• Home
  • Articles
  • 100% Pass Top-selling 312-38 Exams - New 2021 EC-COUNCIL Pratice Exam [Q21-Q39]

100% Pass Top-selling 312-38 Exams - New 2021 EC-COUNCIL Pratice Exam [Q21-Q39]

Share

100% Pass Top-selling 312-38 Exams - New 2021 EC-COUNCIL  Pratice Exam

Certified Ethical Hacker Dumps 312-38 Exam for Full Questions - Exam Study Guide

NEW QUESTION 21
Which of the following firewalls are used to track the state of active connections and determine the network packets allowed to enter through the firewall?Each correct answer represents a complete solution. Choose all that apply.

  • A. Circuit-level gateway
  • B. Dynamic packet-filtering
  • C. Stateful
  • D. Proxy server

Answer: B,C

Explanation:
A dynamic packet-filtering firewall is a fourth generation firewall technology. It is also known as a stateful firewall. It tracks the state of active connections and determines which network packets are allowed to enter through the firewall. It records session information, such as IP addresses and port numbers to implement a more secure network. The dynamic packet-filtering firewall operates at Layer3, Layer4, and Layer5. Answer option A is incorrect. A circuit-level gateway is a type of firewall that works at the session
layer of the OSI model between the application layer and the transport layer of the TCP/IP stack.
They monitor TCP handshaking between packets to determine whether a requested session is
legitimate. Information passed to a remote computer through a circuit level gateway appears to
have originated from the gateway. This is useful for hiding information about protected networks.
Circuit-level gateways are relatively inexpensive and have the advantage of hiding information
about the private network they protect.
Answer option C is incorrect. A proxy server firewall intercepts all messages entering and leaving
the network. The proxy server effectively hides the true network addresses.

 

NEW QUESTION 22
Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?

  • A. AirSnort
  • B. Ettercap
  • C. BackTrack
  • D. Aircrack

Answer: B

Explanation:
Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. It is a free open source software. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis.
Answer option C is incorrect. BackTrack is a Linux distribution distributed as a Live CD, which is used for penetration testing. It allows users to include customizable scripts, additional tools and configurable kernels in personalized distributions. It contains various tools, such as Metasploit integration, RFMON injection capable wireless drivers, kismet, autoscan-network (network discovering and managing application), nmap, ettercap, wireshark (formerly known as Ethereal).
Answer option A is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer option D is incorrect. Aircrack is the fastest WEP/WPA cracking tool used for 802.11a/b/g WEP and WPA cracking.

 

NEW QUESTION 23
Jason works as a System Administrator for www.company.com Inc. The company has a Windows-based network. Sam, an employee of the company, accidentally changes some of the applications and system settings. He complains to Jason that his system is not working properly. To troubleshoot the problem, Jason diagnoses the internals of his computer and observes that some changes have been made in Sam's computer registry. To rectify the issue, Jason has to restore the registry. Which of the following utilities can Jason use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

  • A. Reg.exe
  • B. EventCombMT
  • C. Regedit.exe
  • D. Resplendent registrar

Answer: A,C,D

Explanation:
The resplendent registrar is a tool that offers a complete and safe solution to administrators and power users for maintaining the registry. It can be used for maintaining the registry of desktops and remote computers on the network. It offers a solution for backing up and restoring registries, fast background search and replace, adding descriptions to the registry keys, etc. This program is very attractive and easy to use, as it comes in an explorer-style interface. It can be used for Windows 2003/XP/2K/NT/ME/9x. Reg.exe is a command-line utility that is used to edit the Windows registry. It has the ability to import, export, back up, and restore keys, as well as to compare, modify, and delete keys. It can perform almost all tasks that can be done using the Windows-based Regedit.exe tool. Registry Editor (REGEDIT) is a registry editing utility that can be used to look at information in the registry. REGEDIT.EXE enables users to search for strings, values, keys, and subkeys and is useful to find a specific value or string. Users can also use REGEDIT.EXE to add, delete, or modify registry entries. Answer option D is incorrect. EventCombMT is a multithreaded tool that is used to search the event logs of several different computers for specific events, all from one central location. It is a little-known Microsoft tool to run searches for event IDs or text strings against Windows event logs for systems, applications, and security, as well as File Replication Service (FRS), domain name system (DNS), and Active Directory (AD) logs where applicable. The MT stands for multi-threaded. The program is part of the Account Lockout and Management Tools program package for Windows 2000, 2003, and XP.

 

NEW QUESTION 24
Which of the following can be performed with software or hardware devices in order to record everything a
person types using his or her keyboard?

  • A. War dialing
  • B. Warchalking
  • C. Keystroke logging
  • D. IRC bot

Answer: C

Explanation:
Keystroke logging is a method of logging and recording user keystrokes. It can be performed with software or
hardware devices. Keystroke logging devices can record everything a person types using his or her keyboard,
such as to measure employee's productivity on certain clerical tasks. These types of devices can also be used
to get usernames, passwords, etc.
Answer option C is incorrect. War dialing is a technique of using a modem to automatically scan a list of
telephone numbers, usually dialing every number in a local area code to search for computers, BBS systems,
and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers
(hackers that specialize in computer security) for password guessing.
Answer option A is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.
Answer option D is incorrect. An Internet Relay Chat (IRC) bot is a set of scripts or an independent program
that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. An IRC
bot differs from a regular client in that instead of providing interactive access to IRC for a human user, it
performs automated functions.

