C.  

Resumption

D.  

Restoration

Discussion 0
Questions 25

A local bank wants to protect their card holder data. The bank should comply with the________standard to ensure the security of card holder data.

Options:

A.  

HIPAA

B.  

ISEC

C.  

PCI DSS

D.  

SOAX

Discussion 0
Questions 26

Which IEEE standard does wireless network use?

Options:

A.  

802.11

B.  

802.18

C.  

802.9

D.  

802.10

Discussion 0
Questions 27

Which type of firewall consists of three interfaces and allows further subdivision of the systems based on specific security objectives of the organization?

Options:

A.  

Screened subnet

B.  

Bastion host

C.  

Unscreened subnet

D.  

Multi-homed firewall

Discussion 0
Questions 28

Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?

Options:

A.  

Application sandboxing

B.  

Deployment of WAFS

C.  

Application whitelisting

D.  

Application blacklisting

Discussion 0
Questions 29

Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?

Options:

A.  

Indicators of attack

B.  

Key risk indicators

C.  

Indicators of exposure

D.  

Indicators of compromise

Discussion 0
Questions 30

If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company’s Linux systems, which directory should he access?

Options:

A.  

/etc/logrotate.conf

B.  

/etc/hosts.allow

C.  

/etc/crontab

D.  

/etc/login.defs

Discussion 0
Questions 31

James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company

schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email

encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails. What should James use?

Options:

A.  

James could use PGP as a free option for encrypting the company's emails.

B.  

James should utilize the free OTP software package.

C.  

James can use MD5 algorithm to encrypt all the emails

D.  

James can enforce mandatory HTTPS in the email clients to encrypt emails

Discussion 0
Questions 32

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend

them against this allegation.

Options:

A.  

PR Specialist

B.  

Attorney

C.  

Incident Handler

D.  

Evidence Manager

Discussion 0
Questions 33

Which of the following network monitoring techniques requires extra monitoring software or hardware?

Options:

A.  

Non-router based

B.  

Switch based

C.  

Hub based

D.  

Router based

Discussion 0
Questions 34

James wants to implement certain control measures to prevent denial-of-service attacks against the organization. Which of the following control measures can help James?

Options:

A.  

Strong passwords

B.  

Reduce the sessions time-out duration for the connection attempts

C.  

A honeypot in DMZ

D.  

Provide network-based anti-virus

Discussion 0
Questions 35

Which of the following acts as a verifier for the certificate authority?

Options:

A.  

Certificate Management system

B.  

Certificate authority

C.  

Directory management system

D.  

Registration authority

Discussion 0
Questions 36

Identify the type of event that is recorded when an application driver loads successfully in Windows.

Options:

A.  

Success Audit

B.  

Error

C.  

Warning

D.  

Information

Discussion 0
Questions 37

A local bank wants to protect their cardholder data. Which standard should the bark comply with in order to ensure security of this data?

Options:

A.  

GDPR

B.  

HIPAA

C.  

SOX

D.  

PCI DSS

Discussion 0
Questions 38

Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?

Options:

A.  

ISO/IEC 27004

B.  

ISO/IEC 27002

C.  

ISO/IEC 27006

D.  

ISO/IEC 27005

Discussion 0
Questions 39

Henry needs to design a backup strategy for the organization with no service level downtime. Which backup method will he select?

Options:

A.  

Normal backup

B.  

Warm backup

C.  

Hot backup

D.  

Cold backup

Discussion 0
Questions 40

Richard has been working as a Linux system administrator at an MNC. He wants to maintain a productive and secure environment by improving the performance of the systems through Linux patch management. Richard is using Ubuntu and wants to patch the Linux systems manually. Which among the following command installs updates (new ones) for Debun based Linux OSes?

Options:

A.  

sudo apt-get dist-upgrade

B.  

sudo apt-get update

C.  

sudo apt-get dist-update

D.  

sudo apt-get upgrate

Discussion 0
Questions 41

In ______ method, event logs are arranged in the form of a circular buffer.

Options:

A.  

Non-wrapping method

B.  

LIFO method

C.  

Wrapping method

D.  

FIFO method

Discussion 0
Questions 42

Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?

Options:

A.  

Contain the damage

B.  

Disconnect the five infected devices from the network

C.  

Inform the IRT about the incident and wait for their response

D.  

Inform everybody in the organization about the attack

Discussion 0
Questions 43

How is a “risk” represented?

Options:

A.  

Asset + threat

B.  

Motive (goal) + method

C.  

Asset + threat + vulnerability

D.  

Motive (goal) + method + vulnerability

Discussion 0
Questions 44

John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

Options:

A.  

DMZ

B.  

Proxies

C.  

VPN

D.  

NAT

Discussion 0
Questions 45

Which of the following technologies can be used to leverage zero-trust model security?

Options:

A.  

Software defined networking (SDN)

B.  

Network function visualization (NFV)

C.  

Network visualization (NV)

D.  

Software defined perimeter (SDP)

Discussion 0
Questions 46

Which of the following data security technology can ensure information protection by obscuring specific areas of information?

Options:

A.  

Data encryption

B.  

Data hashing

C.  

Data masking

D.  

Data retention

Discussion 0
Questions 47

Which of the information below can be gained through network sniffing? (Select all that apply)

Options:

A.  

Telnet Passwords

B.  

Syslog traffic

C.  

DNS traffic

D.  

Programming errors

Discussion 0
Questions 48

How is application whitelisting different from application blacklisting?

