https://www.certbus.com/312-38.

html
2022 Latest certbus 312-38 PDF and VCE dumps Download

312-38Q&As
EC-Council Network Security Administrator

Pass EC-COUNCIL 312-38 Exam with 100%

Guarantee

Free Download Real Questions & Answers PDF and VCE file from:

https://www.certbus.com/312-38.html

100% Passing Guarantee

100% Money Back Assurance

Following Questions and Answers are all new published by EC-

COUNCIL Official Exam Center

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 1/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

QUESTION 1

Which of the following is an electronic device that helps in forwarding data packets along networks?

A. Router

B. Hub

C. Repeater

D. Gateway

Correct Answer: A

QUESTION 2

Which of the following RAID storage techniques divides the data into multiple blocks, which are further written across
the RAID system?

A. Striping

B. None of these

C. Parity

D. Mirroring

Correct Answer: A

QUESTION 3

The attacks are classified as which of the following? Each correct answer represents a complete solution. Choose all
that apply.

A. replay attack

B. active attack

C. session hijacking

D. passive attack

Correct Answer: BD

QUESTION 4

Which type of wireless network attack is characterized by an attacker using a high gain amplifier from a nearby location
to drown out the legitimate access point signal?

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 2/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

A. Rogue access point attack

B. Ad Hoc Connection attack

C. Jamming signal attack

D. Unauthorized association

Correct Answer: C

QUESTION 5

Which of the following are the six different phases of the Incident handling process? Each correct answer represents a
complete solution. Choose all that apply.

A. Containment

B. Identification

C. Post mortem review

D. Preparation

E. Lessons learned

F. Recovery

G. Eradication

Correct Answer: ABDEFG

Following are the six different phases of the Incident handling process: 1.Preparation: Preparation is the first step in the
incident handling process. It includes processes like backing up copies of all key data on a regular basis, monitoring and
updating software on a regular basis, and creating and implementing a documented security policy. To apply this step a
documented security policy is formulated that outlines the responses to various incidents, as a reliable set of instructions
during the time of an incident. The following list contains items that the incident handler should maintain in the
preparation phase i.e. before an incident occurs: Establish applicable policies Build relationships with key players Build
response kit Create incident checklists Establish communication plan Perform threat modeling Build an incident
response team Practice the demo incidents 2.Identification: The Identification phase of the Incident handling process is
the stage at which the Incident handler evaluates the critical level of an incident for an enterprise or system. It is an
important stage where the distinction between an event and an incident is determined, measured and tested.
3.Containment: The Containment phase of the Incident handling process supports and builds up the incident combating
process. It helps in ensuring the stability of the system and also confirms that the incident does not get any worse.
4.Eradication: The Eradication phase of the Incident handling process involves the cleaning-up of the identified harmful
incidents from the system. It includes the analyzing of the information that has been gathered for determining how the
attack was committed. To prevent the incident from happening again, it is vital to recognize how it was conceded out so
that a prevention technique is applied. 5.Recovery: Recovery is the fifth step of the incident handling process. In this
phase, the Incident Handler places the system back into the working environment. In the recovery phase the Incident
Handler also works with the questions to validate that the system recovery is successful. This involves testing the
system to make sure that all the processes and functions are working normal. The Incident Handler also monitors the
system to make sure that the systems are not compromised again. It looks for additional signs of attack. 6.Lessons
learned: Lessons learned is the sixth and the final step of incident handling process. The Incident Handler utilizes the
knowledge and experience he learned during the handling of the incident to enhance and improve the incident-handling
process. This is the most ignorant step of all incident handling processes. Many times the Incident Handlers are relieved
to have systems back to normal and get busy trying to catch up other unfinished work. The Incident Handler should

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 3/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

make documents related to the incident or look for ways to improve the process. Answer option C is incorrect. The post
mortem review is one of the phases of the Incident response process.

QUESTION 6

What is the response of an Xmas scan if a port is either open or filtered?

A. RST

B. No response

C. FIN

D. PUSH

Correct Answer: B

QUESTION 7

Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

A. Pipe model

B. Hose model

C. AAA model

D. Hub-and-Spoke VPN model

Correct Answer: A

QUESTION 8

Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?

A. Verification

B. Mitigation

C. Remediation

D. Assessment

Correct Answer: C

QUESTION 9

Which type of wireless network threats an attacker stakes out the area from a nearby location with a high gain amplifier
drowning out the legitimate access point?

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 4/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

A. Rogue access point attack

B. Jamming signal attack

C. Ad Hoc Connection attack

D. Unauthorized association

Correct Answer: B

QUESTION 10

Which of the following is a network analysis tool that sends packets with nontraditional IP stack parameters?

A. Nessus

B. COPS

C. SAINT

D. HPing

Correct Answer: D

QUESTION 11

Fill in the blank with the appropriate term. The model is a description framework for computer network protocols and is
sometimes called the Internet Model or the DoD Model.

