Free 312-38 Exam Braindumps (page: 39)

Page 38 of 155

Which of the following is a mechanism that helps in ensuring that only the intended and authorized recipients are able to read data?

  1. Integrity
  2. Data availability
  3. Confidentiality
  4. Authentication

Answer(s): C

Explanation:

Confidentiality is a mechanism that ensures that only the intended and authorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it.
Answer option A is incorrect. In information security, integrity means that data cannot be modified without authorization. This is not the same thing as referential integrity in databases. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on. There are many ways in which integrity could be violated without malicious intent. In the simplest case, a user on a system could mistype someone's address. On a larger scale, if an automated process is not written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the integrity of the data compromised. Information security professionals are tasked with finding ways to implement controls that prevent errors of integrity.
Answer option B is incorrect. Data availability is one of the security principles that ensures that the data and communication services will be available for use when needed (expected). It is a method of describing products and services availability by which it is ensured that data continues to be available at a required level of performance in situations ranging from normal to disastrous. Data availability is achieved through redundancy, which depends upon where the data is stored and how it can be reached.
Answer option D is incorrect. Authentication is the act of establishing or confirming something (or someone) as authentic, i.e., the claims made by or about the subject are true ("authentification" is a variant of this word).



Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile?
Each correct answer represents a complete solution. Choose all that apply.

  1. Business Continuity Planning
  2. Benefit-Cost Analysis
  3. Disaster recovery
  4. Cost-benefit analysis

Answer(s): B,D

Explanation:

Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile. It is a term that refers both to:
helping to appraise, or assess, the case for a project, program, or policy proposal;
an approach to making economic decisions of any kind. Under both definitions, the process involves, whether explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. The formal process is often referred to as either CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).
Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.
Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.



Which of the following steps will NOT make a server fault tolerant? Each correct answer represents a complete solution. (Choose two.)

  1. Adding a second power supply unit
  2. Performing regular backup of the server
  3. Adding one more same sized disk as mirror on the server
  4. Implementing cluster servers' facility
  5. Encrypting confidential data stored on the server

Answer(s): B,E

Explanation:

Encrypting confidential data stored on the server and performing regular backup will not make the server fault tolerant.
Fault tolerance is the ability to continue work when a hardware failure occurs on a system. A fault-tolerant system is designed from the ground up for reliability by building multiples of all critical components, such as CPUs, memories, disks and power supplies into the same computer. In the event one component fails, another takes over without skipping a beat.
Answer options A, C, and D are incorrect. The following steps will make the server fault tolerant: Adding a second power supply unit
Adding one more same sized disk as a mirror on the server implementing cluster servers facility



This is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of these tools are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc.
It is commonly used for the following purposes:

a) War driving
b) Detecting unauthorized access points
c) Detecting causes of interference on a WLAN
d) WEP ICV error tracking
e) Making Graphs and Alarms on 802.11 Data, including Signal Strength

This tool is known as____________.

  1. Kismet
  2. Absinthe
  3. THC-Scan
  4. NetStumbler

Answer(s): D

Explanation:

NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows:
It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes:
a) War driving
b) Detecting unauthorized access points
c) Detecting causes of interference on a WLAN
d) WEP ICV error tracking
e) Making Graphs and Alarms on 802.11 Data, including Signal Strength
Answer option A is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
Answer option C is incorrect. THC-Scan is a war-dialing tool.
Answer option B is incorrect. Absinthe is an automated SQL injection tool.






Post your Comments and Discuss EC-Council 312-38 exam with other Community members:

312-38 Discussions & Posts