• Home
  • Articles
  • Unique Top-selling 312-38 Exams - New 2022 EC-COUNCIL Pratice Exam [Q24-Q44]

Unique Top-selling 312-38 Exams - New 2022 EC-COUNCIL Pratice Exam [Q24-Q44]

Share

Unique Top-selling 312-38 Exams - New 2022 EC-COUNCIL  Pratice Exam

Certified Ethical Hacker Dumps 312-38 Exam for Full Questions - Exam Study Guide


EC-COUNCIL 312-38 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Threat Prediction with Cyber Threat Intelligence
  • Network Attacks and Defense Strategies
Topic 2
  • Incident Response and Forensic Investigation
  • Endpoint Security-IoT Devices
Topic 3
  • Network Logs Monitoring and Analysis
  • Network Perimeter Security
Topic 4
  • Network Traffic Monitoring and Analysis
  • Administrative Application Security
Topic 5
  • Enterprise Wireless Network Security
  • Endpoint Security- Mobile Devices
Topic 7
  • Risk Anticipation with Risk Management
  • Technical Network Security
Topic 8
  • Threat Assessment with Attack Surface Analysis
  • Administrative Network Security
Topic 9
  • Business Continuity and Disaster Recovery
  • Endpoint Security-Windows Systems
Topic 10
  • Enterprise Virtual Network Security
  • Data Security
Topic 11
  • Enterprise Cloud Network Security
  • Endpoint Security-Linux Systems

 

NEW QUESTION 24
Which of the following layers of the OSI model provides physical addressing?

  • A. Data link layer
  • B. Application layer
  • C. Physical layer
  • D. Network layer

Answer: A

 

NEW QUESTION 25
Which of the following is a passive attack?

  • A. Replay attack
  • B. Traffic analysis
  • C. Unauthorized access
  • D. Session hijacking

Answer: B

 

NEW QUESTION 26
Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail,
and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is
highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for
switching across switched networks. It can also be used to capture authentication information for FTP, telnet,
SMTP, HTTP, POP, NNTP, IMAP, etc.

  • A. Cain
  • B. Dsniff
  • C. LIDS
  • D. Libnids

Answer: B

Explanation:
Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff
include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing
both switched and shared networks. It uses the arpredirect and macof tools for switching across switched
networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP,
IMAP, etc.
Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as
Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking
program can perform the following types of password cracking attacks:
Dictionary attack
Brute force attack
Rainbow attack
Hybrid attack
Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux
operating system.

 

NEW QUESTION 27
DRAG DROP
Drag and drop the terms to match with their descriptions.

Answer:

Explanation:

Explanation:

Following are the terms with their descriptions:
A Trojan horse is a malicious software program that contains hidden code and masquerades itself as a normal program. When a Trojan horse program is run, its hidden code runs to destroy or scramble data on the hard disk. An example of a Trojan horse is a program that masquerades as a computer logon to retrieve user names and password information. The developer of a Trojan horse can use this information later to gain unauthorized access to computers. Trojan horses are normally spread by e-mail attachments. Ping sweep is a technique used to determine which of a range of IP addresses map to live hosts. It consists of ICMP ECHO requests sent to multiple hosts. If a given address is live, it will return an ICMP ECHO reply. A ping is often used to check that a network device is functioning. To disable ping sweeps on a network, administrators can block ICMP ECHO requests from outside sources. However, ICMP TIMESTAMP and ICMP INFO can be used in a similar manner. Spamware is software designed by or for spammers to send out automated spam e-mail. Spamware is used to search for e-mail addresses to build lists of e-mail addresses to be used either for spamming directly or to be sold to spammers. The spamware package also includes an e-mail harvesting tool. A backdoor is any program that allows a hacker to connect to a computer without going through the normal authentication process. The main advantage of this type of attack is that the network traffic moves from inside a network to the hacker's computer. The traffic moving from inside a network to the outside world is typically the least restrictive, as companies are more concerned about what comes into a network, rather than what leaves it. It, therefore, becomes hard to detect backdoors.

