Eccouncil 112-51 NDE Exam Practice Test Instant Access

Question 1

Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah's computer without her knowledge. This download might be due to the free Internet access and the absence of network defense solutions.

Identify the Internet access policy demonstrated in the above scenario.

APermissive policy

BPromiscuous policy

CParanoid policy

DPrudent policy

Answer : A

A permissive policy is a type of Internet access policy that allows users to access the Internet from any device and any location, without any restrictions or security measures. A permissive policy provides convenience and flexibility for the users, but also exposes them to various risks, such as malware infection, data leakage, or cyberattacks. In the scenario, Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet, and accidentally downloaded a malicious file onto her computer. This indicates that the organization had a permissive policy for Internet access12. Reference: Network Defense Essentials - EC-Council Learning, Internet Access Policy: Definition and Best Practices

Question 2

Daniel, a networking specialist, identifies a glitch in a networking tool and fixes it on a priority using a system. Daniel was authorized to make a copy of computers programs while maintaining or repairing the system.

Which of the following acts was demonstrated in the above scenario?

ASarbanes-Oxley Act (SOX)

BThe Digital Millennium Copyright Act (DMCA)

CData Protection Act 2018 (DPA)

DGramm-Leach-Bliley Act (GLBA)

Answer : B

The DMCA is a US law that aims to protect the rights of digital content creators and owners. It prohibits the unauthorized copying, distribution, modification, or circumvention of digital content, such as software, music, movies, etc. The DMCA also provides exceptions for certain purposes, such as fair use, research, education, or maintenance and repair of systems. In the scenario, Daniel was authorized to make a copy of computer programs while maintaining or repairing the system, which falls under the DMCA exception for system maintenance and repair12. Reference: Network Defense Essentials - EC-Council Learning, Network Defense Essentials (NDE) | Coursera

Question 3

Carol is a new employee at ApTech Sol Inc., and she has been allocated a laptop to fulfill his job activities.

Carol tried to install certain applications on the company's laptop but could not complete the installation as she requires administrator privileges to initiate the installation process. The administrator imposed an access policy on the company's laptop that only users with administrator privileges have installation rights.

Identify the access control model demonstrated in the above scenario.

ARule-based access control {RB-RBAC)

BMandatory access control {MAC)

CRole-based access control (RBAC)

DDiscretionary access control (DAC)

Answer : C

Role-based access control (RBAC) is a model that assigns permissions and privileges to users based on their roles in an organization. In RBAC, the administrator defines the roles and the access rights for each role, and then assigns users to those roles. This way, the administrator can control the access of users to the resources without having to manage each user individually. In the scenario, Carol is assigned a role that does not have the installation rights, while the administrator has a role that does. Therefore, the access control model demonstrated in the scenario is RBAC. Reference: Network Defense Essentials - EC-Council Learning, Network Defense Essentials (NDE) | Coursera, EC-Council Network Defense Essentials | NDE Certification

Question 4

Stephen, a security specialist, was instructed to identify emerging threats on the organization's network. In

this process, he employed a computer system on the Internet intended to attract and trap those who

attempt unauthorized host system utilization to penetrate the organization's network.

Identify the type of security solution employed by Stephen in the above scenario.

AFirewall

BHoneypot

CIDS

DProxy server

Answer : B

Question 5

Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this, Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose.

Identify the IA principle employed by Bob in the above scenario.

AAuthentication

BConfidentiality

CIntegrity

DAvailability

Answer : D

Question 6

Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora's account, the application sent an OTP to Kevin's mobile for confirmation.

Which of the following authentication mechanisms is employed by the banking application in the above scenario?

ABiometric authentication

BSmart card authentication

CSingle sign-on (SSO) authentication

DTwo-factor authentication

Answer : D

Two-factor authentication (2FA) is a type of authentication that requires users to provide two or more forms of verification to access an online account. 2FA is a multi-layered security measure designed to prevent hackers from accessing user accounts using stolen or shared credentials. 2FA typically combines something the user knows (such as a password or PIN), something the user has (such as a phone or a token), and/or something the user is (such as a fingerprint or a face scan). In the above scenario, the banking application employs 2FA by asking Kevin to enter his registered credentials (something he knows) and an OTP sent to his mobile (something he has) before transferring the amount to Flora's account. Reference:

Improve Your Cybersecurity with Password MFA - Defense.com

What Is Two-Factor Authentication (2FA)? | Microsoft Security

Selecting Secure Multi-factor Authentication Solutions

Question 7

Joseph, a security professional, was instructed to secure the organization's network. In this process, he began analyzing packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.

Identify the attack signature analysis technique performed by Joseph in the above scenario.

AComposite-signature-based analysis

BContext-based signature analysis

CContent-based signature analysis

DAtomic-signature-based analysis

Answer : D

Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission. Reference:

[Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring

Network Defense Essentials (NDE) | Coursera - Week 12: Network Traffic Monitoring

[Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?

Eccouncil 112-51 Network Defense Essentials Exam NDE Exam Practice Test