Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 112-51

EC-Council 112-51 Exam Questions
Network Defense Essentials (Page 4 )

Updated On: 15-Feb-2026
Page 3 of 16
PDF with 75 Questions

Alice was working on her major project; she saved all her confidential files and locked her laptop. Bob wanted to access Alice's laptop for his personal use but was unable to access the laptop due to biometric authentication.
Which of the following network defense approaches was employed by Alice on her laptop?

  1. Retrospective approach
  2. Preventive approach
  3. Reactive approach
  4. Proactive approach

Answer(s): B

Explanation:

The network defense approach that was employed by Alice on her laptop was the preventive approach. The preventive approach aims to stop or deter potential attacks before they happen by implementing security measures that reduce the attack surface and increase the difficulty of exploitation. Biometric authentication is an example of a preventive measure that uses a physical characteristic, such as a fingerprint, iris, or face, to verify the identity of the user and grant access to the device or system. Biometric authentication is more secure than traditional methods, such as passwords or PINs, because it is harder to forge, guess, or steal. By locking her laptop and using biometric authentication, Alice prevented Bob from accessing her laptop and her confidential files without her permission.


Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 1-7 to 1-8 What is Biometric Authentication?, Norton, July 29, 2020 An introduction to network defense basics, Enable Sysadmin, November 26, 2019



Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

  1. Reconnaissance signatures
  2. Unauthorized access signatures
  3. Denial-of-service (DoS) signatures
  4. Informational signatures

Answer(s): B

Explanation:

Unauthorized access signatures were identified by Kalley through the installed monitoring system. Unauthorized access signatures are designed to detect attempts to gain unauthorized access to a system or network by exploiting vulnerabilities, misconfigurations, or weak credentials. Password cracking, sniffing, and brute-forcing are common techniques used by attackers to obtain or guess the passwords of legitimate users or administrators and gain access to their accounts or privileges. These techniques generate suspicious traffic patterns that can be detected by traffic monitoring systems, such as Snort, using signature-based detection. Signature-based detection is based on the premise that abnormal or malicious network traffic fits a distinct pattern, whereas normal or benign traffic does not. Therefore, by installing a traffic monitoring system and capturing and reporting suspicious traffic signatures, Kalley can identify and prevent unauthorized access attempts and protect the security of her organization's network.


Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-33 to 3-34 Detecting Suspicious Traffic via Signatures - Intrusion Detection with Snort, O'Reilly, 2003 Threat Signature Categories - Palo Alto Networks, Palo Alto Networks, 2020



Finch, a security auditor, was assigned the task of providing devices to all the employees to enable work from remote locations. Finch restricted the devices to work only for organization-related tasks, and not for personal use.
Which of the following mobile usage policies has Finch implemented in the above scenario?

  1. CYOD
  2. COBO
  3. COPE
  4. BYOD

Answer(s): B

Explanation:

Finch has implemented the COBO (Corporate-Owned, Business-Only) mobile usage policy in the above scenario. COBO is a policy where the organization provides mobile devices to the employees and restricts them to use the devices only for work-related purposes. The organization has full control over the devices and can enforce security measures, such as encryption, password protection, remote wipe, and application whitelisting or blacklisting. The employees are not allowed to use the devices for personal use, such as browsing the internet, making personal calls, or installing personal apps. COBO is a policy that aims to maximize security and minimize distractions and risks for the organization and the employees.


Reference:

Mobile usage policy in office - sample, cell phone policy in companies and organization, HR Help Board, 2020
Employee Cell Phone Policy Template, Workable, 2020
How Employers Enforce Cell Phone Policies in the Workplace, Indeed, 2022



In an organization, employees are restricted from using their own storage devices, and only the company's portable storage devices are allowed. As employees are carrying the company's portable device outside their premises, the data should be protected from unauthorized access.
Which of the following techniques can be used to protect the data in a portable storage device?

  1. Data retention
  2. Data encryption
  3. Data resilience
  4. Disk mirroring

Answer(s): B

Explanation:

Data encryption is the technique that can be used to protect the data in a portable storage device. Data encryption is the process of transforming data into an unreadable format using a secret key or algorithm. Only authorized parties who have the correct key or algorithm can decrypt and access the data. Data encryption provides security and privacy for the data stored on a portable storage device, such as a USB flash drive or an external hard drive, by preventing unauthorized access, modification, or disclosure. If the device is lost or stolen, the data will remain protected and inaccessible to the unauthorized user. Data encryption can be implemented using software or hardware solutions, such as BitLocker, VeraCrypt, or encrypted USB drives. Data encryption is one of the best practices for securely storing data on portable devices123.


Reference:

7 Ways to Secure Sensitive Data on a USB Flash Drive, UpGuard, August 17, 2022 How to Protect Data on Portable Drives, PCWorld, January 10, 2011 Securely Storing Data, Security.org, December 20, 2022



Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?

  1. MD5
  2. SHA-2
  3. SHA-3
  4. MD6

Answer(s): C

Explanation:

SHA-3 is the algorithm that uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes. SHA-3 is a family of cryptographic hash functions that was standardized by NIST in 2015 as a successor to SHA-2. SHA-3 is based on the Keccak algorithm, which won the NIST hash function competition in 2012. SHA-3 uses a sponge construction, which is a simple iterated construction that can produce variable-length output from a fixed-length permutation. The sponge construction operates on a state of b bits, which is divided into two sections: the bitrate r and the capacity c. The sponge construction has two phases: the absorbing phase and the squeezing phase. In the absorbing phase, the input message is padded and divided into blocks of r bits. Each block is XORed into the first r bits of the state, and then the state is transformed by the permutation function f. This process continues until all the input blocks are processed. In the squeezing phase, the output is generated by repeatedly applying the permutation function f to the state and extracting the first r bits as output blocks. The output can be truncated to the desired length. SHA-3 uses a permutation function f that is based on a round function that consists of five steps: theta, rho, pi, chi, and iota. These steps perform bitwise operations, rotations, permutations, and additions on the state. The permutation function f is invertible, meaning that it can be reversed to obtain the previous state. SHA-3 has four variants with different output lengths:
SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 also supports two additional modes:
SHAKE128 and SHAKE256, which are extendable-output functions that can produce arbitrary-length output.


Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-23 to 3-25 SHA-3 - Wikipedia, Wikipedia, March 16, 2021
The sponge and duplex constructions - Keccak Team, Keccak Team, 2020






Post your Comments and Discuss EC-Council 112-51 exam dumps with other Community members:

Join the 112-51 Discussion