 

NEW QUESTION 28
A network designer needs to submit a proposal for a company, which has just published a web portal for its clients on the internet. Such a server needs to be isolated from the internal network, placing itself in a DMZ.
Faced with this need, the designer will present a proposal for a firewall with three interfaces, one for the internet network, another for the DMZ server farm and another for the internal network. What kind of topology will the designer propose?

  • A. DMZ, External-Internal firewall
  • B. Multi-homed firewall
  • C. Screened subnet
  • D. Bastion host

Answer: B

 

NEW QUESTION 29
You work as the network administrator for uCertify Inc. The company has planned to add the support for IPv6 addressing. The initial phase deployment of IPv6 requires support from some IPv6-only devices. These devices need to access servers that support only IPv4. Which of the following tools would be suitable to use?

  • A. Multipoint tunnels
  • B. NAT-PT
  • C. Native IPv6
  • D. Point-to-point tunnels

Answer: B

Explanation:
NAT-PT (Network address translation-Protocol Translation) is useful when an IPv4-only host needs to communicate with an IPv4-only host. NAT-PT (Network Address Translation-Protocol Translation) is an implementation of RFC 2766 as specified by the IETF. NAT-PT was designed so that it can be run on low-end, commodity hardware. NAT-PT runs in user space, capturing and translating packets between the IPv6 and IPv4 networks (and vice-versa). NAT-PT uses the Address Resolution Protocol (ARP) and Neighbor Discovery (ND) on the IPv4 and IPv6 network systems, respectively.

NAT-Protocol Translation can be used to translate both the source and destination IP addresses. Answer option D is incorrect. Native IPv6 is of use when the IPv6 deployment is pervasive, with heavy traffic loads. Answer option C is incorrect. Point-to-point tunnels work well when IPv6 is needed only in a subset of sites. These point-to-point tunnels act as virtual point-to-point serial link. These are
useful when the traffic is of very high volume.
Answer option A is incorrect. The multipoint tunnels are used for IPv6 deployment even when IPv6
is needed in a subset of sites and is suitable when the traffic is infrequent and of less predictable
volume.

 

NEW QUESTION 30
Identify the type of event that is recorded when an application driver loads successfully in Windows.

  • A. Success Audit
  • B. Information
  • C. Error
  • D. Warning

Answer: B

 

NEW QUESTION 31
Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply.

  • A. Human resources
  • B. Legal representative
  • C. Information security representative
  • D. Lead investigator
  • E. Technical representative
  • F. Sales representative

Answer: A,B,C,D,E

Explanation:
Incident response is a process that detects a problem, determines the cause of an issue,
minimizes the damages, resolves the problem, and documents each step of process for future
reference. To perform all these roles, an incident response team is needed. The incident response
team includes the following representatives who are involved in the incident response process:
Lead investigator: The lead investigator is the manager of an incident response team. He is
always involved in the creation of an incident response plan. The duties of a lead investigator are
as follows:
Keep the management updated.
Ensure that the incident response moves smoothly and efficiently.
Interview and interrogate the suspects and witnesses.
Information security representative: The information security representative is a member of the
incident response team who alerts the team about possible security safeguards that can impact
their ability to respond to an incident.
Legal representative: The legal representative is a member of the incident response team who
ensures that the process follows all the laws during the response to an incident.
Technical representative: Technical representative is a representative of the incident response
team. More than one technician can be deployed to an incident. The duties of a technical
representative are as follows:
Perform forensic backups of the systems that are involved in an incident.
Human resources: Human resources personnel ensure that the policies of the organization are
enforced during the incident response process. They suspend access to a suspect if it is needed.
Human resources personnel are closely related with the legal representatives and cover up the
organization's legal responsibility.
Answer option E is incorrect. This is an invalid option.

 

NEW QUESTION 32
Which of the following standards is a proposed enhancement to the 802.11a and 802.11b wireless LAN
(WLAN) specifications that offers quality of service (QoS) features, including the prioritization of data, voice,
and video transmissions?

