312-38 Dumps (V12.02) – Simple and Quick Way to Pass the EC-Council Certified Network Defender (CND) Exam

1. Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level.

Which of the following is the correct order in the risk management phase?

2. John has implemented ________ in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

3. What command is used to terminate certain processes in an Ubuntu system?

4. Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22.

What will happen if any one of the main nodes fail?

5. Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures.

What is Stephanie working on?

6. An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours.

What is the best option to do this job?

7. Eric is receiving complaints from employees that their systems are very slow and experiencing odd issues including restarting automatically and frequent system hangs. Upon investigating, he is convinced the systems are infected with a virus that forces systems to shut down automatically after period of time.

What type of security incident are the employees a victim of?

8. -----------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

9. The network admin decides to assign a class B IP address to a host in the network. Identify which of the following addresses fall within a class B IP address range.

10. Rick has implemented several firewalls and IDS systems across his enterprise network.

What should he do to effectively correlate all incidents that pass through these security controls?

11. Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need.

Which of the following factors will the administrator consider when deciding on the appropriate backup medium?

12. Which of the following network monitoring techniques requires extra monitoring software or hardware?

13. Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP addresses to be private addresses, to prevent public Internet devices direct access to them.

What should Steven implement on the firewall to ensure this happens?

14. What is the name of the authority that verifies the certificate authority in digital certificates?

15. Will is working as a Network Administrator. Management wants to maintain a backup of all the company data as soon as it starts operations. They decided to use a RAID backup storage technology for their data backup plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data written to one disk is copied automatically to the other disk as well. This maintains an additional copy of the data.

Which RAID level is used here?

16. You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network.

What will be your first reaction as a first responder?

17. If a network is at risk from unskilled individuals, what type of threat is this?

18. According to the company's security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows Authentication.

What needs to happen to force this server to use Windows Authentication?

19. Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup.

What type of backup is Kelly using?

20. John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network.

Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?

21. A company has the right to monitor the activities of their employees on different information systems according to the _______policy.

22. Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office.

What layer of the OSI model do IPsec tunnels function on?

23. Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved.

What is the last step he should list?

24. Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

25. James was inspecting ARP packets in his organization's network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are originating.

Which type of attack is James analyzing?

26. Alex is administrating the firewall in the organization's network.

What command will he use to check the ports applications open?

27. The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank's business is very high.

How should this risk be categorized in the risk matrix?

28. Identify the minimum number of drives required to setup RAID level 5.

29. Timothy works as a network administrator in a multinational organization. He decides to implement a dedicated network for sharing storage resources. He uses a_______as it seperates the storage units from the servers and the user network.

30. A local bank wants to protect their card holder data. The bank should comply with the________standard to ensure the security of card holder data.

31. Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching.

Which type of network-based IDS is Sam implementing?

32. John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information.

Which type of firewall service is John thinking of implementing?

33. You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification.

What type of device are you suggesting?

34. Management wants to calculate the risk factor for their organization. Kevin, a network administrator in the organization knows how to calculate the risk factor. Certain parameters are required before calculating risk factor.

What are they? (Select all that apply) Risk factor =.............X...............X...........

35. Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle's company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide.

What type of solution would be best for Lyle?

36. Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt.

Which filter will he use to view the traffic?

37. Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21.

What does this source address signify?

38. The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident.

Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)

39. Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees.

Under which category of an information security policy does AUP fall into?

40. The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers.

What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?

41. Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed.

What is the first step they should do to create the network vulnerability assessment plan?

42. Management wants to bring their organization into compliance with the ISO standard for information security risk management.

Which ISO standard will management decide to implement?

43. As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's _________integrity check mechanism provides security against a replay attack

44. John wants to implement a packet filtering firewall in his organization's network.

What TCP/IP layer does a packet filtering firewall work on?

45. Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered.

What tool could Simon and his administrators implement to accomplish this?

46. Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server.

How will you prioritize these two incidents?

47. Should not be expensive.

The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements.

What RAID level will she suggest?

48. Which OSI layer does a Network Interface Card (NIC) work on?

49. Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend them against this allegation.

50. Brendan wants to implement a hardware based RAID system in his network. He is thinking of choosing a suitable RAM type for the architectural setup in the system. The type he is interested in provides access times of up to 20 ns.

Which type of RAM will he select for his RAID system?

51. Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.

52. Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other.

How will they ensure the authenticity of their emails?

53. The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials.

Which of following physical security measures should the administrator use?

54. A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0.

What IP address class is the network range a part of?

55. Which of the information below can be gained through network sniffing? (Select all that apply)

56. Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of incident in the plan.

Unsuccessful scans and probes are at what severity level?

57. The--------------protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.

58. Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities.

What type of network security approach is Daniel adopting?

59. David is working in a mid-sized IT company. Management asks him to suggest a framework that can be used effectively to align the IT goals to the business goals of the company. David suggests the______framework, as it provides a set of controls over IT and consolidates them to form a framework.

60. James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails.

What should James use?

61. Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works.

The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred's supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred's boss wants a solution that will be placed on all computers throughout the company and monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic.

