Eccouncil Certified Network Defender 312-38 CND Exam Questions

Answer : A

The server described in the question is known as aBastion host. A Bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. It is typically placed in a network's demilitarized zone (DMZ) and acts as a proxy server, offering limited services and filtering packets to protect the internal private network from the public network.It is hardened due to its exposure to potential attacks and usually hosts a single application, like a proxy server, while all other services are removed or limited to reduce the threat surface1.

Answer : C

In the context of Business Continuity/Disaster Recovery (BC/DR), the activity that includes actions taken toward resuming all services that are dependent on business-critical applications is referred to asResumption. This phase focuses on the steps necessary to bring critical functions back into operation after a disruption. Recovery, on the other hand, is more about the actions taken to return the business to normal operating conditions post-disaster, which may include repairs, restorations, and return to normalcy. Response is the immediate reaction to an incident, and Restoration is the process of rebuilding or restoring IT systems and operations.Reference: The information aligns with the objectives and documents of the EC-Council's Certified Network Defender (CND) program, which emphasizes understanding and implementing proper BC/DR activities.

Answer : B

The log entry%ASA-6-11008indicates that the message is of a severity level 6, which corresponds to an informational message. In the context of Cisco ASA Firewall logs, severity levels range from 0 (emergency) to 7 (debugging), with lower numbers indicating higher severity. A severity level of 6 is used for messages that provide information about normal but significant events. In this case, the log indicates that a user named 'enable_16' executed the 'configure term' command, which is a noteworthy event but does not indicate an error or critical condition.

Answer : A

In Wireshark, the filtericmp.type==8is used to detect ICMP Echo requests, which are commonly used in ping sweep attempts. A ping sweep is a network scanning technique used to determine which of a range of IP addresses map to live hosts. It involves sending ICMP Echo requests (type 8) to multiple hosts and listening for Echo replies (type 0). If an Echo reply is received, it indicates that the host is active. Therefore, the filtericmp.type==8can be applied to capture these ICMP Echo requests and detect a ping sweep attempt.

Answer : C

The correct commands to update the respective Linux distributions are as follows:

Red Hat: Uses theyumcommand or the newerdnfcommand for package management and updates.

Fedora: Originally usedyumbut now has transitioned todnfas the default package manager.

Debian: Utilizes theapt-getcommand for package management tasks, including updates.

The matching from the options provided would be:

1-v: Slackware based systems useAutoupdate.

2-iii: RPM-based systems, which include Fedora, useSwaret.

3-i: Debian based systems useapt-get.

4-iv: Red Hat based systems useup2date.

Answer : A

To ensure the integrity of the message and prevent it from being altered in transit, hashing can be used. Hashing is a process where a hash function converts data into a fixed-size string of characters, which is typically a hash code. When the message is sent, the hash code is generated and sent along with it. Upon receipt, the receiver can run the same hash function on the received message to generate a new hash code. If this new hash code matches the one sent with the message, it confirms that the message has not been altered. This method does not encrypt the message content but ensures that any changes to the message in transit can be detected.

Answer : A

Iris scanning is an authentication technique that involves mathematical pattern-recognition of the colored part of the eye, known as the iris. This method uses the unique patterns in the iris to identify and verify an individual's identity. The iris is a muscle within the eye that controls the size of the pupil and is visible from the exterior. It has a complex structure and contains many microscopic features that are unique to each individual, making it a reliable biometric for authentication purposes.