  • A. 802.15
  • B. 802.11e
  • C. 802.11n
  • D. 802.11h

Answer: B

Explanation:
The 802.11e standard is a proposed enhancement to the 802.11a and 802.11b wireless LAN (WLAN)
specifications. It offers quality of service (QoS) features, including the prioritization of data, voice, and video
transmissions. 802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time
division multiple access (TDMA) construct, and adds error-correcting mechanisms for delay-sensitive
applications such as voice and video. Answer option D is incorrect. 802.11h refers to the amendment added to
the IEEE 802.11 standard for Spectrum and Transmit Power Management Extensions.
Answer option B is incorrect. 802.11n is an amendment to the IEEE 802.11-2007 wireless networking standard
to improve network throughput over the two previous standards - 802.11a and 802.11g - with a significant
increase in the maximum raw data rate from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a
channel width of 40 MHz. Answer option A is incorrect. IEEE 802.15 is a working group of the IEEE 802 and
specializes in Wireless PAN (Personal Area Network) standards. It includes seven task groups, which are as
follows:
1.Task group 1 (WPAN/Bluetooth)
2.Task group 2 (Coexistence)
3.Task group 3 (High Rate WPAN)
4.Task group 4 (Low Rate WPAN)
5.Task group 5 (Mesh Networking)
6.Task Group 6 (BAN)
7.Task group 7 (VLC)

 

NEW QUESTION 33
You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

  • A. 209.191.91.180
  • B. 172.16.10.90
  • C. 216.168.54.25
  • D. 141.1.1.1

Answer: C

Explanation:
The IP address of the sender of this email is 216.168.54.25. According to the scenario, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. Once you start to analyze the email header, you get an entry entitled as X-Originating-IP. You know that in Yahoo, the X-Originating-IP is the IP address of the email sender and in this case, the required IP address is 216.168.54.25.
Answer options A, C, and B are incorrect. All these are the IP addresses of the Yahoo and Wetpaint servers.

 

NEW QUESTION 34
Which of the following is a distance vector routing protocols? Each correct answer represents a complete solution. Choose all that apply.

  • A. OSPF
  • B. IGRP
  • C. REST IN PEACE
  • D. IS-IS

Answer: B,C

Explanation:
Explanation

 

NEW QUESTION 35
Which of the following attacks is a class of brute force attacks that depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations?

  • A. Replay attack
  • B. Phishing attack
  • C. Birthday attack
  • D. Dictionary attack

Answer: C

Explanation:
A birthday attack is a class of brute force attacks that exploits the mathematics behind the birthday problem in probability theory. It is a type of cryptography attack. The birthday attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations. Answer option D is incorrect. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit. Answer option A is incorrect. Phishing is a type of internet fraud attempted by hackers. Hackers try to log into system by masquerading as a trustworthy entity and acquire sensitive information, such as, username, password, bank account details, credit card details, etc. After collecting this information, hackers try to use this information for their gain. Answer option B is incorrect. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution.

 

NEW QUESTION 36
Which of the following is a non-profit organization that oversees the allocation of IP addresses, management of the DNS infrastructure, protocol parameter assignment, and root server system management?

  • A. ITU
  • B. ICANN
  • C. IEEE
  • D. ANSI

Answer: B

Explanation:
ICANN stands for Internet Corporation for Assigned Names and Numbers. ICANN is responsible for managing the assignment of domain names and IP addresses. ICANN's tasks include responsibility for IP address space allocation, protocol identifier assignment, top-level domain name system management, and root server system management functions. Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization that oversees the allocation of IP addresses, management of the DNS infrastructure, protocol parameter assignment, and root server system management.
Answer option B is incorrect. Institute of Electrical and Electronics Engineers (IEEE) is an organization of engineers and electronics professionals who develop standards for hardware and software.
Answer option C is incorrect. The International Telecommunication Union is an agency of the United Nations which regulates information and communication technology issues. ITU coordinates the shared global use of the radio spectrum, promotes international cooperation in assigning satellite orbits, works to improve telecommunication infrastructure in the developing world and establishes worldwide standards. ITU is active in areas including broadband Internet, latest-generation wireless technologies, aeronautical and maritime navigation, radio astronomy, satellite-based meteorology, convergence in fixed-mobile phone, Internet access, data, voice, TV broadcasting, and next-generation networks.
Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for fostering the development of technology standards in the United States. ANSI works with industry groups and is the U.S. member of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Long-established computer standards from ANSI include the American Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).

