312-38 Exam Dumps – Reliable Way to Pass and Get Certified

1. Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server.

How will you prioritize these two incidents?

2. Assume that you are working as a network defender at the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server.

How will you prioritize these two incidents?

3. Which among the following is used to limit the number of cmdlets or administrative privileges of administrator, user, or service accounts?

4. Arman transferred some money to his friend’s account using a net banking service. After a few hours, his friend informed him that he hadn’t received the money yet. Arman logged on to the bank’s website to investigate and discovered that the amount had been transferred to an unknown account instead. The bank, upon receiving Arman’s complaint, discovered that someone had established a station between Arman’s and the bank server’s communication system. The station intercepted the communication and inserted another account number replacing his friend’s account number.

What is such an attack called?

5. An IDS or IDPS can be deployed in two modes.

Which deployment mode allows the IDS to both detect and stop malicious traffic?

6. Henry, head of network security at Gentech, has discovered a general report template that someone has reserved only for the CEO.

Since the file has to be editable, viewable, and deletable by everyone, what permission value should he set?

7. The mechanism works on the basis of a client-server model.

8. Which of the following data security technology can ensure information protection by obscuring specific areas of information?

9. Which of the following network monitoring techniques requires extra monitoring software or hardware?

10. Which of the following commands can be used to disable unwanted services on Debian, Ubuntu and other Debian-based Linux distributions?

11. David, a network and system admin, encrypted all the files in a Windows system that supports NTFS file system using Encrypted File Systems (EFS). He then backed up the same files into another Windows

system that supports FAT file system. Later, he found that the backup files were not encrypted.

What could be the reason for this?

12. Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities.

What type of network security approach is Daniel adopting?

13. Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?

14. The SOC manager is reviewing logs in AlienVault USM to investigate an intrusion on the network.

Which CND approach is being used?

15. Choose the correct order of steps to analyze the attack surface.

16. Identify the attack signature analysis technique carried out when attack signatures are contained in packet headers.

17. According to standard loT security practice, loT Gateway should be connected to a -------------

18. What is composite signature-based analysis?

19. Which among the following control and manage the communication between VNF with computing, storage, and network resources along with virtualization?

20. Which of the following is an example of MAC model?

21. Which filter to locate unusual ICMP request an Analyst can use in order to detect a ICMP probes from the attacker to a target OS looking for the response to perform ICMP fingerprinting?

22. Ryan, a network security engineer, after a recent attack, is trying to get information about the kind of attack his users were facing. He has decided to put into production one honeypot called Kojoney. He is interested in emulating the network vulnerability, rather than the real vulnerability system, making this probe safer and more flexible.

Which type of honeypot is he trying to implement?

23. In what type of IoT communication model do devices interact with each other through the internet, primarily using protocols such as ZigBee, Z-Wave, or Bluetooth?

24. An insider in Hexagon, a leading IT company in USA, was testing a packet crafting tool. This tool generated a lot of malformed TCP/IP packets which crashed the main server’s operating system leading to restricting the employees’ accesses.

Which attack did the insider use in the above situation?

25. Who oversees all the incident response activities in an organization and is responsible for all actions of the IR team and IR function?

26. Which IEEE standard does wireless network use?

27. Byron, a new network administrator at FBI, would like to ensure that Windows PCs there are up-to-date and have less internal security flaws.

What can he do?

28. An attacker has access to password hashes of a Windows 7 computer.

Which of the following attacks can the attacker use to reveal the passwords?

29. Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures.

What is Stephanie working on?

30. Which antenna's characteristic refer to the calculation of radiated in a particular direction. It is generally the ratio of radiation intensity in a given direction to the average radiation intensity?

31. Which type of attack is used to hack an IoT device and direct large amounts of network traffic toward a web server, resulting in overloading the server with connections and preventing any new connections?

32. Michael decides to view the-----------------to track employee actions on the organization's network.

33. James was inspecting ARP packets in his organization's network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are originating.

Which type of attack is James analyzing?

34. Which of the following statement holds true in terms of containers?

35. Which of the following is true regarding any attack surface?

36. Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an ______for legal advice to defend them against this allegation.

37. Which of the following is a drawback of traditional perimeter security?

38. Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control measures for their files and folders.

Which access control did Ross implement?

