Free Preparation Discussions
MENU
Eccouncil 312-38 Exam Questions
- Topic 1: Risk Anticipation with Risk Management/ Technical Network Security
- Topic 2: Threat Prediction with Cyber Threat Intelligence/ Network Attacks and Defense Strategies
- Topic 3: Business Continuity and Disaster Recovery/ Endpoint Security-Windows Systems
- Topic 4: Threat Assessment with Attack Surface Analysis/ Administrative Network Security
- Topic 5: Incident Response and Forensic Investigation/ Endpoint Security-IoT Devices
- Topic 6: Network Logs Monitoring and Analysis/ Network Perimeter Security
- Topic 7: Network Traffic Monitoring and Analysis/ Administrative Application Security
- Topic 8: Enterprise Wireless Network Security/ Endpoint Security- Mobile Devices
- Topic 9: Enterprise Cloud Network Security/ Endpoint Security-Linux Systems
- Topic 10: Enterprise Virtual Network Security/ Data Security
Free Eccouncil 312-38 Exam Actual Questions
Note: Premium Questions for 312-38 were last updated On Mar. 30, 2025 (see below)
Ryan works as a network security engineer at an organization the recently suffered an attack. As a countermeasure, Ryan would like to obtain more information about the attacker and chooses to deploy a honeypot into the organizations production environment called Kojoney. Using this honeypot, he would like to emulate the network vulnerability that was attacked previously. Which type of honeypot is he trying to implement?
A low-interaction honeypot, like Kojoney, is designed to emulate specific network vulnerabilities and gather information about attackers without providing a full-fledged operating environment. These honeypots are typically easier to deploy and maintain compared to high-interaction honeypots. They simulate certain services and responses to attract attackers, allowing the network security team to gather data on attack patterns, tools, and methodologies used by the attackers. This information is crucial for understanding the attack and improving defenses.
High-interaction honeypots: Provide a complete environment that can fully engage with attackers, offering more detailed insights but also posing higher risks.
Pure honeypots: Essentially full-scale, unmodified systems that an attacker interacts with.
Research honeypots: Used primarily for gathering information for research purposes, often involving high-interaction setups.
EC-Council Certified Network Defender (CND) Study Guide
Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?
MicroBurst is a collection of PowerShell scripts designed to help network administrators understand how attacks occur and to protect cloud environments, particularly Azure services. These scripts aid in detecting vulnerabilities, simulating attacks, and implementing defensive measures to secure the cloud infrastructure.
POSH-Sysmon: A set of PowerShell scripts for managing Sysmon configurations.
SecurityPolicyDsc: A module for managing security policies through Desired State Configuration (DSC).
Sysmon: A Windows system service and device driver that logs system activity to the Windows event log, not specifically focused on cloud protection.
EC-Council Certified Network Defender (CND) Study Guide
A network designer needs to submit a proposal for a company, which has just published a web
portal for its clients on the internet. Such a server needs to be isolated from the internal network,
placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with
three interfaces, one for the internet network, another for the DMZ server farm and another for the
internal network. What kind of topology will the designer propose?
The topology that the network designer will propose is known as a screened subnet. This topology involves the use of two or more firewalls to create a network segment referred to as a demilitarized zone (DMZ). The DMZ acts as a buffer zone between the public internet and the internal network. It contains the public-facing servers, such as the web portal mentioned, which is isolated from the internal network for added security. The screened subnet topology typically includes a firewall at the network's edge connected to the internet, another firewall separating the DMZ from the internal network, and the DMZ itself. This setup allows for strict control of traffic between the internet, the DMZ, and the internal network, providing an additional layer of security.
A popular e-commerce company has recently received a lot of complaints from its customers. Most
of the complaints are about the customers being redirected to some other website when trying to
access the e-com site, leading to all their systems being compromised and corrupted. Upon
investigation, the network admin of the firm discovered that some adversary had manipulated the
company's IP address in the domain name server's cache. What is such an attack called?
The attack described is known as DNS Poisoning, also referred to as DNS Spoofing. This type of attack occurs when an attacker manipulates the DNS server's cache, so that the server returns an incorrect IP address for a website. This results in users being redirected to malicious websites instead of the intended destination. The attacker's goal is typically to spread malware, steal personal information, or disrupt services. DNS Poisoning is a serious security threat because it can be used to compromise entire networks and is difficult to detect.
Arman transferred some money to his friend's account using a net banking service. After a few hours, his friend informed him that he hadn't received the money yet. Arman logged on to the bank's website to investigate and discovered that the amount had been transferred to an unknown account instead. The bank, upon receiving Arman's complaint, discovered that someone had established a station between Arman's and the bank server's communication system. The station intercepted the communication and inserted another account number replacing his friend's account number. What is
such an attack called?
The scenario described is a classic example of a Man-in-the-Middle (MitM) attack. In this type of cyberattack, the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker has inserted themselves between the two parties, in this case, Arman and the bank's server, and has intercepted the communication to redirect the funds to a different account. This type of attack can occur in various forms, such as eavesdropping on or altering the communication over an insecure network service, but it is characterized by the attacker's ability to intercept and modify the data being exchanged without either legitimate party noticing.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Fallon
13 days agoNieves
17 days agoAltha
27 days agoCristy
1 months agoCoral
2 months agoDwight
2 months agoZona
2 months agoNilsa
2 months agoMarg
3 months agoChi
3 months agoTammi
3 months agoCruz
3 months agoRolande
4 months agoAntione
4 months agoFelicidad
4 months agoDottie
4 months agoSharan
4 months agoSabra
4 months agoBreana
5 months agoAllene
5 months agoYan
5 months agoAdell
6 months agoWillow
6 months agoDudley
6 months agoMagnolia
6 months agoLilli
6 months agoDolores
7 months agoTheodora
8 months agoRoyal
8 months agoVirgina
9 months agoErick
9 months agoVanna
9 months agoCharlene
9 months ago