[Q48-Q65] PASS 312-38 exam with EC-COUNCIL Real Exam Questions - 100% Valid!

Share

PASS 312-38 exam with EC-COUNCIL Real Exam Questions - 100% Valid!

Actual 312-38 Exam Recently Updated Questions with Free Demo

NEW QUESTION # 48
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's_________integrity check mechanism provides security against a replay attack

  • A. CBC-32
  • B. CRC-MAC
  • C. CRC-32
  • D. CBC-MAC

Answer: D


NEW QUESTION # 49
Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs
to the community of projects for establishing whether they are worthwhile?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Business Continuity Planning
  • B. Cost-benefit analysis
  • C. Benefit-Cost Analysis
  • D. Disaster recovery

Answer: B,C

Explanation:
Explanation/Reference:
Explanation:
Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up
the equivalent money value of the benefits and costs to the community of projects for establishing whether they
are worthwhile. It is a term that refers both to:
helping to appraise, or assess, the case for a project, program, or policy proposal;
an approach to making economic decisions of any kind. Under both definitions, the process involves, whether
explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more
actions in order to choose the best or most profitable option. The formal process is often referred to as either
CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).
Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced
logistical plan that defines how an organization will recover and restore partially or completely interrupted
critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan
is called a Business Continuity Plan.
Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for
recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced
disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and
should include planning for resumption of applications, data, hardware, communications (such as networking)
and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such
as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster
recovery plan (DRP) for IT related infrastructure recovery / continuity.


NEW QUESTION # 50
Adam works as a Security Analyst for Umbrella Inc. The company has a Linux-based network comprising an Apache server for Web applications. He received the following Apache Web server log, which is as follows:
[Sat Nov 16 14:32:52 2009] [error] [client 128.0.0.7] client denied by server configuration: /export/home/htdocs/test
The first piece in the log entry is the date and time of the log message. The second entry determines the severity of the error being reported.
Now Adam wants to change the severity level to control the types of errors that are sent to the error log. Which of the following directives will Adam use to accomplish the task?

  • A. LogLevel
  • B. LogFormat
  • C. CustomLog
  • D. ErrorLog

Answer: A

Explanation:
The LogLevel directive is used in server Error log of the Apache Web server log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level. Eight different levels are present in the LogLevel directive, which are shown below in order of their descending significance:

Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when LogLevel crit is specified, then messages with log levels of alert and emerg will also be reported. Answer option B is incorrect. The ErrorLog directive is used to set the name and location of the file to which the server will log any errors it encounters. If the file-path does not begin with a slash sign (/), it is assumed to be relative to the ServerRoot. If the file-path begins with a pipe sign (|), then it is assumed to be a command that handles the error log. Answer option A is incorrect. The CustomLog directive is used to log requests to the server. The format of the log is specified and the logging can be made conditional on request characteristics with the help of environment variables. Environment variables can be adjusted on a per-request basis with the help of the mod_setenvif or mod_rewrite module. Answer option C is incorrect. The LogFormat directive can exist in one of the two forms. In the first form, only one argument is specified; and in the second form explicit format with a nickname is associated. This directive specifies the log format that is used by logs specified in subsequent TransferLog directives.


NEW QUESTION # 51
Which of the following provide an "always on" Internet access service when connecting to an ISP?Each correct answer represents a complete solution. Choose two.

  • A. DSL
  • B. Cable modem
  • C. Analog modem
  • D. Digital modem

Answer: A,B

Explanation:
DSL and Cable modems are used in remote-access WAN technology for connecting to the Internet. Both provide an "always on" Internet access service. Answer options C and A are incorrect. Analog and Digital modems are not always in 'ON' mode when connecting to an ISP. Analog modems transmit analog voice signals, while Digital modems transmit digital signals over a link.


NEW QUESTION # 52
Which of the following is an exterior gateway protocol that communicates using a Transmission Control Protocol (TCP) and sends the updated router table information?

  • A. IRDP
  • B. IGMP
  • C. BGP
  • D. OSPF

Answer: C


NEW QUESTION # 53
You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete solution.
Choose two.

  • A. Using WEP encryption
  • B. Using WPA encryption
  • C. Not broadcasting SSID
  • D. MAC filtering the router

Answer: A,B


NEW QUESTION # 54
Henry, head of network security at Gentech, has discovered a general report template that someone has reserved only for the CEO. Since the file has to be editable, viewable, and deletable by everyone, what permission value should he set?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B


NEW QUESTION # 55
Which IEEE standard does wireless network use?

  • A. 802.10
  • B. 802.9
  • C. 802.18
  • D. 802.11

Answer: D


NEW QUESTION # 56
Identify the type of event that is recorded when an application driver loads successfully in Windows.

