
312-38 PDF問題集リアル2025最近更新された問題
リリースEC-COUNCIL 312-38更新された問題PDF
質問 # 165
John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.
- A. VPN
- B. DMZ
- C. Proxies
- D. NAT
正解:D
質問 # 166
Andrew would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
- A. IKE
- B. AH
- C. ISAKMP
- D. ESP
正解:D
解説:
The Encapsulating Security Payload (ESP) component of IPsec is designed to provide confidentiality for the content of packets. ESP encrypts the data payload of IP packets to ensure that the information being transmitted remains confidential and cannot be accessed or intercepted by unauthorized parties. This encryption is crucial for protecting sensitive data as it travels across insecure networks, such as the internet.
質問 # 167
John wants to implement a packet filtering firewall in his organization's network. What TCP/IP layer does a packet filtering firewall work on?
- A. Application layer
- B. TCP layer
- C. Network Interface layer
- D. IP layer
正解:D
解説:
A packet filtering firewall operates at the network layer of the TCP/IP model. It analyzes the headers of IP packets, which include source and destination IP addresses, protocol information, and port numbers, to determine whether to allow or block the packets based on predefined rules and access control lists (ACLs). This type of firewall does not perform deep packet inspection but rather checks the packet headers against the ACLs to make decisions1234.
References: The explanation aligns with the core functions of packet filtering firewalls as described in various sources, including the Enterprise Networking Planet and NordLayer articles, which detail how these firewalls interact with the IP layer to filter traffic12. GeeksforGeeks also confirms that packet filtering firewalls work at the network layer of the OSI model, which corresponds to the IP layer in the TCP/IP model4.
質問 # 168
Which technique is used in RAID level 0 where the data is split into blocks and written evenly across multiple disks?
- A. Data splitting
- B. Disk partition
- C. Disk mirroring
- D. Disk stripping
正解:D
解説:
RAID level 0 employs a technique known as disk stripping, which involves splitting data into blocks and distributing them evenly across multiple disks. This method enhances performance by allowing simultaneous read and write operations on multiple drives. However, it does not provide redundancy, meaning if one drive fails, all data on the array could be lost. The primary advantage of disk stripping is the improved I/O performance due to the parallel processing of data across the drives.
質問 # 169
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?
- A. Buffer-overflow attack
- B. Bonk attack
- C. Smurf attack
- D. DDoS attack
正解:D
解説:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack.
Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests.
Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:
stack-based buffer overflow attack:
Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow.
heap-based buffer overflow attack:
Heap-based overflow attack floods the memory space reserved for the programs.
Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-of-service (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.
質問 # 170
If an organization has decided to consume PaaS Cloud service model, then identify the organization's responsibility that they need to look after based on shared responsibility model.
- A. Data, interfaces, application, middleware, OS, VM, virtual network, hypervisors, processing and memory, data storage, network interfaces, facilities and data centers, etc.
- B. Data, interfaces, application, middleware, OS, VM, virtual network, etc.
- C. Data, interfaces, etc.
- D. Data, interfaces, application, etc.
正解:D
解説:
In the PaaS (Platform as a Service) cloud service model, the cloud provider manages the infrastructure, including network, servers, operating systems, and storage. The organization's responsibility is primarily at the application level, which includes the data, interfaces, and the applications themselves. This means the organization must ensure the security and compliance of their data, manage the applications they develop or deploy, and handle the interfaces that connect their applications to other services or users. Reference: The Certified Network Defender (CND) course by EC-Council discusses the shared responsibility model in cloud services, emphasizing the division of responsibilities between the cloud provider and the consumer123.
質問 # 171
John works as a C programmer. He develops the following C program:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int buffer(char *str) {
char buffer1[10];
strcpy(buffer1, str);
return 1;
}
int main(int argc, char *argv[]) {
buffer (argv[1]);
printf("Executed\n");
return 1;
}
His program is vulnerable to a __________ attack.
