[PDF and VCE] Free CertBus EC-COUNCIL 312-38 VCE and PDF, Exam Materials Instant Download
Do not worry about your Certified Ethical Hacker 312-38 exam preparation? Hand over your problems to CertBus in change of the Certified Ethical Hacker 312-38 EC-Council Network Security Administrator certifications! CertBus provides the latest EC-COUNCIL Certified Ethical Hacker 312-38 exam preparation materials with PDF and VCEs. We CertBus guarantees you passing Certified Ethical Hacker 312-38 exam for sure.
We CertBus has our own expert team. They selected and published the latest 312-38 preparation materials from EC-COUNCIL Official Exam-Center: http://www.certgod.com/312-38.html
QUESTION NO:24
Which of the following cables is made of glass or plastic and transmits signals in the form of light?
A. Coaxial cable
B. Twisted pair cable
C. Plenum cable
D. Fiber optic cable
Answer: D
Explanation:
Fiber optic cable is also known as optical fiber. It is made of glass or plastic and transmits signals
in the form of light. It is of cylindrical shape and consists of three concentric sections: the core, the
cladding, and the jacket. Optical fiber carries much more information than conventional copper
wire and is in general not subject to electromagnetic interference and the need to retransmit
signals. Most telephone company\’s long-distance lines are now made of optical fiber.
Transmission over an optical fiber cable requires repeaters at distance intervals. The glass fiber
requires more protection within an outer cable than copper.
Answer option B is incorrect. Twisted pair cabling is a type of wiring in which two conductors (the
forward and return conductors of a single circuit) are twisted together for the purposes of canceling
out electromagnetic interference (EMI) from external sources. It consists of the following twisted
pair cables:
Shielded Twisted Pair: Shielded Twisted Pair (STP) is a special kind of copper telephone wiring
used in some business installations. An outer covering or shield is added to the ordinary twisted
pair telephone wires; the shield functions as a ground. Twisted pair is the ordinary copper wire that
connects home and many business computers to the telephone company. Shielded twisted pair is
often used in business installations. Unshielded Twisted Pair: Unshielded Twisted Pair (UTP) is
the ordinary wire used in home. UTP cable is also the most common cable used in computer
networking. Ethernet, the most common data networking standard, utilizes UTP cables. Twisted
pair cabling is often used in data networks for short and medium length connections because of its
relatively lower costs compared to optical fiber and coaxial cable.UTP is also finding increasing
use in video applications, primarily in security cameras. Many middle to high-end cameras include
a UTP output with setscrew terminals. This is made possible by the fact that UTP cable bandwidth
has improved to match the baseband of television signals.
Answer option A is incorrect. Coaxial cable is the kind of copper cable used by cable TV
companies between the community antenna and user homes and businesses. Coaxial cable is
sometimes used by telephone companies from their central office to the telephone poles near
users. It is also widely installed for use in business and corporation Ethernet and other types of
local area network. Coaxial cable is called “coaxial” because it includes one physical channel that
carries the signal surrounded (after a layer of insulation) by another concentric physical channel,
both running along the same axis. The outer channel serves as a ground. Many of these cables or
pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry
information for a great distance. It is shown in the figure below:
Answer option C is incorrect. Plenum cable is cable that is laid in the plenum spaces of buildings.
The plenum is the space that can facilitate air circulation for heating and air conditioning systems,
by providing pathways for either heated/conditioned or return airflows. Space between the
structural ceiling and the dropped ceiling or under a raised floor is typically considered plenum.
However, some drop ceiling designs create a tight seal that does not allow for airflow and
therefore may not be considered a plenum air-handling space. The plenum space is typically used
to house the communication cables for the building\’s computer and telephone network.
QUESTION NO:28
Which of the following is a standard protocol for interfacing external application software with an
information server, commonly a Web server?
A. DHCP
B. IP
C. CGI
D. TCP
Answer: C
Explanation:
The Common Gateway Interface (CGI) is a standard protocol for interfacing external application
software with an information server, commonly a Web server. The task of such an information
server is to respond to requests (in the case of web servers, requests from client web browsers)
by returning output. When a user requests the name of an entry, the server will retrieve the source
of that entry\’s page (if one exists), transform it into HTML, and send the result.
Answer option A is incorrect. DHCP is a Dynamic Host Configuration Protocol that allocates
unique (IP) addresses dynamically so that they can be used when no longer needed. A DHCP
server is set up in a DHCP environment with the appropriate configuration parameters for the
given network. The key parameters include the range or “pool” of available IP addresses, correct
subnet masks, gateway, and name server addresses.
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data
across a packet-switched inter-network using the Internet Protocol Suite, also referred to as
TCP/IP.IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the
task of delivering distinguished protocol datagrams (packets) from the source host to the
destination host solely based on their addresses. For this purpose, the Internet Protocol defines
addressing methods and structures for datagram encapsulation. The first major version of
addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant
protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being
deployed actively worldwide.
Answer option D is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-
oriented protocol operating at the transport layer of the OSI model. It provides a reliable packet
delivery service encapsulated within the Internet Protocol (IP). TCP guarantees the delivery of
packets, ensures proper sequencing of data, and provides a checksum feature that validates both
the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during
transmission, TCP is responsible for retransmitting the faulty packet. It can transmit large amounts
of data. Application layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer
files between clients and servers.
QUESTION NO:12
Which of the following is a process that detects a problem, determines its cause, minimizes the
damages, resolves the problem, and documents each step of response for future reference?
A. Incident response
B. Incident handling
C. Incident management
D. Incident planning
Answer: A
Explanation:
Incident response is a process that detects a problem, determines its cause, minimizes the
damages, resolves the problem, and documents each step of response for future reference. One
of the primary goals of incident response is to “freeze the scene”. There is a close relationship
between incident response, incident handling, and incident management. The primary goal of
incident handling is to contain and repair any damage caused by an event and to prevent any
further damage. Incident management manages the overall process of an incident by declaring the
incident and preparing documentation and post-mortem reviews after the incident has occurred.
Answer option B is incorrect. The primary goal of incident handling is to contain and repair any
damage caused by an event and to prevent any further damage.
Answer option C is incorrect. It manages the overall process of an incident by declaring the
incident and preparing documentation and post-mortem reviews after the incident has occurred.
QUESTION NO:16
Which of the following is a protocol that describes an approach to providing “streamlined” support
of OSI application services on top of TCP/IP-based networks for some constrained environments?
A. Network News Transfer Protocol
B. Lightweight Presentation Protocol
C. Internet Relay Chat Protocol
D. Dynamic Host Configuration Protocol
Answer: B
Explanation:
Lightweight Presentation Protocol (LPP) is a protocol that describes an approach to providing
“streamlined” support of OSI application services on top of TCP/IP-based networks for some
constrained environments. This protocol was initially derived from a requirement to run the ISO
Common Management Information Protocol (CMIP) in TCP/IP-based networks.
This protocol is designed for a particular class of OSI applications, namely those entities whose
application context includes only an Association Control Service Element (ACSE) and a Remote
Operations Service Element (ROSE).
Answer option D is incorrect. The Dynamic Host Configuration Protocol (DHCP) is a computer
networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other
configuration information. DHCP uses a client-server architecture. The client sends a broadcast
request for configuration information. The DHCP server receives the request and responds with
configuration information from its configuration database. In the absence of DHCP, all hosts on a
network must be manually configured individually – a time-consuming and often error-prone
undertaking. DHCP is popular with ISP\’s because it allows a host to obtain a temporary IP
address.
Answer option A is incorrect. Answer option C is incorrect. Internet Relay Chat (IRC) is a chat
service, which is a client-server protocol that supports real-time text chat between two or more
users over a TCPIP network.
QUESTION NO:14
Which of the following is an intrusion detection system that monitors and analyzes the internals of
a computing system rather than the network packets on its external interfaces?
A. IPS B.
HIDS C.
DMZ D.
NIDS
Answer: B
Explanation:
A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal
behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion
detection system that monitors and analyses the internals of a computing system rather than the
network packets on its external interfaces. A host-based Intrusion Detection System (HIDS)
monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at
the state of a system, its stored information, whether in RAM, in the file system, log files or
elsewhere; and checks that the contents of these appear as expected.
