CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-38

Free 312-38 Exam Braindumps (page: 8)

Page 8 of 155
PDF with 617 Questions

Which of the following honeypots provides an attacker access to the real operating system without any restriction and collects a vast amount of information about the attacker?

  1. High-interaction honeypot
  2. Medium-interaction honeypot
  3. Honeyd
  4. Low-interaction honeypot

Answer(s): A

Explanation:

A high-interaction honeypot offers a vast amount of information about attackers. It provides an attacker access to the real operating system without any restriction. A high-interaction honeypot is a powerful weapon that provides opportunities to discover new tools, to identify new vulnerabilities in the operating system, and to learn how blackhats communicate with one another.
Answer option D is incorrect. A low-interaction honeypot captures limited amounts of information that are mainly transactional data and some limited interactive information. Because of simple design and basic functionality, low-interaction honeypots are easy to install, deploy, maintain, and configure. A low-interaction honeypot detects unauthorized scans or unauthorized connection attempts. A low-interaction honeypot is like a one-way connection, as the honeypot provides services that are limited to listening ports. Its role is very passive and does not alter any traffic. It generates logs or alerts when incoming packets match their patterns.
Answer option B is incorrect. A medium-interaction honeypot offers richer interaction capabilities than a low- interaction honeypot, but does not provide any real underlying operating system target. Installing and configuring a medium-interaction honeypot takes more time than a low-interaction honeypot. It is also more complicated to deploy and maintain as compared to a low-interaction honeypot. A medium-interaction honeypot captures a greater amount of information but comes with greater risk. Answer option C is incorrect. Honeyd is an example of a low-interaction honeypot.



Which of the following representatives of the incident response team takes forensic backups of systems that are the focus of an incident?

  1. Technical representative
  2. Lead investigator
  3. Information security representative
  4. Legal representative

Answer(s): A

Explanation:

A technical representative creates forensic backups of systems that are the focus of an incident and provides valuable information about the configuration of the network and target system.
Answer option B is incorrect. A lead investigator acts as the manager of the computer security incident response team.
Answer option D is incorrect. The legal representative looks after legal issues and ensures that the investigation process does not break any law.
Answer option C is incorrect. The information security representative informs about the security safeguards that may affect their ability to respond to the incident.



Which of the following devices allows wireless communication devices to connect to a wireless network using Wi-Fi, Bluetooth, or related standards?

  1. Express card
  2. WAP
  3. WNIC
  4. Wireless repeater
  5. None

Answer(s): B

Explanation:

A wireless access point (WAP) is a device that allows wireless communication devices to connect to a wireless network using Wi-Fi, Bluetooth, or related standards. The WAP usually connects to a wired network, and it can transmit data between wireless devices and wired devices on the network. Each access point can serve multiple users within a defined network area. As people move beyond the range of one access point, they are automatically handed over to the next one. A small WLAN requires a single access point. The number of access points in a network depends on the number of network users and the physical size of the network.
Answer option C is incorrect. A wireless network interface card (WNIC) is a network card that connects to a radio-based computer network, unlike a regular network interface controller (NIC) that connects to a wire-based network such as token ring or ethernet. A WNIC, just like a NIC, works on the Layer 1 and Layer 2 of the OSI Model. A WNIC is an essential component for wireless desktop computer. This card uses an antenna to communicate through microwaves. A WNIC in a desktop computer is usually connected using the PCI bus.
Answer option A is incorrect. ExpressCard, a new standard introduced by PCMCIA, is a thinner, faster, and lighter modular expansion for desktops and laptops. Users can add memory, wired or wireless communication cards, and security devices by inserting these modules into their computers. ExpressCard slots are designed to accommodate modules that use either Universal Serial Bus (USB) 2.0 or the PCI Express standard.
ExpressCard modules are available in two sizes, i.e., 34 mm wide (ExpressCard/34) and 54 mm wide (ExpressCard/54). Both modules are 75 mm long and 5 mm high. An ExpressCard/34 module can be inserted in either a 54 mm slot or a 34 mm slot, but an ExpressCard/54 requires a Universal (54 mm) slot. However, an extender can be used with ExpressCard/34 slot to connect the ExpressCard/54 module from outside of the computer. Both the modules are identical in performance. They take full advantage of the features of the PCI Express or USB 2.0 interfaces. The only difference between them is that the ExpressCard/54 form-factor, due to its larger surface area, allows for greater thermal dissipation than does an ExpressCard/34. As the performance does not vary with module size, module developers usually prefer to fit their applications into the smaller ExpressCard/34 form factor. But some applications, such as SmartCard readers, and CompactFlash readers, require the extra width of an ExpressCard/54 module.
Answer option D is incorrect. A wireless repeater is a networking device that works as a repeater between a wireless router and computers. It is used to connect a client to the network when the client is out of the service area of the access point. If the wireless repeater is configured properly, it extends the range of the wireless LAN network.



Which of the following protocols uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets?

  1. PPTP
  2. ESP
  3. LWAPP
  4. SSTP

Answer(s): A

Explanation:

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. The PPTP specification does not describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. However, the most common PPTP implementation, shipping with the Microsoft Windows product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN products.
Answer option B is incorrect. Encapsulating Security Payload (ESP) is an IPSec protocol that provides confidentiality, in addition to authentication, integrity, and anti-replay. ESP can be used alone or in combination with Authentication Header (AH). It can also be nested with the Layer Two Tunneling Protocol (L2TP). ESP does not sign the entire packet unless it is being tunneled. Usually, only the data payload is protected, not the IP header.
Answer option D is incorrect. Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption, and traffic integrity checking. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers. SSTP servers must be authenticated during the SSL phase. SSTP clients can optionally be authenticated during the SSL phase, and must be authenticated in the PPP phase. The use of PPP allows support for common authentication methods, such as EAP-TLS and MS- CHAP. SSTP is available in Windows Server 2008, Windows Vista SP1, and later operating systems. It is fully integrated with the RRAS architecture in these operating systems, allowing its use with Winlogon or smart card authentication, remote access policies, and the Windows VPN client.
Answer option C is incorrect. LWAPP (Lightweight Access Point Protocol) is a protocol used to control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. This also allows network administrators to closely analyze the network.



Page 8 of 155



Post your Comments and Discuss EC-Council 312-38 exam with other Community members:

meep commented on September 22, 2024
meep meepmeep meepmeep meepmeep meepmeep meep
UNITED KINGDOM
upvote

Mohammed commented on August 13, 2024
I want to let you know that I passed this test yesterday. These questions are valid as of this week.
UNITED ARAB EMIRATES
upvote

Bryan commented on August 22, 2023
Big thanks to AllBrainDumps for providing such a great resource, helping me preparing to achieve my goal, saving lots of time!
TAIWAN PROVINCE OF CHINA
upvote