Get New 2022 Valid Practice Certified Ethical Hacker 312-38 Q&A - Testing Engine [Q50-Q67]

Share

Get New 2022 Valid Practice Certified Ethical Hacker 312-38 Q&A - Testing Engine

312-38 Dumps PDF - 100% Passing Guarantee


Final Thoughts

With the recent technological advancements, computer networks are no longer the simple connection of servers and systems managed by network administrators they used to be. They are complex infrastructures that have reduced the globe to a small village. But with this comes the consistent threat of digital attacks. To evade such incidents, most of the independent certification vendors such as the EC-Council are moving ahead of time to create certification paths to validate security experts who can act as the last line of defense against security incidents. Well, if getting a job in this path makes sense to you, check out the EC-Council Certified Network Defender designation alongside 312-38 evaluation. Simply put, it is a rewarding career track, to say the least.

 

NEW QUESTION 50
A company has the right to monitor the activities of their employees on different information systems according to the _______policy.

  • A. Internet usage
  • B. Confidential data
  • C. Information system
  • D. User access control

Answer: D

 

NEW QUESTION 51
In an Ethernet peer-to-peer network, which of the following cables is used to connect two computers, using RJ-
45 connectors and Category-5 UTP cable?

  • A. Serial
  • B. Crossover
  • C. Parallel
  • D. Loopback

Answer: B

Explanation:
In an Ethernet peer-to-peer network, a crossover cable is used to connect two computers, using RJ-45 connectors and Category-5 UTP cable. Answer options C and B are incorrect. Parallel and serial cables do not use RJ-45 connectors and Category-5 UTP cable. Parallel cables are used to connect printers, scanners etc., to computers, whereas serial cables are used to connect modems, digital cameras etc., to computers.
Answer option A is incorrect. A loopback cable is used for testing equipments.

 

NEW QUESTION 52
This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
This tool is known as __________.

  • A. Kismet
  • B. NetStumbler
  • C. THC-Scan
  • D. Absinthe

Answer: B

Explanation:
NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the
IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:
a.War driving
b.Detecting unauthorized access points
c.Detecting causes of interference on a WLAN
d.WEP ICV error tracking
e.Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer,
and intrusion detection system.
Answer option C is incorrect. THC-Scan is a war-dialing tool.
Answer option B is incorrect. Absinthe is an automated SQL injection tool.

 

NEW QUESTION 53
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:
„It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys." Which of the following tools is John using to crack the wireless encryption keys?

  • A. PsPasswd
  • B. Kismet
  • C. Cain
  • D. AirSnort

Answer: D

Explanation:
AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.
Answer option C is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff
802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks:
To identify networks by passively collecting packets
To detect standard named networks
To detect masked networks
To collect the presence of non-beaconing networks via data traffic Answer option A is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer option B is incorrect. PsPasswd is a tool that helps Network Administrators change an account password on the local or remote system. The command syntax of PsPasswd is as follows:
pspasswd [\\computer[,computer[,..] | @file [-u user [-p psswd]] Username [NewPassword]

 

NEW QUESTION 54
Which of the following OSI layers is sometimes called the syntax layer?

  • A. Data link layer
  • B. Application layer
  • C. Physical layer
  • D. Presentation layer

Answer: D

 

NEW QUESTION 55
Which of the following policies is used to add additional information about the overall security posture and serves to protect employees and organizations from inefficiency or ambiguity?

  • A. Issue-Specific Security Policy
  • B. User policy
  • C. IT policy
  • D. Group policy

Answer: A

Explanation:
The Issue-Specific Security Policy (ISSP) is used to add additional information about the overall security posture. It helps in providing detailed, targeted guidance for instructing organizations in the secure use of tech systems. This policy serves to protect employees and organizations from inefficiency or ambiguity. Answer option A is incorrect. A user policy helps in defining what users can and should do to use network and organization's computer equipment. It also defines what limitations are put on users for maintaining the network secure such as whether users can install programs on their workstations, types of programs users are using, and how users can access data. Answer option D is incorrect. IT policy includes general policies for the IT department. These policies are intended to keep the network secure and stable. It includes the following: Virus incident and security incident Backup policy Client update policies Server configuration, patch update, and modification policies (security) Firewall policiesDmz policy, email retention, and auto forwarded email policy Answer option B is incorrect. A group policy specifies how programs, network resources, and the operating system work for users and computers in an organization.