- A. Buffer overflow
- B. Denial-of-Service
- C. Cross site scripting
- D. SQL injection
正解:A
解説:
This program takes a user-supplied string and copies it into 'buffer1', which can hold up to 10 bytes of data. If a user sends more than 10 bytes, it would result in a buffer overflow.
質問 # 172
James, a network admin in a large US based IT firm, was asked to audit and implement security controls over all network layers to achieve Defense-in-Depth. While working on this assignment, James has implemented both blacklisting and whitelisting ACLs. Which layer of defense-in-depth architecture is Jason working on currently?
- A. Host Layer
- B. Application Layer
- C. Internal Network Layer
- D. Perimeter Layer
正解:D
解説:
James is working on the Perimeter Layer of the Defense-in-Depth architecture. This layer is responsible for protecting the network's boundaries from unauthorized access and attacks. The implementation of blacklisting and whitelisting Access Control Lists (ACLs) is a common practice at this layer. Blacklisting ACLs block known malicious entities, while whitelisting ACLs allow only approved entities to access the network. These measures are part of the perimeter defenses that include firewalls, intrusion detection systems, and other boundary security mechanisms designed to prevent attackers from gaining initial access to the network infrastructure1234.
References:
* Defense in depth explained: Layering tools and processes for better security1.
* What is a whitelist and a blacklist? - National Cybersecurity Society2.
* Blacklisting vs Whitelisting: What's the Difference? - Instasafe3.
* Whitelisting, blacklisting, and your security strategy: It's not either/or4.
質問 # 173
The--------------protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.
- A. RARP
- B. DHCP
- C. ICMP
- D. ARP
正解:C
解説:
The Internet Control Message Protocol (ICMP) operates at the network layer and is integral to the Internet Protocol suite. It is utilized primarily for error handling during packet delivery, such as informing senders of a failed delivery due to unreachable destinations or other path-related issues. ICMP is also used for diagnostic purposes, with tools like ping and traceroute relying on ICMP messages to test connectivity and trace packet routes. Unlike transport layer protocols like TCP or UDP, ICMP does not establish a connection before sending messages, making it a connectionless protocol. This characteristic allows ICMP to quickly relay error messages and network information without the overhead of establishing a session.
References: The role and functions of ICMP are well-documented in resources such as GeeksforGeeks, ExploringBits, and IBM's TCP/IP concepts, which align with the ECCouncil's Network Defender (CND) objectives and documents123.
質問 # 174
Choose the correct order of steps to analyze the attack surface.
- A. Identify the indicators of exposure->visualize the attack surface->simulate the attack->reduce the attack surface
- B. Identify the indicators of exposure->simulate the attack->visualize the attack surface->reduce the attack surface
- C. Visualize the attack surface->identify the indicators of exposure->simulate the attack->reduce the attack surface
- D. Visualize the attack surface->simulate the attack->identify the indicators of exposure->reduce the attack surface
正解:A
解説:
The correct order of steps to analyze the attack surface begins with identifying the indicators of exposure. This step involves recognizing the elements within the system that could potentially be exploited by threats.
Following this, the attack surface is visualized to understand the scope and scale of potential attack vectors.
Next, a simulation of the attack is conducted to assess the effectiveness of the current security measures and identify any vulnerabilities. Finally, the attack surface is reduced by implementing measures to mitigate the identified risks and vulnerabilities, thereby enhancing the overall security posture.
References: This sequence ensures a structured approach to security analysis and is in line with best practices for attack surface analysis as outlined in various cybersecurity frameworks and guidelines1.
質問 # 175
Which of the following are the responsibilities of the disaster recovery team?Each correct answer represents a complete solution. Choose all that apply.
- A. To initiate the execution of the disaster recovery procedures
- B. To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts
- C. To monitor the execution of the disaster recovery plan and assess the results
- D. To notify management, affected personnel, and third parties about the disaster
正解:A、B、C、D
質問 # 176
Identify the attack where an attacker manipulates or tricks people into revealing their confidential details like bank account information, credit card details, etc.?