 

NEW QUESTION 37
Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends a large number of unsolicited commercial e-mail (UCE) messages to these addresses. Which of the following e-mail crimes is Peter committing?

  • A. E-mail spoofing
  • B. E-mail spam
  • C. E-mail storm
  • D. E-mail bombing

Answer: B

Explanation:
Peter is performing spamming activity. Spam is a term that refers to the unsolicited e-mails sent to a large number of e-mail users. The number of such e-mails is increasing day by day, as most companies now prefer to use e-mails for promoting their products. Because of these unsolicited e-mails, legitimate e-mails take a much longer time to deliver to their destination. The attachments sent through spam may also contain viruses.
However, spam can be stopped by implementing spam filters on servers and e-mail clients.
Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending a large number of unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for protection against this type of attack.
Answer option B is incorrect. An e-mail storm is a sudden spike of Reply All messages on an e-mail distribution list, usually caused by a controversial or misdirected message. Such storms start when multiple members of the distribution list reply to the entire list at the same time in response to an instigating message. Other members soon respond, usually adding vitriol to the discussion, asking to be removed from the list, or pleading for the cessation of messages. If enough members reply to these unwanted messages, this triggers a chain reaction of e-mail messages. The sheer load of traffic generated by these storms can render the e-mail servers carrying them inoperative, similar to a DDoS attack.
Some e-mail viruses also have the capacity to create e-mail storms, by sending copies of themselves to an infected user's contacts, including distribution lists, infecting the contacts in turn.
Answer option D is incorrect. E-mail spoofing is a term used to describe e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path, and Reply- To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field, it actually comes from another source.

 

NEW QUESTION 38
Which of the following is a standard protocol for interfacing external application software with an information
server, commonly a Web server?

  • A. CGI
  • B. IP
  • C. TCP
  • D. DHCP

Answer: A

Explanation:
The Common Gateway Interface (CGI) is a standard protocol for interfacing external application software with
an information server, commonly a Web server. The task of such an information server is to respond to
requests (in the case of web servers, requests from client web browsers) by returning output. When a user
requests the name of an entry, the server will retrieve the source of that entry's page (if one exists), transform it
into HTML, and send the result.
Answer option A is incorrect. DHCP is a Dynamic Host Configuration Protocol that allocates unique (IP)
addresses dynamically so that they can be used when no longer needed. A DHCP server is set up in a DHCP
environment with the appropriate configuration parameters for the given network. The key parameters include
the range or "pool" of available IP addresses, correct subnet masks, gateway, and name server addresses.
Answer option B is incorrect. The Internet Protocol (IP) is a protocol used for communicating data across a
packet-switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP.IP is the primary
protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol
datagrams (packets) from the source host to the destination host solely based on their addresses. For this
purpose, the Internet Protocol defines addressing methods and structures for datagram encapsulation. The
first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4), is still the
dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6), is being deployed
actively worldwide.
Answer option D is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol
operating at the transport layer of the OSI model. It provides a reliable packet delivery service encapsulated
within the Internet Protocol (IP). TCP guarantees the delivery of packets, ensures proper sequencing of data,
and provides a checksum feature that validates both the packet header and its data for accuracy. If the
network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty
packet. It can transmit large amounts of data. Application layer protocols, such as HTTP and FTP, utilize the
services of TCP to transfer files between clients and servers.

 

NEW QUESTION 39
Which of the following protocols is used by the Remote Authentication Dial In User Service (RADIUS) client/ server protocol for data transmission?

