Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
312-38 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide ECCouncil 312-38 Dumps with VCE and PDF 171-180

September 20, 2017

EnsurePass
2017 Sep ECCouncil Official New Released 312-38
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-38.html

EC-Council Network Security Administrator (ENSA)

Question No: 171 – (Topic 2)

Which of the following are the valid steps for securing routers? Each correct answer represents a complete solution. Choose all that apply.

  1. Use a password that is easy to remember for a router#39;s administrative console.

  2. Use a complex password for a router#39;s administrative console.

  3. Configure access list entries to prevent unauthorized connections and traffic routing.

  4. Keep routers updated with the latest security patches.

Answer: B,C,D Explanation:

The following are the valid steps for securing routers and devices:

Configure access list entries to prevent unauthorized connections and traffic routing. Use a complex password for a router#39;s administrative console.

Keep routers in locked rooms.

Keep routers updated with the latest security patches.

Use monitoring a equipment to protect routers and devices.

Router is a device that routes data packets between computers in different networks. It is used to connect multiple networks, and it determines the path to be taken by each data packet to its destination computer. Router maintains a routing table of the available routes and their conditions. By using this information, along with distance and cost algorithms, the router determines the best path to be taken by the data packets to the destination computer. A router can connect dissimilar networks, such as Ethernet, FDDI, and Token Ring, and route data packets among them. Routers operate at the network layer (layer 3) of the Open Systems Interconnection (OSI) model.

A security patch is a program that eliminates a vulnerability exploited by hackers.

Question No: 172 – (Topic 2)

In which of the following attacks does an attacker successfully insert an intermediary software or program between two communicating hosts?

  1. Session hijacking

  2. Denial-of-Service

  3. Man-in-the-middle

  4. Buffer overflow

Answer: C Explanation:

Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing

between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client.

Answer option B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as a network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to the network. The effects of a DoS attack are as follows:

Saturates network resources

Disrupts connections between two computers, thereby preventing communications between services

Disrupts services to a specific computer Causes failure to access a Web site

Results in an increase in the amount of spam

A Denial-of-Service attack is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on the weaknesses in the TCP/IP protocol.

Answer option D is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:

stack-based buffer overflow attack:

Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow.

heap-based buffer overflow attack:

Heap-based overflow attack floods the memory space reserved for the programs.

Answer option A is incorrect. Session hijacking refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to Web developers, as the HTTP cookies used to maintain a session on many Web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim#39;s computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

Question No: 173 – (Topic 2)

Which of the following is a standard-based protocol that provides the highest level of VPN security?

  1. IPSec

  2. IP

  3. PPP

  4. L2TP

Answer: A Explanation:

Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password.

IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP).

Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.

IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed actively worldwide.

Answer option C is incorrect. Point-to-Point Protocol (PPP) is a remote access protocol commonly used to connect to the Internet. It supports compression and encryption and can be used to connect to a variety of networks. It can connect to a network running on the IPX, TCP/IP, or NetBEUI protocol. It supports multi-protocol and dynamic IP assignments. It is the default protocol for the Microsoft Dial-Up adapter.

Answer option D is incorrect. Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer of Point-to-Point Protocol (PPP) traffic between different networks. L2TP combines with IPSec to provide tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol packets across IP networks.

Question No: 174 – (Topic 2)

Which of the following is a computer networking protocol used by hosts to retrieve IP address assignments and other configuration information?

  1. SNMP

  2. ARP

  3. DHCP

  4. Telnet

Answer: C Explanation:

The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database.

In the absence of DHCP, all hosts on a network must be manually configured individually – a time-consuming and often error-prone undertaking. DHCP is popular with ISP#39;s because it allows a host to obtain a temporary IP address.

Answer option B is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.

Answer option A is incorrect. The Simple Network Management Protocol (SNMP) allows a monitored device (for example, a router or a switch) to run an SNMP agent. This protocol is used for managing many network devices remotely.

When a monitored device runs an SNMP agent, an SNMP server can then query the SNMP agent running on the device to collect information such as utilization statistics or device configuration information. An SNMP-managed network typically consists of three components: managed devices, agents, and one or more network management systems. Answer option D is incorrect. Telnet (Telecommunication network) is a network protocol

used on the Internet or local area networks to provide a bidirectional interactive communications facility. Typically, Telnet provides access to a command-line interface on a remote host via a virtual terminal connection which consists of an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). User data is interspersed in- band with TELNET control information. Typically, the Telnet protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23.

Question No: 175 – (Topic 2)

Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to replay the cookie even while the session is valid on the server. Which of the following is the most likely reason of this cause?

  1. Encryption is performed at the network layer (layer 1 encryption).

  2. Encryption is performed at the application layer (single encryption key).

  3. No encryption is applied.

  4. Two way encryption is applied.

Answer: B Explanation:

Single key encryption uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible. Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption.

Therefore, it is commonly used when a message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses the symmetric encryption key algorithm to encrypt data.