39. You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile users working from laptops on Windows 8. Last week 10 of your company's laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information. While doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information.

What built-in Windows feature could you have implemented to protect the

sensitive information on these laptops?

40. Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:

41. Which of the following refers to the clues, artifacts, or evidence that indicate a potential intrusion or malicious activity in an organization's infrastructure?

42. Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and Hateful inspection?

43. Castle-and-Moat model

44. Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

45. Who is responsible for executing the policies and plans required for supporting the information technology and computer systems of an organization?

46. If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company’s Linux systems, which directory should he access?

47. Which type of risk treatment process Includes not allowing the use of laptops in an organization to ensure its security?

48. Which of the following Wireshark filters can a network administrator use to view the packets without any flags set in order to detect TCP Null Scan attempts?

49. During a security awareness program, management was explaining the various reasons which create threats to network security.

Which could be a possible threat to network security?

50. James is a network administrator working at a student loan company in Minnesota. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company schools, and lenders is carried out through emails. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, James wants to utilize email encryption. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt emails.

What should James use?

51. Rick has implemented several firewalls and IDS systems across his enterprise network.

What should he do to effectively correlate all incidents that pass through these security controls?

52. The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed.

What is/are the reason(s) Alex is suggesting that James use a differential backup?

(Select all that apply)

53. Who is an IR custodian?

54. The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank's business is very high.

How should this risk be categorized in the risk matrix?

55. Oliver is a Linux security administrator at an MNC. An employee named Alice has resigned from his organization and Oliver wants to disable this user in Ubuntu.

Which of the following commands can be used to accomplish this?

56. John has been working a* a network administrator at an IT company. He wants to prevent misuse of accounts by unauthorized users. He wants to ensure that no accounts have empty passwords.

Which of the following commands does John use to list all the accounts with an empty password?

A.





B.





C.





D.





A. Option A

B. Option B

C. Option C

D. Option D

57. Which among the following filter is used to detect a SYN/FIN attack?

58. Your company is planning to use an uninterruptible power supply (UPS) to avoid damage from power fluctuations. As a network administrator, you need to suggest an appropriate UPS solution suitable for specific resources or conditions.

Match the type of UPS with the use and advantage:

59. The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials.

Which of following physical security measures should the administrator use?

60. An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours.

What is the best option to do this job?

61. David is working in a mid-sized IT company. Management asks him to suggest a framework that can be used effectively to align the IT goals to the business goals of the company. David suggests the______framework, as it provides a set of controls over IT and consolidates them to form a framework.

62. An IT company has just been hit with a severe external security breach. To enhance the company’s security posture, the network admin has decided to first block all the services and then individually enable only the necessary services.

What is such an Internet access policy called?

63. Will is working as a Network Administrator. Management wants to maintain a backup of all the company data as soon as it starts operations. They decided to use a RAID backup storage technology for their data backup plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data written to one disk is copied automatically to the other disk as well. This maintains an additional copy of the data.

Which RAID level is used here?

64. You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network.

What will be your

first reaction as a first responder?

65. Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?

66. Which of the following can be used to suppress fire from Class K sources?

67. Which of the following entities is responsible for cloud security?

68. A local bank wants to protect their cardholder data.

Which standard should the bark comply with in order to ensure security of this data?

69. Identify the minimum number of drives required to setup RAID level 5.

70. You are tasked to perform black hat vulnerability assessment for a client. You received official written permission to work with: company site, forum, Linux server with LAMP, where this site is hosted.

Which vulnerability assessment tool should you consider using?

71. Which of the following types of information can be obtained through network sniffing? (Select all that apply)

72. To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?

73. Which of the Windows security component is responsible for controlling access of a user to Windows resources?

74. Frank is a network technician working for a medium-sized law firm in Memphis. Frank and two other IT employees take care of all the technical needs for the firm. The firm's partners have asked that a secure wireless network be implemented in the office so employees can move about freely without being tied to a network cable. While Frank and his colleagues are familiar with wired Ethernet technologies, 802.3, they are not familiar with how to setup wireless in a business environment.

What IEEE standard should Frank and the other IT employees follow to become familiar with wireless?