- A. Port Scanning
- B. Social Engineering Attacks
- C. DNS Footprinting
- D. ICMP Scanning
正解:B
解説:
The attack described in the question is a Social Engineering Attack. This type of attack involves manipulating or deceiving people into divulging confidential information such as bank account details, credit card numbers, and other sensitive data. Social engineering attacks exploit human psychology rather than technical hacking techniques to gain access to systems, networks, or physical locations, or for financial gain. Attackers may use various tactics such as phishing, pretexting, baiting, or tailgating to trick individuals into providing the information they seek1.
Reference:
Understanding and Preventing Social Engineering Attacks - EC-Council1.
Certified Network Defender (CND) Course Outline - EC-Council2.
Certified Network Defender - EC-Council3.
質問 # 177
Which of the following ranges of addresses can be used in the first octet of a Class A network address?
- A. 192-223
- B. 128-191
- C. 0-127
- D. 224-255
正解:C
質問 # 178
Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?
- A. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol
- B. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
- C. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol
- D. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
正解:B
解説:
To check if SMB1 is enabled or disabled, the correct PowerShell command is Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol. This command queries the status of the SMB1Protocol feature in the running instance of Windows. If SMB1 is enabled, the command will return its status as 'Enabled', and if it is disabled, it will return 'Disabled'.
質問 # 179
Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile?
Each correct answer represents a complete solution. Choose all that apply.
- A. Benefit-Cost Analysis
- B. Disaster recovery
- C. Business Continuity Planning
- D. Cost-benefit analysis
正解:A、D
解説:
Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile. It is a term that refers both to:
helping to appraise, or assess, the case for a project, program, or policy proposal; an approach to making economic decisions of any kind. Under both definitions, the process involves, whether explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. The formal process is often referred to as either CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).
Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.
Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.
質問 # 180
Which of the following IEEE standards is an example of a DQDB access method?
- A. 802.5
- B. 802.4
- C. 802.6
- D. 802.3
正解:C
質問 # 181
An IT company has just been hit with a severe external security breach. To enhance the company's security posture, the network admin has decided to first block all the services and then individually enable only the necessary services. What is such an Internet access policy called?
- A. Prudent Policy
- B. Permissive Policy
- C. Paranoid Policy
- D. Promiscuous Policy
正解:C
解説:
The Paranoid Policy is a type of Internet access policy that is characterized by initially blocking all services and then selectively enabling only those that are necessary. This approach is often taken as a security measure following a severe external breach, as it allows the network administrator to ensure that only essential and secure services are accessible, minimizing potential vulnerabilities.
References: This information is consistent with best practices in network security management, which advocate for a 'deny all' approach as a starting point for securing a network. This strategy is also in line with the Certified Network Defender (CND) course's teachings on enhancing a company's security posture through stringent access controls.
質問 # 182
Which of the Windows security component is responsible for controlling access of a user to Windows resources?
- A. Local Security Authority Subsystem (LSASS)
- B. Network Logon Service (Netlogon)
- C. Security Accounts Manager (SAM)
- D. Security Reference Monitor (SRM)
正解:D
解説:
The Security Reference Monitor (SRM) is the core component in Windows operating systems responsible for controlling access to resources. It enforces security policies and checks whether a user's request to access a resource is allowed by the system's security policy. SRM operates in the kernel mode and ensures that access rights and permissions are properly enforced, making it a critical part of the Windows security architecture for resource access control.
質問 # 183
Which of the following routing metrics refers to the time required to transfer the package to the source via the Internet?
- A. charge
- B. routing delay
- C. length of the trail
- D. bandwidth
- E. None
正解:B
質問 # 184
Token Ring is standardized by which of the following IEEE standards?
- A. 802.2
- B. 802.4
- C. 802.1
- D. 802.3
正解:B
質問 # 185
Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level. Which of the following is the correct order in the risk management phase?
- A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
- B. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification
- C. Risk Identification. Risk Assessment. Risk Monitoring & Review, Risk Treatment
- D. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment
正解:A
解説:
The correct order in the risk management phase starts with Risk Identification, where potential business risks are determined. This is followed by Risk Assessment, which involves analyzing and prioritizing the identified risks. Next is Risk Treatment, where plans are made to mitigate the risks. Finally, Risk Monitoring & Review is conducted to oversee the risk management process and make necessary adjustments. This sequence ensures a structured and effective approach to managing risks within an organization. Reference: The sequence aligns with the widely recognized ISO 31000 risk management standard, which outlines these core steps in managing risks123.
