Eccouncil 312-38 Certified Network Defender CND Exam Practice Test

Answer : B

The IEEE 802.16 is a series of wireless broadband standards, also known as WirelessMAN, that are designed for Metropolitan Area Networks (MANs). This standard specifies the air interface, including the medium access control layer (MAC) and physical layer (PHY), of combined fixed and mobile point-to-multipoint broadband wireless access systems. It supports multiple services and enables the deployment of interoperable multivendor broadband wireless access products.

Answer : A, C, D

After completing the vulnerability scanning process and identifying serious vulnerabilities, Harry will proceed through several phases of vulnerability management to address and eradicate these vulnerabilities. The phases include:

Mitigation: This phase involves taking steps to reduce the impact of the detected vulnerabilities. Mitigation strategies may include applying patches, adjusting configurations, or implementing compensating controls to lower the risk associated with the vulnerabilities.

Verification: In this phase, Harry will verify that the vulnerabilities have been successfully mitigated or remediated. This typically involves re-scanning the network to ensure that the vulnerabilities are no longer present or that their risk has been sufficiently reduced.

Remediation: This is the phase where Harry will take action to fix the vulnerabilities. Remediation can involve patching software, closing unnecessary ports, changing passwords, or other actions that directly address the identified security issues.

These phases are part of a broader vulnerability management lifecycle, which also includes assessing vulnerabilities and reassessing the network after remediation efforts to ensure continuous protection.

Answer : B, C, D

Network sniffing is a process used to monitor and capture data packets as they travel across a network. Through network sniffing, various types of information can be obtained:

DNS traffic: Sniffing can capture the queries and responses exchanged between DNS servers and clients, revealing which domains are being requested by users on the network.

Telnet passwords: Since Telnet transmits data, including login credentials, in clear text, sniffing can easily capture these passwords as they traverse the network.

Syslog traffic: Syslog is a standard for message logging, and sniffing can intercept this traffic, providing insights into the events and statuses reported by network devices.

Programming errors, however, are typically not something that can be captured through network sniffing, as they are related to the code's logic rather than the data transmitted over the network.

Answer : B

In the context of Certified Network Defender (CND), an IDS sensor should be placed at a location where it can effectively monitor and inspect traffic to detect unauthorized attempts. Location 3, which is situated after the firewall but before the network backbone, is ideal for this purpose. At this location, the IDS can analyze traffic that has passed through the firewall, allowing it to focus on potentially harmful traffic that could affect the internal network. It provides visibility into both incoming and outgoing traffic, enabling comprehensive monitoring and detection of any unauthorized or malicious activity.

Answer : B

To check if SMB1 is enabled or disabled, the correct PowerShell command isGet-WindowsOptionalFeature -Online -FeatureName SMB1Protocol. This command queries the status of the SMB1Protocol feature in the running instance of Windows. If SMB1 is enabled, the command will return its status as 'Enabled', and if it is disabled, it will return 'Disabled'.

Answer : B

The correct Wireshark filter to detect a SYN/FIN DDoS attempt istcp.flags==0X029. This filter is designed to capture packets where both the SYN and FIN flags are set, which is an unusual combination and indicative of a SYN/FIN attack. In a typical three-way TCP handshake, the SYN and FIN flags are not set in the same TCP segment. A SYN flag is used to initiate a connection, and a FIN flag is used to politely close a connection. Therefore, seeing both flags set in the same packet suggests a possible SYN/FIN DDoS attack.

Answer : D

COBIT (Control Objectives for Information and Related Technologies) is a framework designed to help organizations develop, implement, monitor, and improve IT governance and management practices. It is recognized for its comprehensive approach to aligning IT goals with business objectives, ensuring that IT investments support the overall strategic direction of the company.COBIT provides a set of controls over IT and consolidates them into a framework that helps organizations ensure that their IT infrastructure is secure, reliable, and efficient, while also being aligned with their business goals12.

ISACA's ''Connecting Business and IT Goals Through COBIT 5'' article provides insights into how COBIT 5 connects business goals with IT goals using non-technical, business language1.

The Interface Technical Training blog post on ''Aligning IT goals using the COBIT5 Goals Cascade'' explains the process of translating stakeholder needs into enterprise goals, IT-related goals, and enabler goals, which is key to supporting alignment between an enterprise's needs and IT solutions and services2.