 

NEW QUESTION 56
Which of the following is a process that detects a problem, determines its cause, minimizes the damages, resolves the problem, and documents each step of response for future reference?

  • A. Incident planning
  • B. Incident response
  • C. Incident handling
  • D. Incident management

Answer: B

Explanation:
Incident response is a process that detects a problem, determines its cause, minimizes the damages, resolves the problem, and documents each step of response for future reference. One of the primary goals of incident response is to "freeze the scene". There is a close relationship between incident response, incident handling, and incident management. The primary goal of incident handling is to contain and repair any damage caused by an event and to prevent any further damage. Incident management manages the overall process of an incident by declaring the incident and preparing documentation and post-mortem reviews after the incident has occurred. Answer option B is incorrect. The primary goal of incident handling is to contain and repair any damage caused by an event and to prevent any further damage. Answer option C is incorrect. It manages the overall process of an incident by declaring the incident and preparing documentation and post-mortem reviews after the incident has occurred.
Answer option D is incorrect. This is an invalid option.

 

NEW QUESTION 57
Which of the following is a network point that acts as an entrance to another network?

  • A. Receiver
  • B. Hub
  • C. Bridge
  • D. Gateway

Answer: D

 

NEW QUESTION 58
Which of the following standards is an amendment to the original IEEE 802.11 and specifies security mechanisms for wireless networks?

  • A. 802.11i
  • B. 802.11e
  • C. 802.11a
  • D. 802.11b

Answer: A

Explanation:
802.11i is an amendment to the original IEEE 802.11. This standard specifies security mechanisms for wireless networks. It replaced the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, it deprecated the broken WEP. 802.11i supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher. Answer option D is incorrect. 802.11a is an amendment to the IEEE 802.11 specification that added a higher data rate of up to 54 Mbit/s using the 5 GHz band. It has seen widespread worldwide implementation, particularly within the corporate workspace. Using the 5 GHz band gives 802.11a a significant advantage, since the 2.4 GHz band is heavily used to the point of being crowded. Degradation caused by such conflicts can cause frequent dropped connections and degradation of service. Answer option A is incorrect. 802.11b is an amendment to the IEEE 802.11 specification that extended throughput up to 11 Mbit/s using the same 2.4 GHz band. This specification under the marketing name of Wi-Fi has been implemented all over the world. 802.11b is used in a point-tomultipoint configuration, wherein an access point communicates via an omni-directional antenna with one or more nomadic or mobile clients that are located in a coverage area around the access point. Answer option B is incorrect. The 802.11e standard is a proposed enhancement to the 802.11a and 802.11b wireless LAN (WLAN) specifications. It offers quality of service (QoS) features, including the prioritization of data, voice, and video transmissions. 802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time division multiple access (TDMA) construct, and adds error-correcting mechanisms for delay-sensitive applications such as voice and video.

 

NEW QUESTION 59
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

  • A. Netresident
  • B. NetWitness
  • C. Snort
  • D. Wireshark

Answer: D

Explanation:
Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a
free packet sniffer computer application. It is used for network troubleshooting, analysis, software
and communications protocol development, and education. Wireshark is very similar to tcpdump,
but it has a graphical front-end, and many more information sorting and filtering options. It allows
the user to see all traffic being passed over the network (usually an Ethernet network but support
is being added for others) by putting the network interface into promiscuous mode.
Wireshark uses pcap to capture packets, so it can only capture the packets on the networks
supported by pcap. It has the following features:
Data can be captured "from the wire" from a live network connection or read from a file that
records the already-captured packets.
Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP,
and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark. Captured files can be programmatically edited or converted via command-line switches to the "editcap" program. Data display can be refined using a display filter. Plugins can be created for dissecting new protocols. Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity. Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events and activities.