What type of solution does Fred's boss want to implement?

62. Heather has been tasked with setting up and implementing VPN tunnels to remote offices. She will most likely be implementing IPsec VPN tunnels to connect the offices.

At what layer of the OSI model does an IPsec tunnel function on?

63. The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed.

What is/are the reason(s) Alex is suggesting that James use a differential backup? (Select all that apply)

64. The agency Jacob works for stores and transmits vast amounts of sensitive government data that cannot be compromised. Jacob has implemented Encapsulating Security Payload (ESP) to encrypt IP traffic. Jacob wants to encrypt the IP traffic by inserting the ESP header in the IP datagram before the transport layer protocol header.

What mode of ESP does Jacob need to use to encrypt the IP traffic?

65. Kyle, a front office executive, suspects that a Trojan has infected his computer.

What should be his first course of action to deal with the incident?

66. Katie has implemented the RAID level that split data into blocks and evenly write the data to multiple hard drives but does not provide data redundancy. This type of RAID level requires a minimum of________in order to setup.

67. Henry needs to design a backup strategy for the organization with no service level downtime.

Which backup method will he select?

68. James wants to implement certain control measures to prevent denial-of-service attacks against the organization.

Which of the following control measures can help James?

69. An US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that require a minimum of six drives but will meet high fault tolerance and with a high speed for the data read and write operations.

What RAID level is John considering to meet this requirement?

70. An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then upload this file into the cracking application that runs against the user accounts.

Which of the following password cracking techniques is the attacker trying?

71. A company wants to implement a data backup method which allows them to encrypt the data ensuring its security as well as access at any time and from any location.

What is the appropriate backup method that

should be implemented?

72. If there is a fire incident caused by an electrical appliance short-circuit, which fire suppressant should be used to control it?

73. Kyle is an IT technician managing 25 workstations and 4 servers. The servers run applications and mostly store confidential data. Kyle must backup the server's data daily to ensure nothing is lost. The power in the company's office is not always reliable, Kyle needs to make sure the servers do not go down or are without power for too long. Kyle decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters and converters to charge the battery and provides power when needed.

What type of UPS has Kyle purchased?

74. Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control measures for their files and folders.

Which access control did Ross implement?

75. Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and

out of the network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets.

What is this type of server called?

76. Larry is responsible for the company's network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server outside of the company's internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls.

What logical area is Larry putting the new email server into?

77. Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic.

What type of scan is Cindy attempting here?

78. A newly joined network administrator wants to assess the organization against possible risk. He notices the organization doesn't have a________identified which helps measure how risky an activity is.

79. A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines.

What are the other f unction(s) of the device? (Select all that apply)

80. James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack.

Which of the following Wireshark filters will he use?

81. Harry has successfully completed the vulnerability scanning process and found serious vulnerabilities exist in the organization's network. Identify the vulnerability management phases through which he will proceed to ensure all the detected vulnerabilities are addressed and eradicated. (Select all that apply)

82. George was conducting a recovery drill test as a part of his network operation. Recovery drill tests are conducted on the______________.

83. During a security awareness program, management was explaining the various reasons which create threats to network security.

Which could be a possible threat to network security?

84. Identify the network topology where each computer acts as a repeater and the data passes from one computer to the other in a single direction until it reaches the destination.

85. John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router.

Which command will John use to enable NetFlow on an interface?

86. Michael decides to view the-----------------to track employee actions on the organization's network.

87. Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic normally recorded by the IDS.

What type of detection is this network-based IDS system using?

88. Mark is monitoring the network traffic on his organization's network. He wants to detect a TCP and UDP ping sweep on his network.

Which type of filter will be used to detect this on the network?

89. Ivan needs to pick an encryption method that is scalable even though it might be slower. He has settled on a method that works where one key is public and the other is private.

What encryption method did Ivan settle on?

90. Identify the password cracking attempt involving precomputed hash values stored as plaintext and using these to crack the password.

91. Justine has been tasked by her supervisor to ensure that the company's physical security is on the same level as their logical security measures. She installs video cameras at all entrances and exits and installs badge access points for all doors. The last item she wants to install is a method to prevent unauthorized people piggybacking employees.

What should she install to prevent piggybacking?

92. Tom works as a network administrator in a multinational organization having branches across North America and Europe. Tom wants to implement a storage technology that can provide centralized data storage and provide free data backup on the server. He should be able to perform data backup and recovery more efficiently with the selected technology.

Which of the following storage technologies best suits Tom's requirements?

93. Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.

94. Jason has set a firewall policy that allows only a specific list of network services and deny everything else. This strategy is known as a____________.

95. You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile users working from laptops on Windows 8. Last week 10 of your company's laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information. While doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information.

What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?

96. Geon Solutions INC., had only 10 employees when it started. But as business grew, the organization had to increase the amount of staff. The network administrator is finding it difficult to accommodate an increasing number of employees in the existing network topology. So the organization is planning to implement a new topology where it will be easy to accommodate an increasing number of employees.

Which network topology will help the administrator solve the problem of needing to add new employees and expand?