312-38試験無料問題集（359題）「EC-COUNCIL EC-Council Certified Network Defender CND 認定」

出題：1

Bryson is the IT manager and sole IT employee working for a federal agency in California. The agency was just given a grant and was able to hire on 30 more employees for a new extended project. Because of this, Bryson has hired on two more IT employees to train up and work. Both of his new hires are straight out of college and do not have any practical IT experience. Bryson has spent the last two weeks teaching the new employees the basics of computers, networking, troubleshooting techniques etc. To see how these two new hires are doing, he asks them at what layer of the OSI model do Network Interface Cards (NIC) work on. What should the new employees answer?

A. The new employees should say that NICs perform on the Network layer.

B. NICs work on the Session layer of the OSI model.

C. They should tell Bryson that NICs perform on the Physical layer

D. They should answer with the Presentation layer.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Who is an IR custodian?

A. An individual who makes a decision on the classifications and the severity of the incident identified

B. An individual responsible for the remediation and resolution of the incident that occurred

C. An individual who receives the initial IR alerts and leads the IR team in all the IR activities

D. An individual responsible for conveying company details after an incident

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which scan attempt can penetrate through a router and a firewall that filter incoming packets with particular flags set and is not supported by Windows?

A. TCP full connect scan attempt

B. PINC sweep attempt

C. TCP null scan attempt

D. ARP scan attempt

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which authentication technique involves mathematical pattern-recognition of the colored part of the eye behind the cornea?

A. Vein Scanning

B. Retinal Scanning

C. Facial Recognition

D. Iris Scanning

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Ryan is a network security administrator, who wants to implement local security policies for privileges granted to users and groups, system security audit settings, user authentication, and want to send security audit messages to the Event Log. Which Windows security component fulfills Ryan's requirement?

A. WinLogon and NetLogon

B. Security Reference Monitor (SRM)

C. The Local Security Authority Subsystem (LSASS)

D. The Security Account Manager (SAM)

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?

A. Improper usage

B. Malicious code

C. Denial-of-Service

D. Scans/Probes/Attempted Access

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Identify the minimum number of drives required to setup RAID level 5.

A. Multiple

B. 2

C. 4

D. 3

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

A. Cindy is using a half-open scan to find live hosts on her network.

B. Cindy is attempting to find live hosts on her company's network by using a XMAS scan.

C. She is utilizing a RST scan to find live hosts that are listening on her network.

D. The type of scan she is usinq is called a NULL scan.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this source address signify?

A. This source address is IPv6 and translates as 13.1.68.3

B. This source address signifies that the originator is using 802dot1x to try and penetrate into Frank's network

C. This means that the source is using IPv4

D. This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which type of risk treatment process Includes not allowing the use of laptops in an organization to ensure its security?

A. Risk avoidance

B. Reduce the risk

C. Mitigate the risk

D. Eliminate the risk

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Heather has been tasked with setting up and implementing VPN tunnels to remote offices. She will most likely be implementing IPsec VPN tunnels to connect the offices. At what layer of the OSI model does an IPsec tunnel function on?

A. They function on either the application or the physical layer.

B. They function on the data link layer

C. They work on the session layer.

D. They work on the network layer

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Which of the following is true regarding any attack surface?

A. Decrease in vulnerabilities decreases the attack surface

B. Increase in vulnerabilities decreases the attack surface

C. Decrease in vulnerabilities increases the attack surface

D. Decrease in risk exposures increases the attack surface

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

312-38試験無料問題集「EC-COUNCIL EC-Council Certified Network Defender CND 認定」