There is no need to worry about the difficulties on the Certified Ethical Hacker 312-38 exam preparation. CertBus will assist you pass your Certified Ethical Hacker 312-38 exam with up to date 312-38 EC-Council Network Security Administrator PDF and VCE dumps. CertBus provides the most update real Certified Ethical Hacker 312-38 exam preparation material, covering each and every aspect which real Certified Ethical Hacker 312-38 exam requires. We ensure you 100% success in Certified Ethical Hacker 312-38 exam.
We CertBus has our own expert team. They selected and published the latest 312-38 preparation materials from EC-COUNCIL Official Exam-Center: http://www.certgod.com/312-38.html
QUESTION NO:20
Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages
to detect port scans and other suspicious traffic?
A. Nmap
B. Hping
C. NetRanger
D. PSAD
Answer: D
Explanation:
PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port
scans and other suspicious traffic. It includes many signatures from the IDS to detect probes for
various backdoor programs such as EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft),
and advanced port scans (FIN, NULL, XMAS). If it is combined with fwsnort and the Netfilter string
match extension, it detects most of the attacks described in the Snort rule set that involve
application layer data.
Answer option C is incorrect. NetRanger is the complete network configuration and information
toolkit that includes the following tools: a Ping tool, Trace Route tool, Host Lookup tool, Internet
time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple
POP3 mail accounts tool, manage dialup connections tool, Quote of the day tool, and monitor
Network Settings tool. These tools are integrated in order to use an application interface with full
online help. NetRanger is designed for both new and experienced users. This tool is used to help
diagnose network problems and to get information about users, hosts, and networks on the
Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection
technologies in order to be very fast and efficient.
Answer option B is incorrect. Hping is a free packet generator and analyzer for the TCP/IP
protocol. Hping is one of the de facto tools for security auditing and testing of firewalls and
networks. The new version of hping, hping3, is scriptable using the Tcl language and implements
an engine for string based, human readable description of TCP/IP packets, so that the
programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very
short time. Like most tools used in computer security, hping is useful to both system administrators
and crackers (or script kiddies).
Answer option A is incorrect. Nmap is a free open-source utility for network exploration and
security auditing. It is used to discover computers and services on a computer network, thus
creating a “map” of the network. Just like many simple port scanners, Nmap is capable of
discovering passive services. In addition, Nmap may be able to determine various details about
the remote computers. These include operating system, device type, uptime, software product
used to run a service, exact version number of that product, presence of some firewall techniques
and, on a local area network, even vendor of the remote network card. Nmap runs on Linux,
Microsoft Windows, etc.
QUESTION NO:28
Which of the following is a standard protocol for interfacing external application software with an
information server, commonly a Web server?
A. DHCP
B. IP
C. CGI
D. TCP
Answer: C
Explanation:
The Common Gateway Interface (CGI) is a standard protocol for interfacing external application
software with an information server, commonly a Web server. The task of such an information
server is to respond to requests (in the case of web servers, requests from client web browsers)
by returning output. When a user requests the name of an entry, the server will retrieve the source
of that entry\’s page (if one exists), transform it into HTML, and send the result.
Answer option A is incorrect. DHCP is a Dynamic Host Configuration Protocol that allocates
unique (IP) addresses dynamically so that they can be used when no longer needed. A DHCP
server is set up in a DHCP environment with the appropriate configuration parameters for the
given network. The key parameters include the range or “pool” of available IP addresses, correct
subnet masks, gateway, and name server addresses.
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data
across a packet-switched inter-network using the Internet Protocol Suite, also referred to as
TCP/IP.IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the
task of delivering distinguished protocol datagrams (packets) from the source host to the
destination host solely based on their addresses. For this purpose, the Internet Protocol defines
addressing methods and structures for datagram encapsulation. The first major version of
addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant
protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being
deployed actively worldwide.
Answer option D is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-
oriented protocol operating at the transport layer of the OSI model. It provides a reliable packet
delivery service encapsulated within the Internet Protocol (IP). TCP guarantees the delivery of
packets, ensures proper sequencing of data, and provides a checksum feature that validates both
the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during
transmission, TCP is responsible for retransmitting the faulty packet. It can transmit large amounts
of data. Application layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer
files between clients and servers.
