Eccouncil Network Defense Essentials Exam 112-51 NDE Exam Practice Test

Page: 1 / 14
Total 75 questions
Question 1
Question 2

Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspectable to theft or natural disasters.



Answer : B

Onsite data backup is the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it susceptible to theft or natural disasters. Onsite data backup means storing the backup data on a local storage device, such as an external hard drive, a USB flash drive, a CD/DVD, or a tape drive, that is physically located in the same premises as the original data source. Onsite data backup has some advantages, such as fast backup and restore speed, easy access, and low cost. However, it also has some disadvantages, such as requiring manual intervention, occupying physical space, and being vulnerable to damage, loss, or theft. If a disaster, such as a fire, flood, earthquake, or power outage, occurs in the organization, both the original data and the backup data may be destroyed or inaccessible. Therefore, onsite data backup is not a reliable or secure way to protect the data from unforeseen events. Reference:

Should I Use an External Hard Drive for Backup in 2024?, Cloudwards, February 8, 2024

How to Back Up a Computer to an External Hard Drive, Lifewire, April 1, 2022

Best Way to Backup Multiple Computers to One External Drive, AOMEI, December 29, 2020


Question 3

Joseph, a security professional, was instructed to secure the organization's network. In this process, he began analyzing packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.

Identify the attack signature analysis technique performed by Joseph in the above scenario.



Answer : D

Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission. Reference:

[Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring

Network Defense Essentials (NDE) | Coursera - Week 12: Network Traffic Monitoring

[Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?


Question 4

Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.



Answer : D

Port 48101 is the port number used by the malware to spread the infection to other loT devices. This port is associated with the Mirai botnet, which is one of the most notorious loT malware that targets vulnerable loT devices and turns them into a network of bots that can launch distributed denial-of-service (DDoS) attacks. Mirai scans the internet for loT devices that use default or weak credentials and infects them by logging in via Telnet or SSH. Once infected, the device connects to a command and control (C&C) server on port 48101 and waits for instructions. The C&C server can then direct the botnet to attack a target by sending TCP, UDP, or HTTP requests. Mirai has been responsible for some of the largest DDoS attacks in history, such as the one that disrupted Dyn DNS in 2016 and affected major websites like Twitter, Netflix, and Reddit. Reference:

Mirai (malware), Wikipedia, March 16, 2021

Mirai Botnet: A History of the Largest loT Botnet Attacks, Imperva, December 10, 2020

Mirai Botnet: How loT Devices Almost Brought Down the Internet, Cloudflare, March 17, 2021


Question 5

Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?



Answer : C

SHA-3 is the algorithm that uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes. SHA-3 is a family of cryptographic hash functions that was standardized by NIST in 2015 as a successor to SHA-2. SHA-3 is based on the Keccak algorithm, which won the NIST hash function competition in 2012. SHA-3 uses a sponge construction, which is a simple iterated construction that can produce variable-length output from a fixed-length permutation. The sponge construction operates on a state of b bits, which is divided into two sections: the bitrate r and the capacity c. The sponge construction has two phases: the absorbing phase and the squeezing phase. In the absorbing phase, the input message is padded and divided into blocks of r bits. Each block is XORed into the first r bits of the state, and then the state is transformed by the permutation function f. This process continues until all the input blocks are processed. In the squeezing phase, the output is generated by repeatedly applying the permutation function f to the state and extracting the first r bits as output blocks. The output can be truncated to the desired length. SHA-3 uses a permutation function f that is based on a round function that consists of five steps: theta, rho, pi, chi, and iota. These steps perform bitwise operations, rotations, permutations, and additions on the state. The permutation function f is invertible, meaning that it can be reversed to obtain the previous state. SHA-3 has four variants with different output lengths: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 also supports two additional modes: SHAKE128 and SHAKE256, which are extendable-output functions that can produce arbitrary-length output. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-23 to 3-25

SHA-3 - Wikipedia, Wikipedia, March 16, 2021

The sponge and duplex constructions - Keccak Team, Keccak Team, 2020


Question 6

Identify the loT communication model that serves as an analyzer for a company to track monthly or yearly energy consumption. Using this analysis, companies can reduce the expenditure on energy.



Question 7

James was recruited as security personnel in an organization and was instructed to secure the organization's infrastructure from physical threats. To achieve this, James installed CCTV systems near gates, reception, hallways, and workplaces to capture illicit activities inside the premises, identify activities that need attention, collect images as evidence, and aid in an alarm system.

Identify the type of physical security control implemented by James in the above scenario.



Answer : A


Page:    1 / 14   
Total 75 questions