75. A popular e-commerce company has recently received a lot of complaints from its customers. Most of the complaints are about the customers being redirected to some other website when trying to access the e-com site, leading to all their systems being compromised and corrupted. Upon investigation, the network admin of the firm discovered that some adversary had manipulated the company’s IP address in the domain name server’s cache.

What is such an attack called?

76. Identify the network topology in which the network devices are connected such that every device has a point-to-point link to all the other devices.

77. Daniel who works as a network administrator has just deployed an in his organizations network. He wants to calculate the False Positive rate for his implementation.

Which of the following formulas will he use to calculate the False Positive rate?

78. How is a “risk” represented?

79. Which type of firewall consists of three interfaces and allows further subdivision of the systems based on specific security objectives of the organization?

80. Michelle is a network security administrator working at a multinational company. She wants to provide secure access to corporate data (documents, spreadsheets, email, schedules, presentations, and other enterprise data) on mobile devices across organizations networks without being slowed down and also wants to enable easy and secure sharing of information between devices within an enterprise.

Based on the above mentioned requirements, which among the following solution should Michelle implement?

81. Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle's company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide.

What type of solution would be best for Lyle?

82. Daniel works as a network administrator in an Information Security company. He has just deployed an IDS in his organization’s network and wants to calculate the false positive rate for his implementation.

Which of the following formulae can he use to so?

83. Which of the following network security controls can an administrator use to detect, deflect or study attempts to gain unauthorized access to information systems?

84. You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from certain region. You suspect a DoS incident on the network.

What will be your first reaction as a first responder?

85. John, a network administrator, is configuring Amazon EC2 cloud service for his organization. Identify the type of cloud service modules his organization adopted.

86. Syslog and SNMP are the two main _______ protocols through which log records are transferred.

87. Which encryption algorithm is used by WPA3 encryption?

88. A company wants to implement a data backup method that allows them to encrypt the data ensuring its security as well as access it at any time and from any location.

What is the appropriate backup method that should be implemented?

89. John is the Vice-President of a BPO. He wants to implement a policy allowing employees to use and manage devices purchased by the organization but restrict the use of the device for business use only.

Which among the following policies does John want to implement?

90. On which layer of the OSI model does the packet filtering firewalls work?

91. HexCom, a leading IT Company in the USA, realized that their employees were having trouble accessing multiple servers with different passwords. Due to this, the centralized server was also being

overburdened by avoidable network traffic.

To overcome the issue, what type of authentication can be given to the employees?

92. Which of the following is an example of Indicators of Attack?

93. The security network team is trying to implement a firewall capable of operating only in the session layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate

or not. Using the type of firewall, they could be able to intercept the communication, making the external network see that the firewall is the source, and facing the user, who responds from the outside is the firewall itself. They are just limiting a requirements previous listed, because they have already have a packet filtering firewall and they must add a cheap solution that meets the objective.

What kind of firewall would you recommend?

94. Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office.

What layer of the OSI model do IPsec tunnels function on?

95. Bryson is the IT manager and sole IT employee working for a federal agency in California. The agency was just given a grant and was able to hire on 30 more employees for a new extended project. Because of this, Bryson has hired on two more IT employees to train up and work. Both of his new hires are straight out of college and do not have any practical IT experience. Bryson has spent the last two weeks teaching the new employees the basics of computers, networking, troubleshooting techniques etc. To see how these two new hires are doing, he asks them at what layer of the OSI model do Network Interface Cards (NIC) work on.

What should the new employees answer?

96. Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22.

What will happen if any one of the main nodes fail?

97. Which of the following manages the Docker images, containers, networks, and storage volume and processes the request of Docker API?

98. Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need.

Which of the following factors will the administrator consider when

deciding on the appropriate backup medium?

99. Which of the following is a best practice for wireless network security?

100. John wants to implement a packet filtering firewall in his organization's network.

What TCP/IP layer does a packet filtering firewall work on?

101. Which of the following connects the SDN application layer and SDN controller and allows communication between the network services and business applications?

102. How can organizations obtain information about threats through human intelligence?

103. -----------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

104. Alex is administrating the firewall in the organization's network.

What command will he use to check the ports applications open?

105. How is an “attack” represented?

106. Which among the following tools can help in identifying IoEs to evaluate human attack surface?

107. Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

108. The Circuit-level gateway firewall technology functions at which of the following OSI layer?

109. The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident.

Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)