QUESTION NO:24
Which of the following cables is made of glass or plastic and transmits signals in the form of light?
A. Coaxial cable
B. Twisted pair cable
C. Plenum cable
D. Fiber optic cable
Answer: D
Explanation:
Fiber optic cable is also known as optical fiber. It is made of glass or plastic and transmits signals
in the form of light. It is of cylindrical shape and consists of three concentric sections: the core, the
cladding, and the jacket. Optical fiber carries much more information than conventional copper
wire and is in general not subject to electromagnetic interference and the need to retransmit
signals. Most telephone company\’s long-distance lines are now made of optical fiber.
Transmission over an optical fiber cable requires repeaters at distance intervals. The glass fiber
requires more protection within an outer cable than copper.
Answer option B is incorrect. Twisted pair cabling is a type of wiring in which two conductors (the
forward and return conductors of a single circuit) are twisted together for the purposes of canceling
out electromagnetic interference (EMI) from external sources. It consists of the following twisted
pair cables:
Shielded Twisted Pair: Shielded Twisted Pair (STP) is a special kind of copper telephone wiring
used in some business installations. An outer covering or shield is added to the ordinary twisted
pair telephone wires; the shield functions as a ground. Twisted pair is the ordinary copper wire that
connects home and many business computers to the telephone company. Shielded twisted pair is
often used in business installations. Unshielded Twisted Pair: Unshielded Twisted Pair (UTP) is
the ordinary wire used in home. UTP cable is also the most common cable used in computer
networking. Ethernet, the most common data networking standard, utilizes UTP cables. Twisted
pair cabling is often used in data networks for short and medium length connections because of its
relatively lower costs compared to optical fiber and coaxial cable.UTP is also finding increasing
use in video applications, primarily in security cameras. Many middle to high-end cameras include
a UTP output with setscrew terminals. This is made possible by the fact that UTP cable bandwidth
has improved to match the baseband of television signals.
Answer option A is incorrect. Coaxial cable is the kind of copper cable used by cable TV
companies between the community antenna and user homes and businesses. Coaxial cable is
sometimes used by telephone companies from their central office to the telephone poles near
users. It is also widely installed for use in business and corporation Ethernet and other types of
local area network. Coaxial cable is called “coaxial” because it includes one physical channel that
carries the signal surrounded (after a layer of insulation) by another concentric physical channel,
both running along the same axis. The outer channel serves as a ground. Many of these cables or
pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry
information for a great distance. It is shown in the figure below:
Answer option C is incorrect. Plenum cable is cable that is laid in the plenum spaces of buildings.
The plenum is the space that can facilitate air circulation for heating and air conditioning systems,
by providing pathways for either heated/conditioned or return airflows. Space between the
structural ceiling and the dropped ceiling or under a raised floor is typically considered plenum.
However, some drop ceiling designs create a tight seal that does not allow for airflow and
therefore may not be considered a plenum air-handling space. The plenum space is typically used
to house the communication cables for the building\’s computer and telephone network.
QUESTION NO:7
Which of the following protocols is used for exchanging routing information between two gateways
in a network of autonomous systems?
A. IGMP
B. ICMP
C. EGP
D. OSPF
Answer: C
Explanation:
EGP stands for Exterior Gateway Protocol. It is used for exchanging routing information between
two gateways in a network of autonomous systems. This protocol depends upon periodic polling
with proper acknowledgements to confirm that network connections are up and running, and to
request for routing updates. Each router requests its neighbor at an interval of 120 to 480
seconds, for sending the routing table updates. The neighbor host then responds by sending its
routing table. EGP-2 is the latest version of EGP.
Answer option B is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol
that allows routers and host computers to swap basic control information when data is sent from
one computer to another. It is generally considered a part of the IP layer. It allows the computers
on a network to share error and status information. An ICMP message, which is encapsulated
within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed
throughout the Internet.
Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication
protocol that multicasts messages and information among all member devices in an IP multicast
group. However, multicast traffic is sent to a single MAC address but is processed by multiple
hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to
network attacks.
Answer option D is incorrect. Open Shortest Path First (OSPF) is a routing protocol that is used in
large networks. Internet Engineering Task Force (IETF) designates OSPF as one of the Interior
Gateway Protocols. A host uses OSPF to obtain a change in the routing table and to immediately
multicast updated information to all the other hosts in the network.