Options:

A.  

It allows all applications other than the undesirable applications

B.  

It allows execution of trusted applications in a unified environment

C.  

It allows execution of untrusted applications in an isolated environment

D.  

It rejects all applications other than the allowed applications

Discussion 0
Questions 49

John is working as a network defender at a well-reputed multinational company. He wanted to implement security that can help him identify any future attacks that can be targeted toward his organization and

take appropriate security measures and actions beforehand to defend against them. Which one of the following security defense techniques should be implement?

Options:

A.  

Reactive security approach

B.  

Retrospective security approach

C.  

Proactive security approach

D.  

Preventive security approach

Discussion 0
Questions 50

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

Options:

A.  

Proactive approach

B.  

Retrospective approach

C.  

Preventive approach

D.  

Reactive approach

Discussion 0
Questions 51

Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and out of the

network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets. What is this

type of server called?

Options:

A.  

Bastion host

B.  

Edge transport server

C.  

SOCKS hsot

D.  

Session layer firewall

Discussion 0
Questions 52

Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this

source address signify?

Options:

A.  

This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.

B.  

This source address is IPv6 and translates as 13.1.68.3

C.  

This source address signifies that the originator is using 802dot1x to try and penetrate into Frank's network

D.  

This means that the source is using IPv4

Discussion 0
Questions 53

John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router. Which command will John use to enable NetFlow on

an interface?

Options:

A.  

Router(Config-if) # IP route - cache flow

B.  

Router# Netmon enable

C.  

Router IP route

D.  

Router# netflow enable

Discussion 0
Questions 54

An administrator wants to monitor and inspect large amounts of traffic and detect unauthorized attempts from inside the organization, with the help of an IDS. They are not able to

recognize the exact location to deploy the IDS sensor. Can you help him spot the location where the IDS sensor should be placed?

Options:

A.  

Location 2

B.  

Location 3

C.  

Location 4

D.  

Location 1

Discussion 0
Questions 55

What defines the maximum time period an organization is willing to lose data during a major IT outage event?

Options:

A.  

BC

B.  

RTO

C.  

DR

D.  

RPO

Discussion 0
Questions 56

Who offers formal experienced testimony in court?

Options:

A.  

Incident analyzer

B.  

Evidence documenter

C.  

Expert witness

D.  

Attorney

Discussion 0
Questions 57

Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?

Options:

A.  

Hash rule

B.  

Path rule

C.  

Internet zone rule

D.  

Certificate rule

Discussion 0
Questions 58

Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented.

What is the correct hierarchy for a security policy implementation?

Options:

A.  

Laws, Policies, Regulations, Procedures and Standards

B.  

Regulations, Policies, Laws, Standards and Procedures

C.  

Laws, Regulations, Policies, Standards and Procedures

D.  

Procedures, Policies, Laws, Standards and Regulations

Discussion 0
Questions 59

The network admin decides to assign a class B IP address to a host in the network. Identify which of the following addresses fall within a class B IP address range.

Options:

A.  

255.255.255.0

B.  

18.12.4.1

C.  

172.168.12.4

D.  

169.254.254.254

Discussion 0
Questions 60

How can a WAF validate traffic before it reaches a web application?

Options:

A.  

It uses a role-based filtering technique

B.  

It uses an access-based filtering technique

C.  

It uses a sandboxing filtering technique

D.  

It uses a rule-based filtering technique

Discussion 0
Questions 61

The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident.

Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)

Options:

A.  

Complying with the company's security policies

B.  

Implementing strong authentication schemes

C.  

Implementing a strong password policy

D.  

Install antivirus software

Discussion 0
Questions 62

What enables an organization to analyze, identify, and rectify hazards and prevent future recurrence in business continuity management?

Options:

A.  

Business recovery

B.  

Crisis management

C.  

Incident management

D.  

Emergency management

Discussion 0
Questions 63

Identify the correct statements regarding a DMZ zone:

Options:

A.  

It is a file integrity monitoring mechanism

B.  

It is a Neutral zone between a trusted network and an untrusted network

C.  

It serves as a proxy

D.  

It includes sensitive internal servers such as database servers

Discussion 0
Questions 64

Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main

nodes fail?

Options:

A.  

Failure of the main node affects all other child nodes at the same level irrespective of the main node.

B.  

Does not cause any disturbance to the child nodes or its tranmission

C.  

Failure of the main node will affect all related child nodes connected to the main node

D.  

Affects the root node only

Discussion 0
Questions 65

Alex is administrating the firewall in the organization's network. What command will he use to check the ports applications open?

Options:

A.  

Netstat -an

B.  

Netstat -o

C.  

Netstat -a

D.  

Netstat -ao

Discussion 0
Questions 66

------------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

Options:

A.  

802.15

B.  

802.16

C.  

802.15.4

D.  

802.12

Discussion 0
Questions 67

Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie

to do so?

Options:

A.  

Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol

B.  

Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

C.  

Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol

D.  

Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol

Discussion 0
Questions 68

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for

disabling a service?

Options:

A.  

$ sudo system-ctl disable [service]

B.  

$ sudo systemctl disable [service]

C.  

$ sudo system.ctl disable [service]

D.  

$ sudo system ctl disable [service]

Discussion 0
Questions 69

Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and

communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization.

Options:

A.  

Hybrid virtualization

B.  

Hardware-assisted virtualization

C.  

Full virtualization

D.  

Para virtualization

Discussion 0