Answer option D is incorrect. A network intrusion detection system (NIDS) is an intrusion detection
system that tries to detect malicious activity such as denial of service attacks, port scans or even
attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming
packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect
incoming shell codes in the same manner that an ordinary intrusion detection systems does.
Answer option A is incorrect. IPS (Intrusion Prevention Systems), also known as Intrusion
Detection and Prevention Systems (IDPS), are network security appliances that monitor network
and/or system activities for malicious activity. The main functions of “intrusion prevention systems”
are to identify malicious activity, log information about said activity, attempt to block/stop activity,
and report activity. An IPS can take such actions as sending an alarm, dropping the malicious
packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS
can also correct CRC, unfragment packet streams, prevent TCP sequencing issues, and clean up
unwanted transport and network layer options.
Answer option C is incorrect. DMZ, or demilitarized zone, is a physical or logical subnetwork that
contains and exposes an organization\’s external services to a larger untrusted network, usually
the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes
referred to as a Perimeter Network. The purpose of a DMZ is to add an additional layer of security
to an organization\’s Local Area Network (LAN); an external attacker only has access to equipment
in the DMZ rather than any other part of the network.
QUESTION NO:17
You are an Administrator for a network at an investment bank. You are concerned about
individuals breeching your network and being able to steal data before you can detect their
presence and shut down their access. Which of the following is the best way to address this
issue?
A. Implement a strong password policy.
B. Implement a strong firewall.
C. Implement a honey pot.
D. Implement network based anti virus.
Answer: C
Explanation:
A honey pot is designed to attract intruders to a false server that has no real data (but may seem
to have valuable data). The specific stated purpose of a honey pot is as a backup plan in case an
intruder does gain access to your network.
Answer option B is incorrect. The firewall may help reduce the chance of an intruder gaining
access, but won\’t help protect you once they have gained access.
Which of the following is the practice of sending unwanted e-mail messages, frequently with
commercial content, in large quantities to an indiscriminate set of recipients? Each correct answer
represents a complete solution. Choose all that apply.
A. E-mail spam
B. Junk mail
C. Email spoofing
D. Email jamming
Answer: A,B
Explanation:
E-mail spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial
email (UCE), is the practice of sending unwanted e-mail messages, frequently with commercial
content, in large quantities to an indiscriminate set of recipients.
Answer option C is incorrect. Email spoofing is a fraudulent email activity in which the sender
address and other parts of the email header are altered to appear as though the email originated
from a different source. Email spoofing is a technique commonly used in spam and phishing
emails to hide the origin of the email message. By changing certain properties of the email, such
as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-
intentioned users can make the email appear to be from someone other than the actual sender.
The result is that, although the email appears to come from the address indicated in the From field
(found in the email headers), it actually comes from another source.
Answer option D is incorrect. Email jamming is the use of sensitive words in e-mails to jam the
authorities that listen in on them by providing a form of a red herring and an intentional annoyance.
In this attack, an attacker deliberately includes “sensitive” words and phrases in otherwise
innocuous emails to ensure that these are picked up by the monitoring systems. As a result the
senders of these emails will eventually be added to a “harmless” list and their emails will be no
longer intercepted, hence it will allow them to regain some privacy.
QUESTION NO:6
In which of the following conditions does the system enter ROM monitor mode? Each correct
answer represents a complete solution. Choose all that apply.
A. The router does not have a configuration file.
B. There is a need to set operating parameters.
C. The user interrupts the boot sequence.
D. The router does not find a valid operating system image.
Answer: C,D
Explanation:
The system enters ROM monitor mode if the router does not find a valid operating system image,
or if a user interrupts the boot sequence. From ROM monitor mode, a user can boot the device or
perform diagnostic tests.
Answer option A is incorrect. If the router does not have a configuration file, it will automatically
enter Setup mode when the user switches it on. Setup mode creates an initial configuration.
Answer option B is incorrect. Privileged EXEC is used for setting operating parameters.
QUESTION NO:21
Which of the following is a distributed multi-access network that helps in supporting integrated
communications using a dual bus and distributed queuing?
A. Logical Link Control
B. Token Ring network
C. Distributed-queue dual-bus
D. CSMA/CA
Answer: C
Explanation:
In telecommunication, a distributed-queue dual-bus network (DQDB) is a distributed multi-access
network that helps in supporting integrated communications using a dual bus and distributed
queuing, providing access to local or metropolitan area networks, and supporting connectionless
data transfer, connection-oriented data transfer, and isochronous communications, such as voice
communications. IEEE 802.6 is an example of a network providing DQDB access methods.
Answer option B is incorrect. A Token Ring network is a local area network (LAN) in which all
computers are connected in a ring or star topology and a bit- or token-passing scheme is used in
order to prevent the collision of data between two computers that want to send messages at the
same time. The Token Ring protocol is the second most widely-used protocol on local area
networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE
802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology
provides for data transfer rates of either 4 or 16 megabits per second.
Answer option A is incorrect. The IEEE 802.2 standard defines Logical Link Control (LLC). LLC is
the upper portion of the data link layer for local area networks.
Answer option D is incorrect. Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is an
access method used by wireless networks (IEEE 802.11). In this method, a device or computer
that transmits data needs to first listen to the channel for an amount of time to check for any
activity on the channel. If the channel is sensed as idle, the device is allowed to transmit data. If
the channel is busy, the device postpones its transmission. Once the channel is clear, the device
sends a signal telling all other devices not to transmit data, and then sends its packets. In Ethernet
(IEEE 802.3) networks that use CSMA/CD, the device or computer continues to wait for a time and
checks if the channel is still free. If the channel is free, the device transmits packets and waits for
an acknowledgment signal indicating that the packets were received.
QUESTION NO:11
John works as a professional Ethical Hacker. He has been assigned the project of testing the
security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The
description of the tool is as follows:
Which of the following tools is John using to crack the wireless encryption keys?
A. PsPasswd
B. Kismet
C. AirSnort
D. Cain
Answer: C
Explanation:
AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort
operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures
approximately 5 to 10 million packets to decrypt the WEP keys.
Answer option B is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion
detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode.
Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the
following tasks:
To identify networks by passively collecting packets
To detect standard named networks
To detect masked networks
To collect the presence of non-beaconing networks via data traffic
Answer option D is incorrect. Cain is a multipurpose tool that can be used to perform many tasks
such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This
password cracking program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer option A is incorrect. PsPasswd is a tool that helps Network Administrators change an
account password on the local or remote system. The command syntax of PsPasswd is as follows:
pspasswd [\\computer[,computer[,..] | @file [-u user [-p psswd]] Username [NewPassword]
QUESTION NO:26 CORRECT TEXT
Fill in the blank with the appropriate term. A network is a local area
network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-
passing scheme is used for preventing the collision of data between two computers that want to
send messages at the same time.
Answer: Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring
or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data
between two computers that want to send messages at the same time. The Token Ring protocol is
the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring
protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very
similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16
megabits per second.
Working:
Empty information frames are constantly circulated on the ring. When a computer has a message
to send, it adds a token to an empty frame and adds a message and a destination identifier to the
frame. The frame is then observed by each successive workstation. If the workstation sees that it
is the destination for the message, it copies the message from the frame and modifies the token
back to 0.When the frame gets back to the originator, it sees that the token has been modified to 0
and that the message has been copied and received. It removes the message from the particular
frame.The frame continues to circulate as an empty frame, ready to be taken by a workstation
when it has a message to send.
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 312-38 exam successfully with our EC-COUNCIL materials. CertBus EC-Council Network Security Administrator exam PDF and VCE are the latest and most accurate. We have the best EC-COUNCIL in our team to make sure CertBus EC-Council Network Security Administrator exam questions and answers are the most valid. CertBus exam EC-Council Network Security Administrator exam dumps will help you to be the EC-COUNCIL specialist, clear your 312-38 exam and get the final success.
312-38 EC-COUNCIL exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/312-38.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.