Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil 312-38 Certified Network Defender (CND) Exam Practice Test

Demo: 26 questions
Total 177 questions

Certified Network Defender (CND) Questions and Answers

Question 1

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your

first reaction as a first responder?

Options:

A.

Avoid Fear, Uncertainty and Doubt

B.

Communicate the incident

C.

Make an initial assessment

D.

Disable Virus Protection

Question 2

The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and

you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all

currently installed packages?

Options:

A.

You should run the up2date -d -f -u command

B.

You should run the up2data -u command

C.

You should run the WSUS -d -f -u command.

D.

You should type the sysupdate -d command

Question 3

Alex is administrating the firewall in the organization's network. What command will he use to check all the remote addresses and ports in numerical form?

Options:

A.

Netstat -o

B.

Netstat -a

C.

Netstat -ao

D.

Netstat -an

Question 4

Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is

encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.

Options:

A.

Full Mesh Mode

B.

Point-to-Point Mode

C.

Transport Mode

D.

Tunnel Mode

Question 5

The agency Jacob works for stores and transmits vast amounts of sensitive government data that cannot be compromised. Jacob has implemented Encapsulating Security Payload (ESP) to encrypt IP traffic. Jacob

wants to encrypt the IP traffic by inserting the ESP header in the IP datagram before the transport layer protocol header. What mode of ESP does Jacob need to use to encrypt the IP traffic?

Options:

A.

He should use ESP in transport mode.

B.

Jacob should utilize ESP in tunnel mode.

C.

Jacob should use ESP in pass-through mode.

D.

He should use ESP in gateway mode

Question 6

Larry is responsible for the company's network consisting of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to control the email internally. Larry likes this idea because

it will give him more control over the email. Larry wants to purchase a server for email but does not want the server to be on the internal network due to the potential to cause security risks. He decides to place the server

outside of the company's internal firewall. There is another firewall connected directly to the Internet that will protect traffic from accessing the email server. The server will be placed between the two firewalls. What

logical area is Larry putting the new email server into?

Options:

A.

He is going to place the server in a Demilitarized Zone (DMZ)

B.

He will put the email server in an IPsec zone.

C.

Larry is going to put the email server in a hot-server zone.

D.

For security reasons, Larry is going to place the email server in the company's Logical Buffer Zone (LBZ).

Question 7

------------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

Options:

A.

802.15

B.

802.16

C.

802.15.4

D.

802.12

Question 8

Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and

communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization.

Options:

A.

Hybrid virtualization

B.

Hardware-assisted virtualization

C.

Full virtualization

D.

Para virtualization

Question 9

John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

Options:

A.

DMZ

B.

Proxies

C.

VPN

D.

NAT

Question 10

Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:

Options:

A.

Cloud to service attack surface

B.

User to service attack surface

C.

User to cloud attack surface

D.

Cloud to user attack surface

Question 11

Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP

addresses to be private addresses, to prevent public Internet devices direct access to them. What should Steven implement on the firewall to ensure this happens?

Options:

A.

Steven should use a Demilitarized Zone (DMZ)

B.

Steven should use Open Shortest Path First (OSPF)

C.

Steven should use IPsec

D.

Steven should enabled Network Address Translation(NAT)

Question 12

A newly joined network administrator wants to assess the organization against possible risk. He notices the organization doesn't have a________identified which helps measure how risky an activity is.

Options:

A.

Risk Severity

B.

Risk Matrix

C.

Key Risk Indicator

D.

Risk levels

Question 13

Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control

measures for their files and folders. Which access control did Ross implement?

Options:

A.

Discretionary access control

B.

Mandatory access control

C.

Non-discretionary access control

D.

Role-based access control

Question 14

Which among the following is used to limit the number of cmdlets or administrative privileges of administrator, user, or service accounts?

Options:

A.

Just Enough Administration (EA)

B.

User Account Control (UAC)

C.

Windows Security Identifier (SID)

D.

Credential Guard

Question 15

James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep

attack. Which of the following Wireshark filters will he use?

Options:

A.

lcmp.type==0 and icmp.type==16

B.

lcmp.type==8 or icmp.type==16

C.

lcmp.type==8 and icmp.type==0

D.

lcmp.type==8 or icmp.type==0

Question 16

Management asked Adam to implement a system allowing employees to use the same credentials to access multiple applications. Adam should implement the--------------------------authentication technique to satisfy the

management request.

Options:

A.

Two-factor Authentication

B.

Smart Card Authentication

C.

Single-sign-on

D.

Biometric

Question 17

John is working as a network defender at a well-reputed multinational company. He wanted to implement security that can help him identify any future attacks that can be targeted toward his organization and

take appropriate security measures and actions beforehand to defend against them. Which one of the following security defense techniques should be implement?

Options:

A.

Reactive security approach

B.

Retrospective security approach

C.

Proactive security approach

D.

Preventive security approach

Question 18

A company wants to implement a data backup method that allows them to encrypt the data ensuring its security as well as access it at any time and from any location. What is the appropriate backup method

that should be implemented?

Options:

A.

Cloud backup

B.

Offsite backup

C.

Hot site backup

D.

Onsite backup

Question 19

The--------------protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.

Options:

A.

RARP

B.

ICMP

C.

DHCP

D.

ARP

Question 20

Which of the following security models enable strict identity verification for every user or device attempting to access the network resources?

1. Zero-trust network model

2. Castle-and-Moat model

Options:

A.

Both 1 and 2

B.

1 only

C.

2 only

D.

None

Question 21

Choose the correct order of steps to analyze the attack surface.

Options:

A.

Identify the indicators of exposure->visualize the attack surface->simulate the attack->reduce the attack surface

B.

Visualize the attack surface->simulate the attack->identify the indicators of exposure->reduce the attack surface

C.

Identify the indicators of exposure->simulate the attack->visualize the attack surface->reduce the attack surface

D.

Visualize the attack surface->identify the indicators of exposure->simulate the attack->reduce the attack surface

Question 22

Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?

Options:

A.

Indicators of attack

B.

Key risk indicators

C.

Indicators of exposure

D.

Indicators of compromise

Question 23

Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main

nodes fail?

Options:

A.

Failure of the main node affects all other child nodes at the same level irrespective of the main node.

B.

Does not cause any disturbance to the child nodes or its tranmission

C.

Failure of the main node will affect all related child nodes connected to the main node

D.

Affects the root node only

Question 24

A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0. What IP address class is the network range a part of?

Options:

A.

Class C

B.

Class A

C.

Class B

D.

Class D

Question 25

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what

command should he execute?

Options:

A.

# update-rc.d -f [service name] remove

B.

# service [service name] stop

C.

# ps ax | grep [Target Process]

D.

# kill -9 [PID]

Question 26

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend

them against this allegation.

Options:

A.

PR Specialist

B.

Attorney

C.

Incident Handler

D.

Evidence Manager

Demo: 26 questions
Total 177 questions