# [Free] 2017(Sep) EnsurePass Examcollection ECCouncil 312-38 Dumps with VCE and PDF 51-60

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep ECCouncil Official New Released 312-38
http://www.EnsurePass.com/312-38.html

#### Question No: 51 CORRECT TEXT – (Topic 1)

Fill in the blank with the appropriate word. The primary goal of risk analysis is to determine the proportion of effect and theoretical response.

#### Question No: 52 – (Topic 1)

Which of the following topologies is a type of physical network design where each computer in the network is connected to a central device through an unshielded twisted- pair (UTP) wire?

1. Mesh topology

2. Star topology

3. Ring topology

4. Bus topology

Star topology is a type of physical network design where each computer in the network is connected to a central device, called hub, through an unshielded twisted-pair (UTP) wire. Signals from the sending computer go to the hub and are then transmitted to all the computers in the network. Since each workstation has a separate connection to the hub, it is easy to troubleshoot. Currently, it is the most popular topology used for networks.

Star Topology:

Answer option A is incorrect. Mesh network topology is a type of physical network design where all devices in a network are connected to each other with many redundant connections. It provides multiple paths for the data traveling on the network to reach its destination. Mesh topology also provides redundancy in the network. It employs the full mesh and partial mesh methods to connect devices. In a full mesh topology network, each computer is connected to all the other computers. In a partial mesh topology network, some of the computers are connected to all the computers, whereas some are connected to only those computers with which they frequently exchange data.

Mesh Topology:

Answer option D is incorrect. Bus topology is a type of physical network design where all computers in the network are connected through a single coaxial cable known as bus. This topology uses minimum cabling and is therefore, the simplest and least expensive topology for small networks. In this topology, 50 ohm terminators terminate both ends of the network. A Bus topology network is difficult to troubleshoot, as a break or problem at any point along the cable can cause the entire network to go down.

Bus Topology:

Answer option C is incorrect. Ring topology is a type of physical network design where all computers in the network are connected in a closed loop. Each computer or device in a Ring topology network acts as a repeater. It transmits data by passing a token around the network in order to prevent the collision of data between two computers that want to send messages at the same time. If a token is free, the computer waiting to send data takes it, attaches the data and destination address to the token, and sends it. When the token reaches its destination computer, the data is copied. Then, the token gets back to the originator. The originator finds that the message has been copied and received and removes the message from the token. Now, the token is free and can be used by the other computers in the network to send data. In this topology, if one computer fails, the entire network goes down.

Ring Topology:

#### Question No: 53 CORRECT TEXT – (Topic 1)

Fill in the blank with the appropriate term. A is a technique to authenticate

digital documents by using computer cryptography.

#### Question No: 54 – (Topic 1)

Which of the following is an intrusion detection system that reads all incoming packets and tries to find suspicious patterns known as signatures or rules?

1. HIDS

2. IPS

3. DMZ

4. NIDS

A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. A NIDS reads all the incoming packets and tries to find suspicious patterns known as signatures or rules. It also tries to detect incoming shell codes in the same manner that an ordinary intrusion detection systems does.

Answer option A is incorrect. A host-based intrusion detection system (HIDS) produces a false alarm because of the abnormal behavior of users and the network. A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than the network packets on its external interfaces. A host-based Intrusion Detection System (HIDS) monitors all or parts of the dynamic behavior and the state of a computer system. HIDS looks at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and checks that the contents of these appear as expected. Answer option B is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

Answer option C is incorrect. A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security

to an organization#39;s Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.

#### Question No: 55 CORRECT TEXT – (Topic 1)

Fill in the blank with the appropriate term. The is typically considered as the top InfoSec officer in the organization and helps in maintaining current and appropriate body of knowledge required to perform InfoSec management functions.

#### Question No: 56 – (Topic 1)

In which of the following types of port scans does the scanner attempt to connect to all 65,535 ports?

1. UDP

2. Strobe

3. FTP bounce

4. Vanilla

In a vanilla port scan, the scanner attempts to connect to all 65,535 ports.

Answer option B is incorrect. The scanner attempts to connect to only selected ports. Answer option A is incorrect. The scanner scans for open User Datagram Protocol ports. Answer option C is incorrect. The scanner goes through a File Transfer Protocol server to

disguise the cracker#39;s location.

#### Question No: 57 – (Topic 1)

Which of the following is a firewall that keeps track of the state of network connections traveling across it?

1. Stateful firewall

2. Stateless packet filter firewall

3. Circuit-level proxy firewall

4. Application gateway firewall

A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.Answer option B is incorrect. A stateless packet filter firewall allows direct connections from the external network to hosts on the internal network and is included with router configuration software or with Open Source operating systems.

Answer option C is incorrect. It applies security mechanisms when a TCP or UDP connection is established.

Answer option D is incorrect. An application gateway firewall applies security mechanisms to specific applications, such as FTP and Telnet servers.

#### Question No: 58 CORRECT TEXT – (Topic 1)

Fill in the blank with the appropriate term. encryption is a type of encryption that uses two keys, i.e., a public key and a private key pair for data encryption. It is also known as public key encryption.

#### Question No: 59 CORRECT TEXT – (Topic 1)

Fill in the blank with the appropriate term. is a protocol used to synchronize the timekeeping among the number of distributed time servers and clients.