  • A. FCP
  • B. DCCP
  • C. FTP
  • D. UDP

Answer: D

Explanation:
Explanation

 

NEW QUESTION 40
Which of the following classes of IP addresses provides a maximum of only 254 host addresses per network ID?

  • A. Class A
  • B. Class C
  • C. Class D
  • D. Class B

Answer: B

 

NEW QUESTION 41
Which of the following is a distributed application architecture that partitions tasks or workloads between
service providers and service requesters? Each correct answer represents a complete solution. Choose all that
apply.

  • A. Peer-to-peer (P2P) computing
  • B. Peer-to-peer networking
  • C. Client-server computing
  • D. Client-server networking

Answer: C,D

Explanation:
Client-server networking is also known as client-server computing. It is a distributed application architecture
that partitions tasks or workloads between service providers (servers) and service requesters, called clients.
Often clients and servers operate over a computer network on separate hardware. A server machine is a high-
performance host that is running one or more server programs which share its resources with clients. A client
does not share any of its resources, but requests a server's content or service function. Clients therefore
initiate
communication sessions with servers which await (listen to) incoming requests.
Answer options D and B are incorrect. Peer-to-peer (P2P) computing or networking is a distributed application
architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent
participants in the application. They are said to form a peer-to-peer network of nodes. Peer-to-peer networking
(also known simply as peer networking) differs from client-server networking, where certain devices have the
responsibility to provide or "serve" data, and other devices consume or otherwise act as "clients" of those
servers.

 

NEW QUESTION 42
Which of the following are the common security problems involved in communications and email? Each correct
answer represents a complete solution. Choose all that apply.

  • A. Message modification
  • B. Message repudiation
  • C. Message digest
  • D. Eavesdropping
  • E. Message replay
  • F. Identity theft
  • G. False message

Answer: A,B,D,E,F,G

Explanation:
Following are the common security problems involved in communications and email:
Eavesdropping: It is the act of secretly listening to private information through telephone lines, e-mail, instant
messaging, and any other method of communication considered private.
Identity theft: It is the act of obtaining someone's username and password to access his/her email servers for
reading email and sending false email messages. These credentials can be obtained by eavesdropping on
SMTP, POP, IMAP, or Webmail connections.
Message modification: The person who has system administrator permission on any of the SMTP servers can
visit anyone's message and can delete or change the message before it continues on to its destination. The
recipient has no way of telling that the email message has been altered.
False message: It the act of constructing messages that appear to be sent by someone else.
Message replay: In a message replay, messages are modified, saved, and re-sent later.
Message repudiation: In message repudiation, normal email messages can be forged. There is no way for the
receiver to prove that someone had sent him/her a particular message. This means that even if someone has
sent a message, he/she can successfully deny it.
Answer option B is incorrect. A message digest is a number that is created algorithmically from a file and
represents that file uniquely.

 

NEW QUESTION 43
What is the range for well known ports?

  • A. 49152 through 65535
  • B. Above 65535
  • C. 1024 through 49151
  • D. 0 through 1023

Answer: D

 

NEW QUESTION 44
......

Best way to practice test for EC-COUNCIL 312-38: https://www.dumpsreview.com/312-38-exam-dumps-review.html

312-38 Dump Ready - Exam Questions and Answers: https://drive.google.com/open?id=1MHXVY4P5rVURLBAnqPGqKez31qJgmHEo

Related Articles

more
EC-COUNCIL 312-38 Certification Practice Exam

DumpsReview are the best company in providing valid dumps vce & exam review. We can provide the dumps vce & exam review of all largest companies including Cisco SAP Oracle HP IBM and so on..

Latest Dumps Review

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsReview NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
DumpsReview doesn't offer Real ISC Exam Questions. DumpsReview doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
DumpsReview material do not contain actual actual Oracle Exam Questions or material.
DumpsReview doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
DumpsReview Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
DumpsReview.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. DumpsReview does not own or claim any ownership on any of the brands.