Eccouncil Network Defense Essentials Exam 112-51 NDE Exam Practice Test

Answer : B

The object of the container network model (CNM) that contains the configuration files of a container's network stack, such as routing table, container's interfaces, and DNS settings, is the Sandbox. A Sandbox is a logical entity that encapsulates the network configuration and state of a container. A Sandbox can contain one or more endpoints from different networks, and provides isolation and security for the container's network stack. A Sandbox can be implemented using various technologies, such as Linux network namespaces, FreeBSD jails, or Windows compartments. A Sandbox allows the container to have its own view and control of the network resources, such as interfaces, addresses, routes, and DNS settings123. Reference:

The Container Networking Model | Training, Training, 2020

A Comprehensive Guide To Docker Networking - KnowledgeHut, KnowledgeHut, September 27, 2023

Design - GitHub: Let's build from here, GitHub, 2020

Answer : B

Onsite data backup is the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it susceptible to theft or natural disasters. Onsite data backup means storing the backup data on a local storage device, such as an external hard drive, a USB flash drive, a CD/DVD, or a tape drive, that is physically located in the same premises as the original data source. Onsite data backup has some advantages, such as fast backup and restore speed, easy access, and low cost. However, it also has some disadvantages, such as requiring manual intervention, occupying physical space, and being vulnerable to damage, loss, or theft. If a disaster, such as a fire, flood, earthquake, or power outage, occurs in the organization, both the original data and the backup data may be destroyed or inaccessible. Therefore, onsite data backup is not a reliable or secure way to protect the data from unforeseen events. Reference:

Should I Use an External Hard Drive for Backup in 2024?, Cloudwards, February 8, 2024

How to Back Up a Computer to an External Hard Drive, Lifewire, April 1, 2022

Best Way to Backup Multiple Computers to One External Drive, AOMEI, December 29, 2020

Answer : D

Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission. Reference:

[Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring

Network Defense Essentials (NDE) | Coursera - Week 12: Network Traffic Monitoring

[Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?

Answer : D

Port 48101 is the port number used by the malware to spread the infection to other loT devices. This port is associated with the Mirai botnet, which is one of the most notorious loT malware that targets vulnerable loT devices and turns them into a network of bots that can launch distributed denial-of-service (DDoS) attacks. Mirai scans the internet for loT devices that use default or weak credentials and infects them by logging in via Telnet or SSH. Once infected, the device connects to a command and control (C&C) server on port 48101 and waits for instructions. The C&C server can then direct the botnet to attack a target by sending TCP, UDP, or HTTP requests. Mirai has been responsible for some of the largest DDoS attacks in history, such as the one that disrupted Dyn DNS in 2016 and affected major websites like Twitter, Netflix, and Reddit. Reference:

Mirai (malware), Wikipedia, March 16, 2021

Mirai Botnet: A History of the Largest loT Botnet Attacks, Imperva, December 10, 2020

Mirai Botnet: How loT Devices Almost Brought Down the Internet, Cloudflare, March 17, 2021

Answer : C

SHA-3 is the algorithm that uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes. SHA-3 is a family of cryptographic hash functions that was standardized by NIST in 2015 as a successor to SHA-2. SHA-3 is based on the Keccak algorithm, which won the NIST hash function competition in 2012. SHA-3 uses a sponge construction, which is a simple iterated construction that can produce variable-length output from a fixed-length permutation. The sponge construction operates on a state of b bits, which is divided into two sections: the bitrate r and the capacity c. The sponge construction has two phases: the absorbing phase and the squeezing phase. In the absorbing phase, the input message is padded and divided into blocks of r bits. Each block is XORed into the first r bits of the state, and then the state is transformed by the permutation function f. This process continues until all the input blocks are processed. In the squeezing phase, the output is generated by repeatedly applying the permutation function f to the state and extracting the first r bits as output blocks. The output can be truncated to the desired length. SHA-3 uses a permutation function f that is based on a round function that consists of five steps: theta, rho, pi, chi, and iota. These steps perform bitwise operations, rotations, permutations, and additions on the state. The permutation function f is invertible, meaning that it can be reversed to obtain the previous state. SHA-3 has four variants with different output lengths: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 also supports two additional modes: SHAKE128 and SHAKE256, which are extendable-output functions that can produce arbitrary-length output. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-23 to 3-25

SHA-3 - Wikipedia, Wikipedia, March 16, 2021

The sponge and duplex constructions - Keccak Team, Keccak Team, 2020

Answer : C

The loT communication model that serves as an analyzer for a company to track monthly or yearly energy consumption is the device-to-cloud model. The device-to-cloud model is a loT communication model where the loT devices, such as smart meters, sensors, or thermostats, send data directly to the cloud platform, such as AWS, Azure, or Google Cloud, over the internet. The cloud platform then processes, analyzes, and stores the data, and provides feedback, control, or visualization to the users or applications. The device-to-cloud model enables the company to monitor and optimize the energy consumption of the loT devices in real time, and to leverage the cloud services, such as machine learning, big data analytics, or artificial intelligence, to perform advanced energy management and demand response. The device-to-cloud model also reduces the complexity and cost of the loT infrastructure, as it does not require intermediate gateways or servers to connect the loT devices to the cloud123. Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-38 to 3-39

loT Communication Models: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End Data-Sharing, DZone, July 9, 2018

loT Communication Models: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End Data-Sharing, Medium, March 26, 2019

Answer : A