
100%の合格率を試そう!更新されたのは312-38試験問題 [2023]
合格させる312-38試験にはリアル問題解答
EC-Council Certified Network Defender(CND)試験は、ネットワーク管理者およびセキュリティ専門家向けの貴重な認定プログラムです。この認定は世界中で認識されており、専門家がネットワークベースの攻撃から防御するために必要な知識とスキルを獲得できるように設計されています。この試験は包括的であり、ネットワーク防衛に関連する幅広いトピックをカバーしているため、ネットワークセキュリティのキャリアの見通しを強化しようとしている人にとって重要な認証となっています。
質問 # 29
The SOC manager is reviewing logs in AlienVault USM to investigate an intrusion on the network. Which CND approach is being used?
- A. Deterrent
- B. Reactive
- C. Retrospective
- D. Preventive
正解:C
質問 # 30
Which of the following statements best describes the consequences of the disaster recovery plan test?
- A. The results of the test should be kept secret.
- B. If no deficiencies were found during the test, then the test was probably flawed.
- C. The plan should not be changed no matter what the results of the test would be.
- D. If no deficiencies were found during the test, then the plan is probably perfect.
正解:B
解説:
The chief objective of a disaster recovery plan is to provide a planned way to make decisions if a disruptive event occurs. The reason behind the disaster recovery plan test is to find flaws in the plan. Every plan has some weak points. After the test has been conducted, all parties are informed of the results and the plan is updated to reflect the new information.
質問 # 31
Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify
OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's
intelligence collection capabilities identified in the previous action?
- A. Assessment of Risk
- B. Analysis of Threats
- C. Application of Appropriate OPSEC Measures
- D. Analysis of Vulnerabilities
- E. Identification of Critical Information
正解:D
解説:
OPSEC is a 5-step process that helps in developing protection mechanisms in order to safeguard sensitive
information and preserve essential secrecy.
The OPSEC process has five steps, which are as follows:
1.Identification of Critical Information: This step includes identifying information vitally needed by an adversary,
which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to
protect all classified or sensitive unclassified information.
2.Analysis of Threats: This step includes the research and analysis of intelligence, counter-intelligence, and
open source information to identify likely adversaries to a planned operation.
3.Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify OPSEC
indicators that could reveal critical information and then comparing those indicators with the adversary's
intelligence collection capabilities identified in the previous action.
4.Assessment of Risk: Firstly, planners analyze the vulnerabilities identified in the previous action and identify
possible OPSEC measures for each vulnerability. Secondly, specific OPSEC measures are selected for
execution based upon a risk assessment done by the commander and staff.
5.Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in
the assessment of risk action or, in the case of planned future operations and activities, includes the measures
in specific OPSEC plans.
質問 # 32
Which of the following IEEE standards defines a physical bus topology?
- A. 802.4
- B. 802.6
- C. 802.5
- D. 802.3
正解:A
質問 # 33
Which of the following protocols is a method for implementing virtual private networks?
- A. PPTP
- B. SNMP
- C. TLS
- D. SSL
正解:A
質問 # 34
CORRECT TEXT
Fill in the blank with the appropriate term.
A ______________ is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network.
正解:
解説:
demilitarized zone
Explanation:
A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.
質問 # 35
CORRECT TEXT
Fill in the blank with the appropriate term. The ______________layer establishes, manages, and terminates the connections between the local and remote application.
正解:
解説:
session
Explanation:
The session layer of the OSI/RM controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session check pointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls.
質問 # 36
Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level. Which of the following is the correct order in the risk management phase?
- A. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification
- B. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
- C. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment
- D. Risk Identification. Risk Assessment. Risk Monitoring & Review, Risk Treatment
正解:B
質問 # 37
Which of the following steps OPSEC process examines every aspect of the proposed operation to identify the OPSEC indicators that can reveal important information and then compare them with indicators of the opponent's intelligence collection capabilities identified in the previous activity?
- A. analysis of threats
- B. analysis weakness
- C. Appropriate OPSEC measures
- D. risk assessment
- E. Identification of Critical Information
正解:B
解説:
Explanation/Reference:
質問 # 38
Which of the following incident handling stage removes the root cause of the incident?
- A. Detection
- B. Eradication
- C. Recovery
- D. Containment
正解:B
質問 # 39
Which of the following is a type of scam that entices a user to disclose personal information?
- A. Phishing
- B. Sniffing
- C. Smurfing
- D. Spamming
正解:A
質問 # 40
A network designer needs to submit a proposal for a company, which has just published a web portal for its clients on the internet. Such a server needs to be isolated from the internal network, placing itself in a DMZ.
