Eccouncil 312-38 Certified Network Defender CND Exam Practice Test

Page: 1 / 14
Total 363 questions
Question 1

Arman transferred some money to his friend's account using a net banking service. After a few hours, his friend informed him that he hadn't received the money yet. Arman logged on to the bank's website to investigate and discovered that the amount had been transferred to an unknown account instead. The bank, upon receiving Arman's complaint, discovered that someone had established a station between Arman's and the bank server's communication system. The station intercepted the communication and inserted another account number replacing his friend's account number. What is

such an attack called?



Answer : C

The scenario described is a classic example of a Man-in-the-Middle (MitM) attack. In this type of cyberattack, the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker has inserted themselves between the two parties, in this case, Arman and the bank's server, and has intercepted the communication to redirect the funds to a different account. This type of attack can occur in various forms, such as eavesdropping on or altering the communication over an insecure network service, but it is characterized by the attacker's ability to intercept and modify the data being exchanged without either legitimate party noticing.


Question 2

An IDS or IDPS can be deployed in two modes. Which deployment mode allows the IDS to both

detect and stop malicious traffic?



Answer : D

The deployment mode that allows an Intrusion Detection System (IDS) or Intrusion Detection and Prevention System (IDPS) to both detect and stop malicious traffic is known as inline mode. In this mode, the IDS/IDPS is placed directly in the network's traffic flow. All traffic must pass through the system, allowing it to inspect packets in real-time and take immediate action to block potential threats before they reach their destination. This contrasts with promiscuous or passive modes, where the system only monitors and alerts on traffic without the ability to intervene directly.


Question 3

Which of the following incident handling stage removes the root cause of the incident?



Answer : A

The eradication stage in incident handling is responsible for removing the root cause of the incident. This stage involves identifying and eliminating the threats that caused the incident, such as malware or unauthorized access. It also includes patching vulnerabilities and strengthening security controls to prevent similar incidents in the future. The goal of eradication is to ensure that the incident is completely resolved and cannot recur.


The information about the eradication phase aligns with best practices in incident response, as detailed in various cybersecurity resources12.

Question 4

Which antenna's characteristic refer to the calculation of radiated in a particular direction. It is generally the ratio of radiation intensity in a given direction to the average radiation intensity?



Answer : C

Directivity of an antenna refers to the measure of how concentrated the radiation emitted is in a single direction. It is defined as the ratio of the radiation intensity in a given direction from the antenna to the radiation intensity averaged over all directions. In simpler terms, it is the calculation of radiated power in a particular direction compared to the average radiated power in all directions. This characteristic is crucial for antennas designed to transmit or receive signals in a specific direction, making it an essential parameter for many communication systems.


Question 5

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from certain region. You suspect a DoS incident on the network.

What will be your first reaction as a first responder?



Answer : B

As a first responder to a suspected DoS incident, the initial step is to make an assessment of the situation. This involves analyzing the network traffic using tools like Wireshark to confirm the nature of the traffic and determine if it is indeed a DoS attack.The assessment will help in understanding the scope and impact of the incident and is crucial for deciding the subsequent steps in the response process123.


Question 6

Which filter to locate unusual ICMP request an Analyst can use in order to detect a ICMP probes

from the attacker to a target OS looking for the response to perform ICMP fingerprinting?



Answer : C

In the context of network security, ICMP fingerprinting is a technique used to determine the operating system of a target machine by analyzing its responses to ICMP requests. The correct filter to detect unusual ICMP requests that could be indicative of ICMP probes from an attacker is option C. This filter looks for ICMP echo requests (type 8) that do not have a corresponding echo reply (code 0). Since the code for an echo request is 0, the filter(!(icmp.code==8))is used to exclude other ICMP messages with different codes.


Question 7

Which of the following can be used to suppress fire from Class K sources?



Answer : A

Class K fires involve cooking oils and fats, which are highly combustible and can ignite quickly at high temperatures. To suppress a Class K fire, a specific type of extinguishing agent is required that can separate and absorb the heat elements of the fire -- the fuel, oxygen, and heat necessary to start a fire. Foam extinguishers are most suitable for Class K fires because they use a substance that turns oils into foam, effectively smothering the fire and preventing re-ignition. Water should not be used on Class K fires as it can cause the oil to splatter and spread the fire. Carbon dioxide and dry chemical extinguishers are also not recommended for Class K fires as they do not adequately remove the heat from the fire.


Page:    1 / 14   
Total 363 questions