 

NEW QUESTION 25
Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Cost-benefit analysis
  • B. Business Continuity Planning
  • C. Benefit-Cost Analysis
  • D. Disaster recovery

Answer: A,C

Explanation:
Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile. It is a term that refers both to:
helping to appraise, or assess, the case for a project, program, or policy proposal; an approach to making economic decisions of any kind. Under both definitions, the process involves, whether explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. The formal process is often referred to as either CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).
Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.
Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

 

NEW QUESTION 26
Which of the following is used in conjunction with smoke detectors and fire alarm systems to improve and increase public safety?

  • A. Fire suppression system
  • B. Fire sprinkler
  • C. Gaseous emission system
  • D. Gaseous fire suppression

Answer: A

 

NEW QUESTION 27
Which of the following is a physical security device designed to entrap a person on purpose?

  • A. War Chalking
  • B. Trap
  • C. War Flying
  • D. Mantrap

Answer: D

 

NEW QUESTION 28
Which of the following is an IPSec protocol that can be used alone in combination with Authentication Header (AH)?

  • A. ESP
  • B. L2TP
  • C. PPTP
  • D. PPP

Answer: A

 

NEW QUESTION 29
Which of the following types of RAID is also known as disk striping?

  • A. RAID 0
  • B. RAID 2
  • C. RAID 1
  • D. RAID 3

Answer: A

 

NEW QUESTION 30
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP,
etc.

  • A. Libnids
  • B. Dsniff
  • C. Cain
  • D. LIDS

Answer: B

Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc. Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks: Dictionary attack Brute force attack Rainbow attack Hybrid attack Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux operating system.

 

NEW QUESTION 31
What is the range for well known ports?

  • A. 49152 through 65535
  • B. 1024 through 49151
  • C. 0 through 1023
  • D. Above 65535

Answer: C

 

NEW QUESTION 32
Which of the following TCP/IP state transitions represents no connection state at all?

  • A. Closed
  • B. Close-wait
  • C. Fin-wait-1
  • D. Closing

Answer: A

 

NEW QUESTION 33
Which of the following policies is used to add additional information about the overall security posture and serves to protect employees and organizations from inefficiency or ambiguity?

  • A. IT policy
  • B. Issue-Specific Security Policy
  • C. User policy
  • D. Group policy

Answer: B

Explanation:
The Issue-Specific Security Policy (ISSP) is used to add additional information about the overall security posture. It helps in providing detailed, targeted guidance for instructing organizations in the secure use of tech systems. This policy serves to protect employees and organizations from inefficiency or ambiguity. Answer option A is incorrect. A user policy helps in defining what users can and should do to use network and organization's computer equipment. It also defines what limitations are put on users for maintaining the network secure such as whether users can install programs on their workstations, types of programs users are using, and how users can access data. Answer option D is incorrect. IT policy includes general policies for the IT department. These policies are intended to keep the network secure and stable. It includes the following: Virus incident and security incident Backup policy Client update policies Server configuration, patch update, and modification policies (security) Firewall policiesDmz policy, email retention, and auto forwarded email policy Answer option B is incorrect. A group policy specifies how programs, network resources, and the operating system work for users and computers in an organization.

 

NEW QUESTION 34
Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

  • A. Automated Field Correlation
  • B. Field-Based Approach
  • C. Rule-Based Approach
  • D. Graph-Based Approach

Answer: A

 

NEW QUESTION 35
Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?

  • A. EGP
  • B. IGMP
  • C. OSPF
  • D. ICMP

Answer: A

Explanation:
EGP stands for Exterior Gateway Protocol. It is used for exchanging routing information between two gateways in a network of autonomous systems. This protocol depends upon periodic polling with proper acknowledgements to confirm that network connections are up and running, and to request for routing updates. Each router requests its neighbor at an interval of 120 to 480 seconds, for sending the routing table updates. The neighbor host then responds by sending its routing table. EGP-2 is the latest version of EGP. Answer option B is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet. Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks. Answer option D is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately multicast updated information to all the other hosts in the network.

 

NEW QUESTION 36
Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when deciding on the appropriate backup medium?

  • A. Capability
  • B. Accountability
  • C. Reliability
  • D. Extensibility

Answer: A,C,D

 

NEW QUESTION 37
Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

  • A. Business Continuity Plan
  • B. Disaster Recovery Plan
  • C. Contingency Plan
  • D. Continuity Of Operations Plan

Answer: C

Explanation:
Contingency plan is prepared and documented for emergency response, backup operations, and recovery maintained by an activity as the element of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation.
A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen.
Contingency plans include specific strategies and actions to deal with
specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption.
Answer option B is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for sudden loss such as hard disc crash. The business should use backup and data recovery utilities to limit the loss of data.
Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential.
COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.
Answer option C is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.

 

NEW QUESTION 38
Which of the following devices helps in connecting a PC to an ISP via a PSTN?

  • A. Repeater
  • B. PCI card
  • C. Modem
  • D. Adapter

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 39
......

Authentic Best resources for 312-38 Online Practice Exam: https://www.actualcollection.com/312-38-exam-questions.html

312-38 Test Engine Practice Exam: https://drive.google.com/open?id=1Q9s9PivkJ8GMIgbLUJcAyoG67D7UQef3

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy