• Home
  • Blogs
  • [Feb 25, 2024] Get Unlimited Access to 312-38 Certification Exam Cert Guide [Q68-Q89]

[Feb 25, 2024] Get Unlimited Access to 312-38 Certification Exam Cert Guide [Q68-Q89]

Share

[Feb 25, 2024] Get Unlimited Access to 312-38 Certification Exam Cert Guide

Reliable Study Materials for 312-38 Exam Success For Sure

NEW QUESTION # 68
Which of the following is also known as stateful firewall?

  • A. Dynamic packet-filtering firewall
  • B. DMZ
  • C. PIX firewall
  • D. Stateless firewall

Answer: A


NEW QUESTION # 69
Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?

  • A. Aircrack
  • B. BackTrack
  • C. AirSnort
  • D. Ettercap

Answer: D

Explanation:
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. It is a free open source software. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Answer option C is incorrect. BackTrack is a Linux distribution distributed as a Live CD, which is used for penetration testing. It allows users to include customizable scripts, additional tools and configurable kernels in personalized distributions. It contains various tools, such as Metasploit integration, RFMON injection capable wireless drivers, kismet, autoscan-network (network discovering and managing application), nmap, ettercap, wireshark (formerly known as Ethereal). Answer option A is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer option D is incorrect. Aircrack is the fastest WEP/WPA cracking tool used for 802.11a/b/g WEP and WPA cracking.


NEW QUESTION # 70
CORRECT TEXT
Fill in the blank with the appropriate term. ______________management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system.

Answer:

Explanation:
Patch
Explanation:
Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management includes the following tasks: Maintaining current knowledge of available patches Deciding what patches are appropriate for particular systems Ensuring that patches are installed properly Testing systems after installation, and documenting all associated procedures, such as specific configurations required A number of products are available to automate patch management tasks, including RingMaster's Automated Patch Management, PatchLink Update, and Gibraltar's Everguard.


NEW QUESTION # 71
Which of the following offer "always-on" Internet service for connecting to your ISP? Each correct answer represents a complete solution. Choose all that apply.

  • A. digital modem
  • B. analog modem
  • C. DSL
  • D. cable modem

Answer: C,D

Explanation:
Explanation


NEW QUESTION # 72
John has successfully remediated the vulnerability of an internal application that could have caused a threat to the network. He is scanning the application for the existence of a remediated vulnerability, this process is called a________and it has to adhere to the_________

  • A. Verification, Security Policies
  • B. Vulnerability scanning, Risk Analysis
  • C. Risk analysis, Risk matrix
  • D. Mitigation, Security policies

Answer: A


NEW QUESTION # 73
Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic normally recorded by the IDS. What type of detection is this network-based IDS system using?

  • A. This network-based IDS is utilizing definition-based detection.
  • B. This system is using misuse detection.
  • C. This network-based IDS system is using anomaly detection.
  • D. This network-based IDS system is using dissimilarity algorithms.

Answer: C


NEW QUESTION # 74
Which of the following types of coaxial cable used for cable television and cable modems?

  • A. RG-59
  • B. RG-62
  • C. RG-58
  • D. RG-8
  • E. None

Answer: A


NEW QUESTION # 75
Which of the following types of RAID offers no protection for the parity disk?

  • A. RAID 1
  • B. RAID 2
  • C. RAID 3
  • D. RAID 5

Answer: C


NEW QUESTION # 76
Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

  • A. Based on approval from management
  • B. Based on the type of response needed for the incident
  • C. Based on a first come first served basis
  • D. Based on a potential technical effect of the incident

Answer: D


NEW QUESTION # 77
Which of the following is a network maintenance protocol of the TCP/IP protocol suite that is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC)?

  • A. DHCP
  • B. RARP
  • C. PIM
  • D. ARP

Answer: D

Explanation:
Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets. Answer option A is incorrect. The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Answer option D is incorrect. Reverse Address Resolution Protocol (RARP) is a Network layer protocol used to obtain an IP address for a given hardware (MAC) address. RARP is sort of the reverse of an ARP. Common protocols that use RARP are BOOTP and DHCP. Answer option C is incorrect. Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN, or the Internet. It is termed protocol-independent because PIM does not include its own topology discovery mechanism, but instead uses routing information supplied by other traditional routing protocols, such as Border Gateway Protocol (BGP).
Topic 3, Volume C


NEW QUESTION # 78
Which protocol could choose the network administrator for the wireless network design, if he need to satisfied the minimum requirement of 2.4 GHz, 22 MHz of bandwidth, 2 Mbits/s stream for data rate and use DSSS for modulation.

  • A. 802.11b
  • B. 802.11a
  • C. 802.11g
  • D. 802.11n

Answer: A


NEW QUESTION # 79
DRAG DROP
Drag and drop the terms to match with their descriptions.

Answer:

Explanation:

Explanation:

Following are the terms with their descriptions:
A Trojan horse is a malicious software program that contains hidden code and masquerades itself as a normal program. When a Trojan horse program is run, its hidden code runs to destroy or scramble data on the hard disk. An example of a Trojan horse is a program that masquerades as a computer logon to retrieve user names and password information. The developer of a Trojan horse can use this information later to gain unauthorized access to computers. Trojan horses are normally spread by e-mail attachments. Ping sweep is a technique used to determine which of a range of IP addresses map to live hosts. It consists of ICMP ECHO requests sent to multiple hosts. If a given address is live, it will return an ICMP ECHO reply. A ping is often used to check that a network device is functioning. To disable ping sweeps on a network, administrators can block ICMP ECHO requests from outside sources. However, ICMP TIMESTAMP and ICMP INFO can be used in a similar manner. Spamware is software designed by or for spammers to send out automated spam e-mail. Spamware is used to search for e-mail addresses to build lists of e-mail addresses to be used either for spamming directly or to be sold to spammers. The spamware package also includes an e-mail harvesting tool. A backdoor is any program that allows a hacker to connect to a computer without going through the normal authentication process. The main advantage of this type of attack is that the network traffic moves from inside a network to the hacker's computer. The traffic moving from inside a network to the outside world is typically the least restrictive, as companies are more concerned about what comes into a network, rather than what leaves it. It, therefore, becomes hard to detect backdoors.


NEW QUESTION # 80
Which of the following is a distributed application architecture that partitions tasks or work loads between service providers and service requesters?Each correct answer represents a complete solution. Choose all that apply.

  • A. Peer-to-peer networking
  • B. Client-server networking
  • C. Peer-to-peer (P2P) computing
  • D. Client-server computing

Answer: B,D

Explanation:
Client-server networking is also known as client-server computing. It is a distributed application architecture that partitions tasks or work loads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client does not share any of its resources, but requests a server's content or service function. Clients therefore initiate communication sessions with servers which await (listen to) incoming requests. Answer options D and B are incorrect. Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes. Peer-to-peer networking (also known simply as peer networking) differs from client-server networking, where certain devices have the responsibility to provide or "serve" data, and other devices consume or otherwise act as "clients" of those servers.


NEW QUESTION # 81
Which of the following helps in viewing account activity and events for supported services made by AWS?

  • A. AWS CloudFormation
  • B. AWS Certificate Manager
  • C. AWS CloudTrial
  • D. AWS CloudHSM

Answer: C


NEW QUESTION # 82
Hacktivists are threat actors, who can be described as -------------------

  • A. People motivated by religious beliefs
  • B. Disgruntled/terminated employees
  • C. People motivated by monetary gams
  • D. People having political or social agenda

Answer: D


NEW QUESTION # 83
Which of the following OSI layers establishes, manages, and terminates the connections between the local and
remote applications?

  • A. Application layer
  • B. Session layer
  • C. Network layer
  • D. Data Link layer

Answer: B

Explanation:
The session layer of the OSI/RM controls the dialogues (connections) between computers. It establishes,
manages and terminates the connections between the local and remote application. It provides for full-duplex,
half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart
procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of
the Transmission Control Protocol, and also for session checkpointing and recovery, which is not usually used
in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application
environments that use remote procedure calls.
Answer option C is incorrect. The Application Layer of TCP/IP model refers to the higher-level protocols used
by most applications for network communication. Examples of application layer protocols include the File
Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application
layer protocols are then encapsulated into one or more transport layer protocols, which in turn use lower layer
protocols to affect actual data transfer.
Answer option A is incorrect. The Data Link Layer is Layer 2 of the seven-layer OSI model of computer
networking. It corresponds to or is part of the link layer of the TCP/IP reference model. The Data Link Layer is
the protocol layer which transfers data between adjacent network nodes in a wide area network or between
nodes on the same local area network segment. The Data Link Layer provides the functional and procedural
means to transfer data between network entities and might provide the means to detect and possibly correct
errors that may occur in the Physical Layer. Examples of data link protocols are Ethernet for local area
networks (multi-node), the Point-to-Point Protocol (PPP), HDLC, and ADCCP for point-to-point (dual-node)
connections.
Answer option B is incorrect. The network layer controls the operation of subnet, deciding which physical path
the data should take, based on network conditions, priority of service, and other factors. Routers work on the
Network layer of the OSI stack.


NEW QUESTION # 84
Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?

  • A. RPO
  • B. RSP
  • C. RFO
  • D. RTO

Answer: D


NEW QUESTION # 85
Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for disabling a service?

  • A. $ sudo system ctl disable [service]
  • B. $ sudo system.ctl disable [service]
  • C. $ sudo system-ctl disable [service]
  • D. $ sudo systemctl disable [service]

Answer: D


NEW QUESTION # 86
Mark is monitoring the network traffic on his organization's network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

  • A. tcp.dstport==7 and udp.srcport==7
  • B. tcp.dstport==7 and udp.srcport==7
  • C. tcp.dstport==7 and udp.dstport==7
  • D. tcp.dstport==7 and udp.dstport==7

Answer: B


NEW QUESTION # 87
CORRECT TEXT
Fill in the blank with the appropriate term. ______________is a protocol used to synchronize the timekeeping among the number of distributed time servers and clients.

Answer:

Explanation:
NTP
Explanation:
Network Time Protocol (NTP) is used to synchronize the timekeeping among the number of distributed time servers and clients. It is used for the time management in a large and diverse network that contains many interfaces. In this protocol, servers define the time, and clients have to be synchronized with the defined time. These clients can choose the most reliable source of time defined from the several NTP servers for their information transmission.


NEW QUESTION # 88
Which of the following protocols is used to share information between routers to transport IP Multicast packets among networks?

  • A. DVMRP
  • B. RSVP
  • C. RPC
  • D. LWAPP

Answer: A

Explanation:
The Distance Vector Multicast Routing Protocol (DVMRP) is used to share information between routers to transport IP Multicast packets among networks. It uses a reverse path-flooding technique and is used as the basis for the Internet's multicast backbone (MBONE). In particular, DVMRP is notorious for poor network scaling, resulting from reflooding, particularly with versions that do not implement pruning. DVMRP's flat unicast routing mechanism also affects its capability to scale. Answer option A is incorrect. The Resource Reservation Protocol (RSVP) is a Transport layer protocol designed to reserve resources across a network for an integrated services Internet. RSVP does not transport application data but is rather an Internet control protocol, like ICMP, IGMP, or routing protocols. RSVP provides receiver-initiated setup of resource reservations for multicast or unicast data flows with scaling and robustness. RSVP can be used by either hosts or routers to request or deliver specific levels of quality of service (QoS) for application data streams. RSVP defines how applications place reservations and how they can leave the reserved resources once the need for them has ended. RSVP operation will generally result in resources being reserved in each node along a path. Answer option C is incorrect. A remote procedure call (RPC) hides the details of the network by using the common procedure call mechanism familiar to every programmer. Like any ordinary procedure, RPC is also synchronous and parameters are passed to it. A process of the client calls a function on a remote server and remains suspended until it gets back the results. Answer option D is incorrect. LWAPP (Lightweight Access Point Protocol) is a protocol used to control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. This also allows network administrators to closely analyze the network.


NEW QUESTION # 89
......


The EC-COUNCIL 312-38 exam covers a wide range of topics including network security, network protocols, network defense, network perimeter security, network topologies, and network devices. It also includes hands-on practical exercises, which will test the candidate's ability to apply their knowledge in real-world scenarios. 312-38 exam is conducted online and consists of 100 multiple-choice questions, which must be completed within four hours.

 

New EC-COUNCIL 312-38 Dumps & Questions: https://www.test4sure.com/312-38-pass4sure-vce.html

100% Latest Most updated 312-38 Questions and Answers: https://drive.google.com/open?id=1M3ftm6ofVCUYVkfQ5MFhUu44swETl4B4

Related Blogs

more
EC-COUNCIL 312-38 Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.