Correct Answer: TCP/IP

The TCP/IP model is a description framework for computer network protocols. It describes a set of general design
guidelines and implementations of specific networking protocols to enable computers to communicate over a network.
TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and
received at the destination. Protocols exist for a variety of different types of communication services between
computers. The TCP/ IP Model is sometimes called the Internet Model or the DoD Model. The TCP/IP model has four
unique layers as shown in the image. This layer architecture is often compared with the seven-layer OSI Reference
Model. The TCP/IP model

and related protocols are maintained by the Internet Engineering Task Force (IETF).

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 5/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

QUESTION 12

Which of the following policies is used to add additional information about the overall security posture and serves to
protect employees and organizations from inefficiency or ambiguity?

A. User policy

B. Group policy

C. Issue-Specific Security Policy

D. IT policy

Correct Answer: C

The Issue-Specific Security Policy (ISSP) is used to add additional information about the overall security posture. It
helps in providing detailed, targeted guidance for instructing organizations in the secure use of tech systems. This policy
serves to protect employees and organizations from inefficiency or ambiguity. Answer option A is incorrect. A user policy
helps in defining what users can and should do to use network and organization\\'s computer equipment. It also defines
what limitations are put on users for maintaining the network secure such as whether users can install programs on their
workstations, types of programs users are using, and how users can access data. Answer option D is incorrect. IT policy
includes general policies for the IT department. These policies are intended to keep the network secure and stable. It
includes the following: Virus incident and security incident Backup policy Client update policies Server configuration,
patch update, and modification policies (security) Firewall policies, Dmz policy, email retention, and auto forwarded
email policy Answer option B is incorrect. A group policy specifies how programs, network resources, and the operating
system work for users and computers in an organization.

QUESTION 13

Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny
getting email notifications or any other communication, she mandates authentication before a connection establishment
or message transfer occurs. What fundamental attribute of network defense is she enforcing?

A. Integrity

B. Non-repudiation

C. Confidentiality

D. Authentication

Correct Answer: B

QUESTION 14

Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans
and other suspicious traffic?

A. PSAD

B. Hping

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 6/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

C. NetRanger

D. Nmap

Correct Answer: A

PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other
suspicious traffic. It includes many signatures from the IDS to detect probes for various backdoor programs such as
EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS). If it is
combined with fwsnort and the Netfilter string match extension, it detects most of the attacks described in the Snort rule
set that involve application layer data. Answer option C is incorrect. NetRanger is the complete network configuration
and information toolkit that includes the following tools: Ping tool, Trace Route tool, Host Lookup tool, Internet time
synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple POP3 mail accounts tool,
manage dialup connections tool, Quote of the day tool, and monitor Network Settings tool. These tools are integrated in
order to use an application interface with full online help. NetRanger is designed for both new and experienced users.
This tool is used to help diagnose network problems and to get information about users, hosts, and networks on the
Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection technologies in order to
be very fast and efficient. Answer option D is incorrect. Nmap is a free open-source utility for network exploration and
security auditing. It is used to discover computers and services on a computer network, thus creating a "map" of the
network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may
be able to determine various details about the remote computers. These include operating system, device type, uptime,
software product used to run a service, exact version number of that product, presence of some firewall techniques and,
on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows, etc.

QUESTION 15

Fill in the blank with the appropriate term. is the use of sensitive words in e-mails to jam the authorities that listen in on
them by providing a form of a red herring and an intentional annoyance.

Correct Answer: Email jamming

Email jamming is the use of sensitive words in e-mails to jam the authorities that listen in on them by providing a form of
a red herring and an intentional annoyance. In this attack, an attacker deliberately includes "sensitive" words and
phrases in otherwise innocuous emails to ensure that these are picked up by the monitoring systems. As a result the
senders of these emails will eventually be added to a "harmless" list and their emails will be no longer intercepted,
hence it will allow them to regain some privacy.

Latest 312-38 Dumps 312-38 Practice Test 312-38 Study Guide

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 7/8
 https://www.certbus.com/312-38.html
2022 Latest certbus 312-38 PDF and VCE dumps Download

To Read the Whole Q&As, please purchase the Complete Version from Our website.

Try our product !

100% Guaranteed Success

100% Money Back Guarantee
365 Days Free Update
Instant Download After Purchase
24x7 Customer Support
Average 99.9% Success Rate
More than 800,000 Satisfied Customers Worldwide
Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle

We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications.
You can view Vendor list of All Certification Exams offered:

https://www.certbus.com/allproducts

Need Help
Please provide as much detail as possible so we can best assist you.
To update a previously submitted ticket:

Any charges made through this site will appear as Global Simulators Limited.
All trademarks are the property of their respective owners.
Copyright © certbus, All Rights Reserved.

Latest 312-38 Dumps | 312-38 Practice Test | 312-38 Study Guide 8/8

Powered by TCPDF (www.tcpdf.org)