Eccouncil 312-38 Certified Network Defender CND Exam Practice Test

Answer : A

The topology that the network designer will propose is known as a screened subnet. This topology involves the use of two or more firewalls to create a network segment referred to as a demilitarized zone (DMZ). The DMZ acts as a buffer zone between the public internet and the internal network. It contains the public-facing servers, such as the web portal mentioned, which is isolated from the internal network for added security. The screened subnet topology typically includes a firewall at the network's edge connected to the internet, another firewall separating the DMZ from the internal network, and the DMZ itself. This setup allows for strict control of traffic between the internet, the DMZ, and the internal network, providing an additional layer of security.

Answer : B

A CCTV camera that can be accessed on a smartphone from a remote location typically uses the Device-to-Cloud communication model. This model involves devices that connect directly to the cloud where data is stored and processed. Users can access this data through an application on their smartphones, allowing for remote monitoring and control.This setup is common for IP cameras that transmit data over the internet, enabling users to view live footage or recordings from anywhere with an internet connection123.

Answer : B

An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious actions or policy violations. The correct order of activities that an IDS follows to detect an intrusion starts withIntrusion Monitoring, where it observes the network traffic or system events. Following this,Intrusion Detectiontakes place, where the IDS analyzes the monitored data to identify potential security breaches. Once a potential intrusion is detected, theResponsemechanism is activated to address the intrusion, which may include alerts or automatic countermeasures. Finally,Preventionis applied to improve the system's defenses against future intrusions based on the detected patterns and responses.

Answer : C

In the context of Software-Defined Networking (SDN), the Northbound API is the interface that connects the SDN application layer to the SDN controller. It facilitates communication between the network services and business applications. The Northbound API allows applications to communicate their network requirements to the controller, which then translates these requirements into the network configurations necessary to provide the requested services.

Answer : A

The TCP header does not include the Source IP address. The TCP (Transmission Control Protocol) header consists of several fields that are used to manage the transmission of data packets over a network.The fields included in the TCP header are Source Port, Destination Port, Sequence Number, Acknowledgment Number, Header Length, Flags, Window Size, TCP Checksum, and Urgent Pointer123. The Source IP address is actually part of the IP (Internet Protocol) header, which is a different layer in the TCP/IP model. The IP header is responsible for delivering packets from the source host to the destination host based on the IP addresses in the packet headers.

Answer : C

In the context of network security, ICMP fingerprinting is a technique used to determine the operating system of a target machine by analyzing its responses to ICMP requests. The correct filter to detect unusual ICMP requests that could be indicative of ICMP probes from an attacker is option C. This filter looks for ICMP echo requests (type 8) that do not have a corresponding echo reply (code 0). Since the code for an echo request is 0, the filter(!(icmp.code==8))is used to exclude other ICMP messages with different codes.

Answer : A

Class K fires involve cooking oils and fats, which are highly combustible and can ignite quickly at high temperatures. To suppress a Class K fire, a specific type of extinguishing agent is required that can separate and absorb the heat elements of the fire -- the fuel, oxygen, and heat necessary to start a fire. Foam extinguishers are most suitable for Class K fires because they use a substance that turns oils into foam, effectively smothering the fire and preventing re-ignition. Water should not be used on Class K fires as it can cause the oil to splatter and spread the fire. Carbon dioxide and dry chemical extinguishers are also not recommended for Class K fires as they do not adequately remove the heat from the fire.