質問 # 186
Which of the following is a process of transformation where the old system can no longer be maintained?
- A. Threat
- B. Risk
- C. Disaster
- D. Crisis
正解:D
質問 # 187
The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident.
Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)
- A. Install antivirus software
- B. Implementing strong authentication schemes
- C. Complying with the company's security policies
- D. Implementing a strong password policy
正解:A、B、C、D
解説:
The countermeasures to deal with future malware incidents involve a multi-layered approach that includes:
* Complying with the company's security policies: Ensuring that all security policies are followed can prevent malware incidents by maintaining a secure network environment.
* Implementing strong authentication schemes: Strong authentication can prevent unauthorized access, reducing the risk of malware being introduced by attackers.
* Implementing a strong password policy: Robust password policies can deter attackers by making it more difficult to gain access through brute force or other password-related attacks.
* Install antivirus software: Antivirus software is essential for detecting, preventing, and removing malware from the network.
These measures align with the Certified Network Defender (CND) program's emphasis on a defense-in-depth strategy, which includes protecting endpoints, data, and networks, as well as continuous threat monitoring and response123.
References:
* Certified Network Defender (CND) course material and study guide.
* EC-Council's official Certified Network Defender (CND) resources123.
質問 # 188
Which of the following is a network layer protocol used to obtain an IP address for a given hardware (MAC)
address?
- A. IP
- B. RARP
- C. PIM
- D. ARP
正解:B
解説:
Reverse Address Resolution Protocol (RARP) is a Network layer protocol used to obtain an IP address for a
given hardware (MAC) address. RARP is sort of the reverse of an ARP. Common protocols that use RARP are
BOOTP and DHCP.
Answer option D is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the
TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC)
addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC
address and its corresponding IP address. ARP provides the protocol rules for making this correlation and
providing address conversion in both directions. ARP is limited to physical network systems that support
broadcast packets.
Answer option B is incorrect. Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for
Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN,
WAN, or the Internet. It is termed protocol-independent because PIM does not include its own topology
discovery mechanism, but instead uses routing information supplied by other traditional routing protocols, such
as Border Gateway Protocol (BGP).
Answer option A is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a
packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.
IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering
distinguished protocol datagrams (packets) from the source host to the destination host solely based on their
addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram
encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4
(IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6),
is being deployed actively worldwide.
質問 # 189
......
EC-Council Certified Network Defender(CND)は、サイバー脅威からコンピューターネットワークを保護および防御するために必要なスキルと知識を評価および検証する専門的な認定試験です。この認定は、ネットワークセキュリティのキャリアを追求したい個人向けに設計されており、サイバー攻撃を検出および防止し、ネットワークインフラストラクチャを保護し、セキュリティインシデントに対応するために必要なスキルを装備することを目指しています。
EC-Council Certified Network Defender(CND)認定は、組織のネットワークインフラストラクチャを保護し、セキュリティを確保する責任があるITプロフェッショナルに特に関連しています。これには、ネットワーク管理者、セキュリティアナリスト、およびネットワークセキュリティの管理と維持に関与する他のITスタッフが含まれます。 CND認定試験は、ネットワークセキュリティプロトコル、ネットワークトポロジ、ネットワーク防御戦略など、広範囲なトピックをカバーしています。 CND試験に合格した候補者は、サイバー攻撃に対して積極的に防御し、組織の重要資産を保護するために必要な知識とスキルを身につけます。
312-38問題集と練習テスト(359試験問題):https://www.goshiken.com/EC-COUNCIL/312-38-mondaishu.html
ガイド(2025年最新)実際のEC-COUNCIL 312-38試験問題:https://drive.google.com/open?id=1dwEYyOqCd-KYKOj6443Bi0IC7XEpsj19