QUESTION NO:29
Which of the following honeypots provides an attacker access to the real operating system without
any restriction and collects a vast amount of information about the attacker?
A. High-interaction honeypot
B. Medium-interaction honeypot
C. Honeyd
D. Low-interaction honeypot
Answer: A
Explanation:
A high-interaction honeypot offers a vast amount of information about attackers. It provides an
attacker access to the real operating system without any restriction. A high-interaction honeypot is
a powerful weapon that provides opportunities to discover new tools, to identify new vulnerabilities
in the operating system, and to learn how blackhats communicate with one another.
Answer option D is incorrect. A low-interaction honeypot captures limited amounts of information
that are mainly transactional data and some limited interactive information. Because of simple
design and basic functionality, low-interaction honeypots are easy to install, deploy, maintain, and
configure. A low-interaction honeypot detects unauthorized scans or unauthorized connection
attempts. A low-interaction honeypot is like a one-way connection, as the honeypot provides
services that are limited to listening ports. Its role is very passive and does not alter any traffic. It
generates logs or alerts when incoming packets match their patterns.
Answer option B is incorrect. A medium-interaction honeypot offers richer interaction capabilities
than a low-interaction honeypot, but does not provide any real underlying operating system target.
Installing and configuring a medium-interaction honeypot takes more time than a low-interaction
honeypot. It is also more complicated to deploy and maintain as compared to a low-interaction
honeypot. A medium-interaction honeypot captures a greater amount of information but comes
with greater risk. Answer option C is incorrect. Honeyd is an example of a low-interaction
honeypot.
QUESTION NO:22
Which of the following is a distributed application architecture that partitions tasks or work loads
between service providers and service requesters?Each correct answer represents a complete
solution. Choose all that apply.
A. Client-server computing
B. Peer-to-peer (P2P) computing
C. Client-server networking
D. Peer-to-peer networking
Answer: A,C
Explanation:
Client-server networking is also known as client-server computing. It is a distributed application
architecture that partitions tasks or work loads between service providers (servers) and service
requesters, called clients. Often clients and servers operate over a computer network on separate
hardware. A server machine is a high-performance host that is running one or more server
programs which share its resources with clients. A client does not share any of its resources, but
requests a server\’s content or service function. Clients therefore initiate
communication sessions with servers which await (listen to) incoming requests.
Answer options D and B are incorrect. Peer-to-peer (P2P) computing or networking is a distributed
application architecture that partitions tasks or workloads between peers. Peers are equally
privileged, equipotent participants in the application. They are said to form a peer-to-peer network
of nodes. Peer-to-peer networking (also known simply as peer networking) differs from client-
server networking, where certain devices have the responsibility to provide or “serve” data, and
other devices consume or otherwise act as “clients” of those servers.
QUESTION NO:14
Which of the following is an intrusion detection system that monitors and analyzes the internals of
a computing system rather than the network packets on its external interfaces?
A. IPS B.
HIDS C.
DMZ D.
NIDS
Answer: B
Explanation:
A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal
behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion
detection system that monitors and analyses the internals of a computing system rather than the
network packets on its external interfaces. A host-based Intrusion Detection System (HIDS)
monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at
the state of a system, its stored information, whether in RAM, in the file system, log files or
elsewhere; and checks that the contents of these appear as expected.
Answer option D is incorrect. A network intrusion detection system (NIDS) is an intrusion detection
system that tries to detect malicious activity such as denial of service attacks, port scans or even
attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming
packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect
incoming shell codes in the same manner that an ordinary intrusion detection systems does.
Answer option A is incorrect. IPS (Intrusion Prevention Systems), also known as Intrusion
Detection and Prevention Systems (IDPS), are network security appliances that monitor network
and/or system activities for malicious activity. The main functions of “intrusion prevention systems”
are to identify malicious activity, log information about said activity, attempt to block/stop activity,
and report activity. An IPS can take such actions as sending an alarm, dropping the malicious
packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS
can also correct CRC, unfragment packet streams, prevent TCP sequencing issues, and clean up
unwanted transport and network layer options.