 

NEW QUESTION 60
Kyle is an IT technician managing 25 workstations and 4 servers. The servers run applications and mostly store confidential data. Kyle must backup the server's data daily to ensure nothing is lost. The power in the company's office is not always reliable, Kyle needs to make sure the servers do not go down or are without power for too long. Kyle decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters and converters to charge the battery and provides power when needed. What type of UPS has Kyle purchased?

  • A. He has bought a Standby UPS
  • B. He purchased a True Online UPS.
  • C. Kyle purchased a Ferro resonant Standby UPS.
  • D. Kyle purchased a Line-Interactive UPS

Answer: A

 

NEW QUESTION 61
Which of the following cables is made of glass or plastic and transmits signals in the form of light?

  • A. Fiber optic cable
  • B. Twisted pair cable
  • C. Coaxial cable
  • D. Plenum cable

Answer: A

Explanation:
Fiber optic cable is also known as optical fiber. It is made of glass or plastic and transmits signals in the form of light. It is of cylindrical shape and consists of three concentric sections: the core, the cladding, and the jacket.
Optical fiber carries much more information than conventional copper wire and is in general not subject to electromagnetic interference and the need to retransmit signals. Most telephone company's long-distance lines are now made of optical fiber. Transmission over an optical fiber cable requires repeaters at distance intervals.
The glass fiber requires more protection within an outer cable than copper.
Answer option B is incorrect. Twisted pair cabling is a type of wiring in which two conductors (the forward and return conductors of a single circuit) are twisted together for the purposes of canceling out electromagnetic interference (EMI) from external sources. It consists of the following twisted pair cables:
Shielded Twisted Pair: Shielded Twisted Pair (STP) is a special kind of copper telephone wiring used in some business installations. An outer covering or shield is added to the ordinary twisted pair telephone wires; the shield functions as a ground. Twisted pair is the ordinary copper wire that connects home and many business computers to the telephone company. Shielded twisted pair is often used in business installations. Unshielded Twisted Pair: Unshielded Twisted Pair (UTP) is the ordinary wire used in home. UTP cable is also the most common cable used in computer networking. Ethernet, the most common data networking standard, utilizes UTP cables. Twisted pair cabling is often used in data networks for short and medium length connections because of its relatively lower costs compared to optical fiber and coaxial cable.UTP is also finding increasing use in video applications, primarily in security cameras. Many middle to high-end cameras include a UTP output with setscrew terminals. This is made possible by the fact that UTP cable bandwidth has improved to match the baseband of television signals.
Answer option A is incorrect. Coaxial cable is the kind of copper cable used by cable TV companies between the community antenna and user homes and businesses. Coaxial cable is sometimes used by telephone companies from their central office to the telephone poles near users. It is also widely installed for use in business and corporation Ethernet and other types of local area network. Coaxial cable is called "coaxial" because it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. The outer channel serves as a ground.
Many of these cables or pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry information for a great distance. It is shown in the figure below:

Answer option C is incorrect. Plenum cable is cable that is laid in the plenum spaces of buildings. The plenum is the space that can facilitate air circulation for heating and air conditioning systems, by providing pathways for either heated/conditioned or return airflows. Space between the structural ceiling and the dropped ceiling or under a raised floor is typically considered plenum. However, some drop ceiling designs create a tight seal that does not allow for airflow and therefore may not be considered a plenum air-handling space. The plenum space is typically used to house the communication cables for the building's computer and telephone network.

 

NEW QUESTION 62
FILL BLANK
Fill in the blank with the appropriate term.
______________ is a prime example of a high-interaction honeypot.

Answer:

Explanation:
Honeynet
Explanation:
Honeynet is a prime example of a high-interaction honeypot. Two or more honeypots on a network form a
honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one
honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of larger network
intrusion-detection systems. A honeyfarm is a centralized collection of honeypots and analysis tools.

 

NEW QUESTION 63
Which of the following is an attack on a website that changes the visual appearance of the site and seriously damages the trust and reputation of the website?