  • A. Success Audit
  • B. Information
  • C. Error
  • D. Warning

Answer: B


NEW QUESTION # 57
Which of the following is a worldwide organization that aims to establish, refine, and promote Internet security standards?

  • A. ANSI
  • B. WASC
  • C. ITU
  • D. IEEE

Answer: B

Explanation:
Web Application Security Consortium (WASC) is a worldwide organization that aims to establish, refine, and promote Internet security standards. WASC is vendor-neutral, although members may belong to corporations involved in the research, development, design, and distribution of Web security-related products. Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for fostering the development of technology standards in the United States. ANSI works with industry groups and is the U.S. member of the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC). Long-established computer standards from ANSI include the American Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI). Answer option D is incorrect. The International Telecommunication Union (ITU) is an organization established to standardize and regulate international radio and telecommunications. Its main tasks include standardization, allocation of the radio spectrum, and organizing interconnection arrangements between different countries to allow international phone calls. ITU sets standards for global telecom networks. The ITU's telecommunications division (ITU-T) produces more than 200 standard recommendations each year in the converging areas of telecommunications, information technology, consumer electronics, broadcasting and multimedia communications. ITU was streamlined into the following three sectors: ITU-D (Telecommunication Development) ITU-R (Radio communication) ITU-T (Telecommunication Standardization) Answer option C is incorrect. The Institute of Electrical and Electronic Engineers (IEEE) is a society of technical professionals. It promotes the development and application of electrotechnology and allied sciences. IEEE develops communications and network standards, among other activities. The organization publishes number of journals, has many local chapters, and societies in specialized areas.


NEW QUESTION # 58
Which of the following standards is an amendment to the original IEEE 802.11 and specifies security
mechanisms for wireless networks?

  • A. 802.11b
  • B. 802.11e
  • C. 802.11i
  • D. 802.11a

Answer: C

Explanation:
Explanation
Explanation:
802.11i is an amendment to the original IEEE 802.11. This standard specifies security mechanisms for
wireless networks. It replaced the short Authentication and privacy clause of the original standard with a
detailed Security clause. In the process, it deprecated the broken WEP. 802.11i supersedes the previous
security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses.
Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate
solution to WEP insecurities. The Wi-Fi Alliance refers to their approved, interoperable implementation of the
full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11i makes use of the Advanced
Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.
Answer option D is incorrect. 802.11a is an amendment to the IEEE 802.11 specification that added a higher
data rate of up to 54 Mbit/s using the 5 GHz band. It has seen widespread worldwide implementation,
particularly within the corporate workspace. Using the 5 GHz band gives 802.11a a significant advantage, since
the 2.4 GHz band is heavily used to the point of being crowded. Degradation caused by such conflicts can
cause frequent dropped connections and degradation of service.
Answer option A is incorrect. 802.11b is an amendment to the IEEE 802.11 specification that extended
throughput up to 11 Mbit/s using the same 2.4 GHz band. This specification under the marketing name of Wi-Fi
has been implemented all over the world. 802.11b is used in a point-to-multipoint configuration, wherein an
access point communicates via an omni-directional antenna with one or more nomadic or mobile clients that
are located in a coverage area around the access point.
Answer option B is incorrect. The 802.11e standard is a proposed enhancement to the 802.11a and 802.11b
wireless LAN (WLAN) specifications. It offers quality of service (QoS) features, including the prioritization of
data, voice, and video transmissions. 802.11e enhances the 802.11 Media Access Control layer (MAC layer)
with a coordinated time division multiple access (TDMA) construct, and adds error-correcting mechanisms for
delay-sensitive applications such as voice and video.


NEW QUESTION # 59
Which of the following steps will NOT make a server fault tolerant? Each correct answer represents a complete solution. (Choose two.)

  • A. Implementing cluster servers' facility
  • B. Adding one more same sized disk as mirror on the server
  • C. Adding a second power supply unit
  • D. Encrypting confidential data stored on the server
  • E. Performing regular backup of the server

Answer: D,E

Explanation:
Encrypting confidential data stored on the server and performing regular backup will not make the server fault tolerant.
Fault tolerance is the ability to continue work when a hardware failure occurs on a system. A fault-tolerant system is designed from the ground up for reliability by building multiples of all critical components, such as CPUs, memories, disks and power supplies into the same computer. In the event one component fails, another takes over without skipping a beat.
Answer options A, C, and D are incorrect. The following steps will make the server fault tolerant:
Adding a second power supply unit
Adding one more same sized disk as a mirror on the server implementing cluster servers facility


NEW QUESTION # 60
Attacks are classified into which of the following? Each correct answer represents a complete solution. Choose all that apply.

