Last Updated on July 19, 2021 by InfraExam

312-38 : Certified Network Defender : Part 20

  1. Adam, malicious hacker, has just succeeded in stealing through a secure cookie XSS attack. He is able to play back the cookie even if the session is valid on the server. Which of the following is the most likely cause of this issue?

    • Two-way encryption is used.
    • Encryption is performed at the application level (one encryption key).
    • Encryption does not apply.
    • Scrambling is performed in the network (layer 1 encryption)
    • None
  2. Which of the following is a compatible network device that converts various communication protocols and are used to connect different network technologies?

    • port
    • change
    • none
    • bridge
    • router
  3. Which of the following is a computer network protocol used by the hosts to apply for the tasks the IP address and other configuration information?

    • DHCP
    • ARP
    • Telnet
    • None
    • SNMP
  4. You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?

    • A NIDS device would work best for the company.
    • A HIPS device would best suite this company.
    • The best solution to cover the needs of this company would be a HIDS device.
    • You are suggesting a NIPS device.
  5. Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company’s network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

    • The type of scan she is using is called a NULL scan.
    • Cindy is attempting to find live hosts on her company’s network by using a XMAS scan.
    • Cindy is using a half-open scan to find live hosts on her network.
    • She is utilizing a RST scan to find live hosts that are listening on her network.
  6. An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then upload this file into the cracking application that runs against the user accounts. Which of the following password cracking techniques is the attacker trying?

    • Hybrid
    • Rainbow table
    • Dictionary
    • Bruteforce
  7. The SOC manager is reviewing logs in AlienVault USM to investigate an intrusion on the network. Which CND approach is being used?

    • Retrospective
    • Reactive
    • Deterrent
    • Preventive
  8. According to the company’s security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows Authentication. What needs to happen to force this server to use Windows Authentication?

    • Edit the ADLIN file.
    • Remove the /var/bin/localauth.conf file.
    • Edit the PAM file to enforce Windows Authentication.
    • Edit the shadow file.
  9. Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

    • Pipe model
    • Hose model
    • AAA model
    • Hub-and-Spoke VPN model
  10. Heather has been tasked with setting up and implementing VPN tunnels to remote offices. She will most likely be implementing IPsec VPN tunnels to connect the offices. At what layer of the OSI model does an IPsec tunnel function on?

    • They function on the data link layer.
    • They work on the network layer.
    • They function on either the application or the physical layer.
    • They work on the session layer.
  11. Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization’s need. Which of the following factors will the administrator consider when deciding on the appropriate backup medium? (Choose all that apply.)

    • Reliability
    • Capability
    • Accountability
    • Extensibility
  12. John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

    • Packet Filtering
    • Circuit level gateway
    • Application level gateway
    • Stateful Multilayer Inspection
  13. Which of the following attack signature analysis techniques are implemented to examine the header information and conclude that a packet has been altered?

    • Composite signature-based analysis
    • Atomic signature-based analysis
    • Content-based signature analysis
    • Context-based signature analysis
  14. Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle’s company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide. What type of solution would be best for Lyle?

    • He should choose a HIPS solution, as this is best suited to his needs.
    • Lyle would be best suited if he chose a NIPS implementation.
    • A NEPT implementation would be the best choice.
    • To better serve the security needs of his company, Lyle should use a HIDS system.
  15. Which of the following VPN topologies establishes a persistent connection between an organization’s main office and its branch offices using a third-party network or the Internet?

    • Hub-and-Spoke
    • Full Mesh
    • Point-to-Point
    • Star
  16. Which of the following is a best practice for wireless network security?

    • Do not placing packet filter between the AP and the corporate intranet
    • Using SSID cloaking
    • Do not changing the default SSID
    • Enabling the remote router login
  17. Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented. What is the correct hierarchy for a security policy implementation?

    • Procedures, Policies, Laws, Standards and Regulations
    • Laws, Regulations, Policies, Standards and Procedures
    • Regulations, Policies, Laws, Standards and Procedures
    • Laws, Policies, Regulations, Procedures and Standards
  18. The _______ protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.

    • RARP
    • ICMP
    • ARP
    • DHCP
  19. Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

    • Based on a first come first served basis
    • Based on the type of response needed for the incident
    • Based on a potential technical effect of the incident
    • Based on approval from management
  20. Smith is an IT technician that has been appointed to his company’s network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment plan?

    • Their first step is the acquisition of required documents, reviewing of security policies and compliance.
    • Their first step is to create an initial Executive report to show the management team.
    • Their first step is to make a hypothesis of what their final findings will be.
    • Their first step is to analyze the data they have currently gathered from the company or interviews.