  • A. Zero-day attack
  • B. Website defacement
  • C. Spoofing
  • D. Buffer overflow

Answer: B

Explanation:
Website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a Web server and replace the hosted website with one of their own.Sometimes, the Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless; however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware. A high-profile website defacement was carried out on the website of the company SCO Group following its assertion that Linux contained stolen code. The title of the page was changed from Red Hat vs. SCO to SCO vs. World with various satirical content. Answer option D is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application. Answer option B is incorrect. A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. User awareness training is the most effective technique to mitigate such attacks. Answer option C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc.
because forging the source IP address causes the responses to be misdirected.

 

NEW QUESTION 64
Which of the following topologies is a type of physical network design where each computer in the network is connected to a central device through an unshielded twisted-pair (UTP) wire?

  • A. Mesh topology
  • B. Ring topology
  • C. Bus topology
  • D. Star topology

Answer: D

Explanation:
Star topology is a type of physical network design where each computer in the network is connected to a central device, called hub, through an unshielded twisted-pair (UTP) wire. Signals from the sending computer go to the hub and are then transmitted to all the computers in the network. Since each workstation has a separate connection to the hub, it is easy to troubleshoot. Currently, it is the most popular topology used for networks.
Star Topology:

Answer option A is incorrect. Mesh network topology is a type of physical network design where all devices in a network are connected to each other with many redundant connections. It provides multiple paths for the data traveling on the network to reach its destination. Mesh topology also provides redundancy in the network. It employs the full mesh and partial mesh methods to connect devices. In a full mesh topology network, each computer is connected to all the other computers. In a partial mesh topology network, some of the computers are connected to all the computers, whereas some are connected to only those computers with which they frequently exchange data.
Mesh Topology:

Answer option D is incorrect. Bus topology is a type of physical network design where all computers in the network are connected through a single coaxial cable known as bus. This topology uses minimum cabling and is therefore, the simplest and least expensive topology for small networks. In this topology, 50 ohm terminators terminate both ends of the network. A Bus topology network is difficult to troubleshoot, as a break or problem at any point along the cable can cause the entire network to go down.
Bus Topology:

Answer option C is incorrect. Ring topology is a type of physical network design where all computers in the network are connected in a closed loop. Each computer or device in a Ring topology network acts as a repeater. It transmits data by passing a token around the network in order to prevent the collision of data between two computers that want to send messages at the same time. If a token is free, the computer waiting to send data takes it, attaches the data and destination address to the token, and sends it. When the token reaches its destination computer, the data is copied. Then, the token gets back to the originator. The originator finds that the message has been copied and received and removes the message from the token. Now, the token is free and can be used by the other computers in the network to send data. In this topology, if one computer fails, the entire network goes down.
Ring Topology:

 

NEW QUESTION 65
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:

Which of the following tools is John using to crack the wireless encryption keys?

  • A. PsPasswd
  • B. Kismet
  • C. Cain
  • D. AirSnort

Answer: D

Explanation:
AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer option B is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks To collect the presence of non-beaconing networks via data traffic Answer option D is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks: Dictionary attack Brute force attack Rainbow attack Hybrid attack Answer option A is incorrect. PsPasswd is a tool that helps Network Administrators change an account password on the local or remote system. The command syntax of PsPasswd is as follows: pspasswd [\\computer[,computer[,..] | @file [-u user [-p psswd]] Username [NewPassword]

 

NEW QUESTION 66
Which of the following is a computer network protocol used by the hosts to apply for the tasks the IP address and other configuration information?

  • A. None
  • B. ARP
  • C. SNMP
  • D. DHCP
  • E. Telnet

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 67
......

312-38 Braindumps Real Exam Updated on Apr 01, 2022 with 171 Questions: https://www.actualvce.com/EC-COUNCIL/312-38-valid-vce-dumps.html

Latest 312-38 PDF Dumps & Real Tests Free Updated Today: https://drive.google.com/open?id=1ng-9zNLk87tzAGsl6QANuWx4gy4jRewf