Answer option C is incorrect. DMZ, or demilitarized zone, is a physical or logical subnetwork that
contains and exposes an organization\’s external services to a larger untrusted network, usually
the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes
referred to as a Perimeter Network. The purpose of a DMZ is to add an additional layer of security
to an organization\’s Local Area Network (LAN); an external attacker only has access to equipment
in the DMZ rather than any other part of the network.
QUESTION NO:5
Which of the following analyzes network traffic to trace specific transactions and can intercept and
log traffic passing over a digital network? Each correct answer represents a complete solution.
Choose all that apply.
A. Wireless sniffer
B. Spectrum analyzer
C. Protocol analyzer
D. Performance Monitor
Answer: A,C
Explanation:
Protocol analyzer (also known as a network analyzer, packet analyzer or sniffer, or for particular
types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer
hardware that can intercept and log traffic passing over a digital network. As data streams flow
across the network, the sniffer captures each packet and, if needed, decodes and analyzes its
content according to the appropriate RFC or other specifications.
Answer option D is incorrect. Performance Monitor is used to get statistical information about the
hardware and software components of a server.
Answer option B is incorrect. A spectrum analyzer, or spectral analyzer, is a device that is used to
examine the spectral composition of an electrical, acoustic, or optical waveform. It may also
measure the power spectrum.
QUESTION NO:25
Which of the following is a network that supports mobile communications across an arbitrary
number of wireless LANs and satellite coverage areas?
A. LAN
B. WAN
C. GAN
D. HAN
Answer: C
Explanation:
A global area network (GAN) is a network that is used for supporting mobile communications
across an arbitrary number of wireless LANs, satellite coverage areas, etc. The key challenge in
mobile communications is handing off the user communications from one local coverage area to
the next.
Answer option B is incorrect. A wide area network (WAN) is a geographically dispersed
telecommunications network. The term distinguishes a broader telecommunication structure from
a local area network (LAN). A wide area network may be privately owned or rented, but the term
usually connotes the inclusion of public (shared user) networks. An intermediate form of network in
terms of geography is a metropolitan area network (MAN). A wide area network is also defined as
a network of networks, as it interconnects LANs over a wide geographical area.
Answer option D is incorrect. A home area network (HAN) is a residential LAN that is used for
communication between digital devices typically deployed in the home, usually a small number of
personal computers and accessories, such as printers and mobile computing devices.
Answer option A is incorrect. The Local Area Network (LAN) is a group of computers connected
within a restricted geographic area, such as residence, educational institute, research lab, and
various other organizations. It allows the users to share files and services, and is commonly used
for intra-office communication. The LAN has connections with other LANs via leased lines, leased
services, or by tunneling across the Internet using the virtual private network technologies.
QUESTION NO:26 CORRECT TEXT
Fill in the blank with the appropriate term. A network is a local area
network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-
passing scheme is used for preventing the collision of data between two computers that want to
send messages at the same time.
Answer: Token Ring
Explanation:
A Token Ring network is a local area network (LAN) in which all computers are connected in a ring
or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data
between two computers that want to send messages at the same time. The Token Ring protocol is
the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring
protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very
similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16
megabits per second.
Working:
Empty information frames are constantly circulated on the ring. When a computer has a message
to send, it adds a token to an empty frame and adds a message and a destination identifier to the
frame. The frame is then observed by each successive workstation. If the workstation sees that it
is the destination for the message, it copies the message from the frame and modifies the token
back to 0.When the frame gets back to the originator, it sees that the token has been modified to 0
and that the message has been copied and received. It removes the message from the particular
frame.The frame continues to circulate as an empty frame, ready to be taken by a workstation
when it has a message to send.
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 312-38 exam successfully with our EC-COUNCIL materials. CertBus EC-Council Network Security Administrator exam PDF and VCE are the latest and most accurate. We have the best EC-COUNCIL in our team to make sure CertBus EC-Council Network Security Administrator exam questions and answers are the most valid. CertBus exam EC-Council Network Security Administrator exam dumps will help you to be the EC-COUNCIL specialist, clear your 312-38 exam and get the final success.
312-38 EC-COUNCIL exam dumps (100% Pass Guaranteed) from CertBus: http://www.certgod.com/312-38.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certgod.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.