Faced with this need, the designer will present a proposal for a firewall with three interfaces, one for the internet network, another for the DMZ server farm and another for the internal network. What kind of topology will the designer propose?
- A. Multi-homed firewall
- B. Screened subnet
- C. DMZ, External-Internal firewall
- D. Bastion host
正解:A
質問 # 41
An organization needs to adhere to the______________rules for safeguarding and protecting the electronically stored health information of employees.
- A. SOX
- B. PCI DSS
- C. HI PA A
- D. ISEC
正解:C
質問 # 42
Fill in the blank with the appropriate term.
A ______________ is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network.
正解:
解説:
demilitarized zone
質問 # 43
Which of the following IP addresses is the loopback address in IPv6?
- A. 0:0:0:0:0:0:0:0
- B. 1:0:0:0:0:0:0:0
- C. 0:0:0:0:0:0:0:1
- D. 0:0:0:1:1:0:0:0
正解:C
質問 # 44
Which of the following modems offers wireless communication under water?
- A. Optical modem
- B. Acoustic modem
- C. Short haul modem
- D. Controllerless modem
正解:B
質問 # 45
Which of the following is an intrusion detection system that reads all incoming packets and tries to find suspicious patterns known as signatures or rules?
- A. IPS
- B. HIDS
- C. NIDS
- D. DMZ
正解:C
解説:
A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect incoming shell codes in the same manner that an ordinary intrusion detection systems does. Answer option A is incorrect. A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than the network packets on its external interfaces. A host-based Intrusion Detection System (HIDS) monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and checks that the contents of these appear as expected. Answer option B is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Answer option C is incorrect. A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.
質問 # 46
Which of the following protocols is a method for implementing virtual private networks?
- A. PPTP
- B. SNMP
- C. TLS
- D. SSL
正解:A
質問 # 47
Which of the following is a firewall that keeps track of the state of network connections traveling across it?
- A. Application gateway firewall
- B. Stateless packet filter firewall
- C. Circuit-level proxy firewall
- D. Stateful firewall
正解:D
解説:
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.Answer option B is incorrect. A stateless packet filter firewall allows direct connections from the external network to hosts on the internal network and is included with router configuration software or with Open Source operating systems. Answer option C is incorrect. It applies security mechanisms when a TCP or UDP connection is established. Answer option D is incorrect. An application gateway firewall applies security mechanisms to specific applications, such as FTP and Telnet servers.
質問 # 48
Mark is monitoring the network traffic on his organization's network. He wants to detect a TCP and UDP ping sweep on his network. Which type of filter will be used to detect this on the network?
- A. Tcp.dstport==7 and udp.srcport==7
- B. Tcp.srcport==7 and udp.srcport==7
- C. Tcp.srcport==7 and udp.dstport==7
- D. Tcp.dstport==7 and udp.dstport==7
正解:D
質問 # 49
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website.
After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?
- A. They need to use Nessus
- B. Snort is the best tool for their situation
- C. They could use Tripwire
- D. They can implement Wireshark
正解:C
質問 # 50
Rosa is working as a network defender at Linda Systems. Recently, the company migrated from Windows to MacOS. Rosa wants to view the security related logs of her system, where con she find these logs?
- A. /var/log/cups/access-log
- B. /private/var/log
- C. /Library/Logs/Sync
- D. /Library/Logs
正解:B
質問 # 51
FILL BLANK
Fill in the blank with the appropriate term. A ______________________ network is a local area network (LAN)
in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used for
preventing the collision of data between two computers that want to send messages at the same time.
正解:
解説:
Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star
topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two
computers that want to send messages at the same time. The Token Ring protocol is the second most widely-
used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version,
specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology
provides for data transfer rates of either 4 or 16 megabits per second.
Working:
Empty information frames are constantly circulated on the ring. When a computer has a message to send, it
adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is
then observed by each successive workstation. If the workstation sees that it is the destination for the
message, it copies the message from the frame and modifies the token back to 0. When the frame gets back
to the originator, it sees that the token has been modified to 0 and that the message has been copied and
received. It removes the message from the particular frame. The frame continues to circulate as an empty
frame, ready to be taken by a workstation when it has a message to send.
質問 # 52
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?
- A. Session fixation
- B. Cross site scripting
- C. Fire walking
- D. Replay
正解:D
質問 # 53
......
312-38試験問題を最新版を今すぐ試そうの[2023年最新] 正解回答付き:https://jp.fast2test.com/312-38-premium-file.html
無料EC-COUNCIL 312-38テスト練習問題試験問題集:https://drive.google.com/open?id=1FIngkazFvuLB9tucLtYxqpgNmWPAcgPA