Question No: 176 – (Topic 2)

Which of the following is a maintenance protocol that permits routers and host computers

to swap basic control information when data is sent from one computer to another?

  1. IGMP

  2. ICMP

  3. SNMP

  4. BGP

Answer: B Explanation:

Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information. An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet.

Answer option D is incorrect. BGP stands for Border Gateway Protocol. It is an interautonomous system routing protocol and is a form of Exterior Gateway Protocol (EGP). This protocol is defined in RFC-1267 and RFC-1268. It is used for exchanging network reachability information with other BGP systems. This information includes a complete list of intermediate autonomous systems that the network traffic has to cover in order to reach a particular network. This information is used for figuring out loop-free interdomain routing between autonomous systems.

BGP-4 is the latest version of BGP.

Answer option A is incorrect. Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks.

Answer option C is incorrect. Simple Network Management Protocol (SNMP) is a part of the TCP/IP protocol suite, which allows users to manage the network. SNMP is used to keep track of what is being used on the network and how the object is behaving.

Question No: 177 – (Topic 2)

Which of the following is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment?

  1. Acknowledgment Number

  2. Source Port Address

  3. Header Length

  4. Sequence Number

Answer: B Explanation:

Source Port Address is a 16-bit field that identifies the source port number of the application program in the host that is sending the segment.

Answer option A is incorrect. This is a 32-bit field that identifies the byte number that the sender of the segment is expecting to receive from the receiver.

Answer option C is incorrect. This is a 4-bit field that defines the 4-byte words in the TCP header. The header length can be between 20 and 60 bytes. Therefore, the value of this field can be between 5 and 15.

Answer option D is incorrect. This is a 32-bit field that identifies the number assigned to the first byte of data contained in the segment.

Question No: 178 – (Topic 2)

John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.

Original cookie values: ItemID1=2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1=2 ItemPrice1=1 ItemID2=1

ItemPrice2=1

Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?

  1. Computer-based social engineering

  2. Man-in-the-middle attack

  3. Cookie poisoning

  4. Cross site scripting

Answer: C Explanation:

John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

Ensurepass 2017 PDF and VCE

For example:

The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.

Original cookie values: ItemID1= 2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values:

ItemID1= 2 ItemPrice1=1 ItemID2=1 ItemPrice2=1

Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price.

Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values:

Original cookie values: LoggedIn= True Username = Mark Modified cookie values: LoggedIn= True Username = Admin

Now, after modifying the cookie values, the attacker can do the admin login.

Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user#39;s system. Cross site scripting attacks require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user#39;s Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

Question No: 179 – (Topic 2)

Which of the following policies is used to add additional information about the overall security posture and serves to protect employees and organizations from inefficiency or ambiguity?

  1. User policy

  2. Group policy

  3. Issue-Specific Security Policy

  4. IT policy

Answer: C Explanation:

The Issue-Specific Security Policy (ISSP) is used to add additional information about the overall security posture. It helps in providing detailed, targeted guidance for instructing organizations in the secure use of tech systems. This policy serves to protect employees and organizations from inefficiency or ambiguity.

Answer option A is incorrect. A user policy helps in defining what users can and should do to use network and organization#39;s computer equipment. It also defines what limitations are put on users for maintaining the network secure such as whether users can install programs on their workstations, types of programs users are using, and how users can access data.

Answer option D is incorrect. IT policy includes general policies for the IT department. These policies are intended to keep the network secure and stable. It includes the following:

Virus incident and security incident Backup policy

Client update policies

Server configuration, patch update, and modification policies (security) Firewall policiesDmz policy, email retention, and auto forwarded email policy

Answer option B is incorrect. A group policy specifies how programs, network resources, and the operating system work for users and computers in an organization.

Question No: 180 – (Topic 2)

Which of the following UTP cables uses four pairs of twisted cable and provides transmission speeds of up to 16 Mbps?

  1. Category 5e

  2. Category 5

  3. Category 3

  4. Category 6

Answer: C Explanation:

Category 3 type of UTP cable uses four pairs of twisted cable and provides transmission speeds of up to 16 Mbps. They are commonly used in Ethernet networks that operate at the speed of 10 Mbps. A higher speed is also possible by these cables implementing the

Fast Ethernet (100Base-T4) specifications. This cable is used mainly for telephone systems.

Answer option B is incorrect. This category of UTP cable is the most commonly used cable in present day networks. It consists of four twisted pairs and is used in those Ethernet networks that run at the speed of 100 Mbps. Category 5 cable can also provide a higher speed of up to 1000 Mbps.

Answer option A is incorrect. It is also known as Category 5 Enhanced cable. Its specification is the same as category 5, but it has some enhanced features and is used in Ethernets that run at the speed of 1000 Mbps.

Answer option D is incorrect. This category of UTP cable is designed to support high-speed networks that run at the speed of 1000 Mbps. It consists of four pairs of wire and uses all of them for data transmission. Category 6 provides more than twice the speed of Category 5e, but is

also more expensive.

100% Free Download!
Download Free Demo:312-38 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-38 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE