Eccouncil Network Defense Essentials Exam 112-51 NDE Exam Practice Test

Answer : D

Denial-of-service (DoS) is the category of suspicious traffic signature that George identified in the above scenario. DoS signatures are designed to detect attempts to disrupt or degrade the availability or performance of a system or network by overwhelming it with excessive or malformed traffic. SYN flood and ping of death are examples of DoS attacks that exploit the TCP/IP protocol to consume the resources or crash the target server. A SYN flood attack sends a large number of TCP SYN packets to the target server, without completing the three-way handshake, thus creating a backlog of half-open connections that exhaust the server's memory or bandwidth. A ping of death attack sends a malformed ICMP echo request packet that exceeds the maximum size allowed by the IP protocol, thus causing the target server to crash or reboot. DoS attacks can cause serious damage to the organization's reputation, productivity, and revenue, and should be detected and mitigated as soon as possible123. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-33 to 3-34

What is a denial-of-service attack?, Cloudflare, 2020

Denial-of-service attack - Wikipedia, Wikipedia, March 16, 2021

Answer : D

Role-based access control (RBAC) is a type of access control model that refers to assigning permissions to a user role based on the rules defined for each user role by the administrator. In RBAC, the administrator creates different roles and assigns them the appropriate access rights to the resources. The administrator then assigns users to those roles based on their job functions. This way, the administrator can manage the access of users to the resources without having to deal with each user individually. RBAC can simplify the administration, enhance the security, and improve the scalability of the access control system12. Reference: Network Defense Essentials - EC-Council Learning, Role-Based Access Control (RBAC) and Role-Based Security

Answer : A

A permissive policy is a type of Internet access policy that allows users to access the Internet from any device and any location, without any restrictions or security measures. A permissive policy provides convenience and flexibility for the users, but also exposes them to various risks, such as malware infection, data leakage, or cyberattacks. In the scenario, Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet, and accidentally downloaded a malicious file onto her computer. This indicates that the organization had a permissive policy for Internet access12. Reference: Network Defense Essentials - EC-Council Learning, Internet Access Policy: Definition and Best Practices

Answer : B

A device-to-cloud model is a type of IoT communication model that connects the IoT devices directly to the cloud platform, where the data is stored, processed, and analyzed. The device-to-cloud model enables remote access, real-time monitoring, and scalability of IoT applications. The device-to-cloud model requires the IoT devices to have internet connectivity and cloud compatibility. In the above scenario, John used a device-to-cloud model to monitor his grandfather's health condition, as he placed a smart wearable ECG on his grandfather's wrist that sent the data to the cloud platform, where John could access it from his mobile phone and receive alerts periodically. Reference:

Communication Models in IoT (Internet of Things) - Section: Device-to-Cloud Model

IoT Communication Models - IoTbyHVM - Section: Device to Cloud Communication Model

Logical Design of IoT | Communication Models | APIs | Functional Blocks - Section: Device-to-Cloud Communication Model

Answer : A

Explore

The correct order of wireless encryption modes in terms of security from high to low is 2 -> 1 -> 4 -> 3. This is based on the following comparison of the wireless encryption modes:

WPA3: WPA3 is the latest and most secure wireless encryption mode, introduced in 2018 as a successor to WPA2. WPA3 uses the AES encryption protocol and provides several security enhancements, such as stronger password protection, individualized encryption, forward secrecy, and protection against brute-force and dictionary attacks. WPA3 also supports two modes: WPA3-Personal and WPA3-Enterprise, which offer different levels of security for home and business networks. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) to replace the Pre-Shared Key (PSK) method and provide more robust password-based authentication. WPA3-Enterprise uses 192-bit cryptographic strength to provide additional protection for sensitive data and networks123.

WPA2 Enterprise with RADIUS: WPA2 Enterprise with RADIUS is a wireless encryption mode that combines the security features of WPA2 Enterprise and the authentication features of RADIUS. WPA2 Enterprise is a mode of WPA2 that uses the AES encryption protocol and provides stronger security than WPA2 Personal, which uses the PSK method. WPA2 Enterprise uses the 802.1X standard to implement Extensible Authentication Protocol (EAP) methods, such as EAP-TLS, EAP-TTLS, or PEAP, to authenticate users and devices before granting access to the network. RADIUS is a protocol that allows a central server to manage authentication, authorization, and accounting for network access. RADIUS can integrate with WPA2 Enterprise to provide centralized and scalable authentication for large and complex networks, such as corporate or campus networks .

WPA2 Enterprise: WPA2 Enterprise is a wireless encryption mode that uses the AES encryption protocol and provides stronger security than WPA2 Personal, which uses the PSK method. WPA2 Enterprise uses the 802.1X standard to implement Extensible Authentication Protocol (EAP) methods, such as EAP-TLS, EAP-TTLS, or PEAP, to authenticate users and devices before granting access to the network. WPA2 Enterprise is suitable for business or public networks that require individual and secure authentication for each user or device .

WPA2 PSK: WPA2 PSK is a wireless encryption mode that uses the AES encryption protocol and provides better security than WEP or WPA, which use the TKIP encryption protocol. WPA2 PSK uses the Pre-Shared Key (PSK) method, which means that all users and devices share the same password or passphrase to join the network. WPA2 PSK is easy to set up and use, but it has some security drawbacks, such as being vulnerable to brute-force and dictionary attacks, or having the password compromised by a rogue user or device. WPA2 PSK is suitable for home or small networks that do not require individual authentication or advanced security features .

Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? - How-To Geek, How-To Geek, March 12, 2023

WiFi Security: WEP, WPA, WPA2, WPA3 And Their Differences - NetSpot, NetSpot, February 8, 2024

What is WPA3? And some gotchas to watch out for in this Wi-Fi security upgrade - CSO Online, CSO Online, November 18, 2020

[Types of Wireless Security Encryption - GeeksforGeeks], GeeksforGeeks, 2020

[Wireless Security Protocols: WEP, WPA, and WPA2 - Lifewire], Lifewire, February 17, 2021

[WPA vs. WPA2 vs. WPA3: Wi-Fi Security Explained - MakeUseOf], MakeUseOf, January 13, 2021

Answer : C

WPA2 (Wi-Fi Protected Access 2) is an encryption technology that secures wireless networks using the IEEE 802.11i standard. WPA2 uses a four-way handshake to authenticate the client and the access point, and to generate a pairwise transient key (PTK) for encrypting the data. The PTK is derived from the password pairwise master key (PMK), which is a shared secret between the client and the access point. The PMK can be obtained either by using a pre-shared key (PSK) or by using an 802.1X authentication server. In the above scenario, George performed password cracking on WPA2, as he used sniffing tools to capture the PMK associated with the handshake authentication process. Then, using the PMK, he was able to derive the PTK and decrypt the data exchanged between the client and the access point. Reference:

WPA2 - Wikipedia

How WPA2-PSK encryption works? - Cryptography Stack Exchange

WPA2 Encryption and Configuration Guide - Cisco Meraki Documentation

Answer : A

The combination of authentication mechanisms that is implemented in the above scenario is biometric and password authentication. Biometric authentication is a type of authentication that uses an inherent factor, such as a retina scan, to verify the identity of the user. Password authentication is a type of authentication that uses a knowledge factor, such as a six-digit code, to verify the identity of the user. By combining biometric and password authentication, Finch has implemented a two-factor authentication (2FA) system that requires the user to provide two different types of authentication factors to gain access to the office. 2FA is a more secure way of authentication than using a single factor, as it reduces the risk of unauthorized access due to stolen or compromised credentials. Biometric and password authentication is a common 2FA method that is used in many applications, such as banking, e-commerce, or health care123. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-28 to 3-29

What is Biometric Authentication?, Norton, July 29, 2020

What is Two-Factor Authentication (2FA)?, Authy, 2020