Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-38

EC-Council 312-38 Exam Questions
Certified Network Defender (Page 3 )

Updated On: 21-Feb-2026
Page 3 of 125
PDF with 617 Questions

In which of the following conditions does the system enter ROM monitor mode? Each correct answer represents a complete solution. Choose all that apply.

  1. The router does not have a configuration file.
  2. There is a need to set operating parameters.
  3. The user interrupts the boot sequence.
  4. The router does not find a valid operating system image.

Answer(s): C,D

Explanation:

The system enters ROM monitor mode if the router does not find a valid operating system image, or if a user interrupts the boot sequence. From ROM monitor mode, a user can boot the device or perform diagnostic tests. Answer option A is incorrect. If the router does not have a configuration file, it will automatically enter Setup mode when the user switches it on. Setup mode creates an initial configuration.
Answer option B is incorrect. Privileged EXEC is used for setting operating parameters.



Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?

  1. IGMP
  2. ICMP
  3. EGP
  4. OSPF

Answer(s): C

Explanation:

EGP stands for Exterior Gateway Protocol. It is used for exchanging routing information between two gateways in a network of autonomous systems. This protocol depends upon periodic polling with proper acknowledgements to confirm that network connections are up and running, and to request for routing updates. Each router requests its neighbor at an interval of 120 to 480 seconds, for sending the routing table updates.

The neighbor host then responds by sending its routing table. EGP-2 is the latest version of EGP.
Answer option B is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet.

Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks.
Answer option D is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network.



Which of the following is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment?

  1. Sequence Number
  2. Header Length
  3. Acknowledgment Number
  4. Source Port Address

Answer(s): D

Explanation:

Source Port Address is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment.
Answer option C is incorrect. This is a 32-bit field that identifies the byte number that the sender of the segment is expecting to receive from the receiver.
Answer option B is incorrect. This is a 4-bit field that defines the 4-byte words in the TCP header. The header length can be between 20 and 60 bytes. Therefore, the value of this field can be between 5 and 15.
Answer option A is incorrect. This is a 32-bit field that identifies the number assigned to the first byte of data contained in the segment.



FILL BLANK
Fill in the blank with the appropriate term. ________________is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed.

  1. Network reconnaissance

Answer(s): A

Explanation:

Network reconnaissance is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed. Network reconnaissance is increasingly used to exploit network standards and automated communication methods. The aim is to determine what types of computers are present, along with additional information about those computers such as the type and version of the operating system. This information can be analyzed for known or recently discovered vulnerabilities that can be exploited to gain access to secure networks and computers. Network reconnaissance is possibly one of the most common applications of passive data analysis. Early generation techniques, such as TCP/IP passive fingerprinting, have accuracy issues that tended to make it ineffective. Today, numerous tools exist to make reconnaissance easier and more effective.



FILL BLANK
Fill in the blank with the appropriate term. The________________ is an application layer protocol that is used between workstations and routers for transporting SNA/NetBIOS traffic over TCP sessions.

  1. DCAP

Answer(s): A

Explanation:

The Data Link Switching Client Access Protocol (DCAP) is an application layer protocol that is used between workstations and routers for transporting SNA/NetBIOS traffic over TCP sessions. It was introduced in order to address a few deficiencies by the Data Link Switching Protocol (DLSw). The DLSw raises the important issues of scalability and efficiency, and since DLSw is a switch-to-switch protocol, it is not efficient when implemented on workstations. DCAP was introduced in order to address these issues.






Post your Comments and Discuss EC-Council 312-38 exam dumps with other Community members:

Join the 312-38 Discussion