Eccouncil 112-51 Network Defense Essentials Exam NDE Exam Practice Test

Page: 1 / 14
Total 75 questions
Question 1

John is working as a security professional in FinCorp Ltd. He was instructed to deploy a security solution on their corporate network that provides real-time monitoring, correlation of events, threat detection, and security incident response activities.

Which of the following security solutions helps John in the above scenario?



Answer : A

SIEM stands for Security Information and Event Management. It is a security solution that collects, analyzes, and correlates data from various sources, such as logs, network devices, applications, and security tools. SIEM provides real-time monitoring, threat detection, and security incident response activities. SIEM can help security professionals identify and mitigate security risks, comply with regulations, and improve the overall security posture of the organization12. Reference: Network Defense Essentials - EC-Council Learning, What is SIEM? Security Information and Event Management Explained


Question 2

Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in which the detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.

Identify the type of IDS employed by Messy in the above scenario.



Answer : C

Anomaly-based IDS is a type of IDS that detects intrusions by comparing the observed network events with a baseline of normal behavior and identifying any deviation from it. Anomaly-based IDS can detect unknown or zero-day attacks that do not match any known signature, but they can also generate false positives due to legitimate changes in network behavior. Anomaly-based IDS can use various techniques to model the normal behavior, such as statistical analysis, machine learning, or artificial intelligence. Anomaly-based IDS is the type of IDS employed by Messy in the above scenario, as he deployed an IDS that depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it. Reference:

Anomaly-Based Intrusion Detection System - Chapter 2: Anomaly-Based Intrusion Detection System

Network Defense Essentials (NDE) | Coursera - Week 10: Intrusion Detection and Prevention Systems

A systematic literature review for network intrusion detection system (IDS) - Section 3.2: Anomaly-based IDS


Question 3

Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora's account, the application sent an OTP to Kevin's mobile for confirmation.

Which of the following authentication mechanisms is employed by the banking application in the above scenario?



Answer : D

Two-factor authentication (2FA) is a type of authentication that requires users to provide two or more forms of verification to access an online account. 2FA is a multi-layered security measure designed to prevent hackers from accessing user accounts using stolen or shared credentials. 2FA typically combines something the user knows (such as a password or PIN), something the user has (such as a phone or a token), and/or something the user is (such as a fingerprint or a face scan). In the above scenario, the banking application employs 2FA by asking Kevin to enter his registered credentials (something he knows) and an OTP sent to his mobile (something he has) before transferring the amount to Flora's account. Reference:

Improve Your Cybersecurity with Password MFA - Defense.com

What Is Two-Factor Authentication (2FA)? | Microsoft Security

Selecting Secure Multi-factor Authentication Solutions


Question 4

Joseph, a security professional, was instructed to secure the organization's network. In this process, he began analyzing packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.

Identify the attack signature analysis technique performed by Joseph in the above scenario.



Answer : D

Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission. Reference:

[Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring

Network Defense Essentials (NDE) | Coursera - Week 12: Network Traffic Monitoring

[Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?


Question 5

Steve was sharing his confidential file with John via an email that was digitally signed and encrypted. The digital signature was made using the "Diffie-Hellman (X9.42) with DSS" algorithm, and the email was encrypted using triple DES.

Which of the following protocols employs the above features to encrypt an email message?



Answer : A

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol that provides security services for email messages, such as encryption, digital signature, authentication, and integrity. S/MIME is based on the MIME standard, which defines the format and structure of email messages. S/MIME uses public-key cryptography to encrypt and decrypt the message content and to sign and verify the message sender. S/MIME supports various algorithms for encryption and digital signature, such as Diffie-Hellman, DSS, RSA, and triple DES. S/MIME is widely used for secure email communication in various applications and platforms, such as Outlook, Gmail, and Thunderbird. S/MIME is the protocol that employs the features mentioned in the question, namely Diffie-Hellman (X9.42) with DSS for digital signature and triple DES for encryption. Reference:

S/MIME - Week 7: Email Security

S/MIME - Wikipedia

S/MIME Version 3.2 Message Specification


Question 6

Jacob, an attacker, targeted container technology to destroy the reputation of an organization. To achieve this, he initially compromised a single container exploiting weak network defaults, overloaded the rest of the containers in the local domain, and restricted them from providing services to legitimate users.

Identify the type of attack initiated by Jacob in the above scenario.



Answer : A

The type of attack initiated by Jacob in the above scenario is a cross-container attack. A cross-container attack is a type of attack that targets container technology and exploits the shared resources and network connections between containers. A cross-container attack can compromise the security and availability of multiple containers and the underlying host by performing actions such as stealing data, executing commands, consuming resources, or spreading malware. A cross-container attack can be launched by an external attacker who gains access to a container through a network vulnerability, or by a malicious insider who runs a rogue container on the same host or cluster. A cross-container attack can be prevented or mitigated by implementing security best practices for container technology, such as isolating containers, limiting privileges, enforcing policies, scanning images, and monitoring network traffic123. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-37 to 3-38

6 Common Kubernetes and Container Attack Techniques and How to Prevent Them - Palo Alto Networks, Palo Alto Networks, March 2, 2022

The evolution of a matrix: How ATT&CK for Containers was built - Microsoft, Microsoft, July 21, 2021


Question 7

Mark, a network administrator in an organization, was assigned the task of preventing data from falling into the wrong hands. In this process, Mark implemented authentication techniques and performed full memory encryption for the data stored on RAM.

In which of the following states has Steve encrypted the data in the above scenario?



Answer : A

The state in which Mark encrypted the data in the above scenario is data in use. Data in use refers to data that is being processed or manipulated by an application or a system, such as data stored on RAM or CPU registers. Data in use is the most vulnerable state of data, as it is exposed to various threats, such as memory scraping, buffer overflow, or side-channel attacks, that can compromise the confidentiality, integrity, or availability of the data. Data in use encryption is a technique that protects the data while it is being processed by encrypting it in memory using hardware or software solutions. Data in use encryption prevents unauthorized access or modification of the data, even if the system is compromised or the memory is dumped. Data in use encryption is one of the three types of data encryption, along with data at rest encryption and data in transit encryption123. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-23 to 3-24

Encryption: Data at Rest, Data in Motion and Data in Use, Jatheon, 2020

Data in Use Encryption: What It Is and Why You Need It, Fortanix, 2020


Page:    1 / 14   
Total 75 questions