  • A. Session hijacking
  • B. Passive attack
  • C. Replay attack
  • D. Active attack

Answer: B,D

Explanation:
An attack is an action against an information system or network that attempts to violate the system's security policy. Attacks can be broadly classified as being either active or passive.
1.Active attacks modify the target system or message, i.e. they violate the integrity of the system or message.
2.Passive attacks violate confidentiality without affecting the state of the system. An example of such an attack is the electronic eavesdropping on network transmissions to release message contents or to gather unprotected passwords.
Answer options B and D are incorrect. Session hijacking and replay attacks come under the category of active attacks.


NEW QUESTION # 61
Adam, malicious hacker, has just succeeded in stealing through a secure cookie XSS attack. He is able to play back the cookie even if the session is valid on the server. Which of the following is the most likely cause of this issue?

  • A. Two-way encryption is used.
  • B. Encryption does not apply.
  • C. Encryption is performed at the application level (one encryption key).
  • D. None
  • E. Scrambling is performed in the network (layer 1 encryption)

Answer: C


NEW QUESTION # 62
Which of the following is a digital telephone/telecommunication network that carries voice, data, and video over
an existing telephone network infrastructure?

  • A. Frame relay
  • B. PPP
  • C. ISDN
  • D. X.25

Answer: C

Explanation:
Integrated Services Digital Network (ISDN) is a digital telephone/telecommunication network that carries voice,
data, and video over an existing telephone network infrastructure. It requires an ISDN modem at both the ends
of a transmission. ISDN is designed to provide a single interface for hooking up a telephone, fax machine,
computer, etc.
ISDN has two levels of service, i.e., Basic Rate Interface (BRI) and Primary Rate Interface (PRI).
Answer option A is incorrect. The Point-to-Point Protocol, or PPP, is a data link protocol commonly used to
establish a direct connection between two networking nodes. It can provide connection authentication,
transmission encryption privacy, and compression. PPP is commonly used as a data link layer protocol for
connection over synchronous and asynchronous circuits, where it has largely superseded the older, non-
standard Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link
Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous
network layer protocols, including Internet Protocol (IP), Novell's Internetwork Packet Exchange (IPX), NBF,
and AppleTalk.
Answer option D is incorrect. The X.25 protocol, adopted as a standard by the Consultative Committee for
International Telegraph and Telephone (CCITT), is a commonly-used network protocol. The X.25 protocol
allows computers on different public networks (such as CompuServe, Tymnet, or a TCP/IP network) to
communicate through an intermediary computer at the network layer level. X.25's protocols correspond closely
to the data-link and physical-layer protocols defined in the Open Systems Interconnection (OSI) communication
model.
Answer option B is incorrect. Frame relay is a telecommunication service designed for cost-efficient data
transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area
network (WAN). Frame relay puts data in a variable-size unit called a frame. It checks for lesser errors as
compared to other traditional forms of packet switching and hence speeds up data transmission.
When an error is detected in a frame, it is simply dropped. The end points are responsible for detecting and
retransmitting dropped frames.


NEW QUESTION # 63
CORRECT TEXT
Fill in the blank with the appropriate term.
A ______________ is a translation device or service that is often controlled by a separate Media Gateway Controller, which provides the call control and signaling functionality.

Answer:

Explanation:
Media gateway
Explanation:
A Media gateway is a translation device or service that converts digital media streams between disparate telecommunications networks such as PSTN, SS7, Next Generation Networks (2G, 2.5G and 3G radio access networks) or PBX. Media gateways enable multimedia communications across Next Generation Networks over multiple transport protocols such as Asynchronous Transfer Mode (ATM) and Internet Protocol (IP).Because the media gateway connects different types of networks, one of its main functions is to convert between different transmission and coding techniques. Media streaming functions such as echo cancellation, DTMF, and tone sender are also located in the media gateway. Media gateways are often controlled by a separate Media Gateway Controller, which provides the call control and signaling functionality.


NEW QUESTION # 64
A network administrator is monitoring the network traffic with Wireshark. Which of the following filters will she use to view the packets moving without setting a flag to detect TCP Null Scan attempts?

  • A. Tcp.dstport==7
  • B. Tcp.flags==0X029
  • C. Tcp.flags==0x003
  • D. TCRflags==0x000

Answer: D


NEW QUESTION # 65
......

312-38 Free Sample Questions to Practice One Year Update: https://www.dumpexam.com/312-38-valid-torrent.html

Free EC-COUNCIL 312-38 Exam Questions: https://drive.google.com/open?id=17P3flB5ud6DRYXAor-VROLecUGPeCzSU