Management asked their network administrator to suggest an appropriate backup medium for their
backup plan that best suits their organization's need. Which of the following factors will the
administrator consider when
deciding on the appropriate backup medium?
D
Explanation:
When deciding on the appropriate backup medium, the network administrator will
consider Reliability as the primary factor. This is because the backup medium must be dependable
for restoring data in case of data loss or system failure. The reliability of a backup medium ensures
that data can be recovered accurately and completely when needed.
Reference: The importance of reliability in choosing a backup medium is supported by best practices
in data backup and recovery, which emphasize the need for a dependable backup solution to ensure
data integrity and availability1234
.
Which of the following network monitoring techniques requires extra monitoring software or
hardware?
B
Explanation:
Switch-based network monitoring requires additional monitoring software or hardware because
switches operate at the data link layer of the OSI model and do not inherently provide monitoring
capabilities. To monitor traffic through a switch, network administrators must use port mirroring or a
network tap, which involves configuring the switch to send a copy of the network packets to a
monitoring device. This allows the monitoring device to analyze the traffic passing through the
switch without interfering with the network’s normal operation. This technique is essential for deep
packet inspection, intrusion detection systems, and for gaining visibility into the traffic between
devices in a switched network.
Reference: The need for extra monitoring software or hardware in switch-based network monitoring
is consistent with the Certified Network Defender (CND) curriculum, which emphasizes the
importance of implementing robust network monitoring practices to detect and respond to security
threats12
.
Additionally, the use of port mirroring and network taps as methods to monitor switch-
based networks is a standard practice in network security, aligning with the CND’s focus on technical
network security measures34
.
Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP
address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He
also wants IP
addresses to be private addresses, to prevent public Internet devices direct access to them. What
should Steven implement on the firewall to ensure this happens?
D
Explanation:
Steven should implement Network Address Translation (NAT) on the firewall to ensure that the IP
addresses of the workstations are private and not directly accessible from the public Internet. NAT
translates the private IP addresses of the workstations to a public IP address before they are sent out
to the Internet, and vice versa for incoming traffic. This not only hides the internal IP addresses but
also allows multiple devices to share a single public IP address, which is essential as the company
grows.
Reference: The concept of NAT and its role in protecting internal network resources while allowing
Internet access is a fundamental topic covered in the Certified Network Defender (CND) course. It is
also a standard practice in network security, aligning with the objectives of ensuring the
confidentiality and integrity of network infrastructure.
What is the name of the authority that verifies the certificate authority in digital certificates?
C
Explanation:
In the context of digital certificates, the Registration Authority (RA) is responsible for verifying the
identity of entities requesting a certificate before the Certificate Authority (CA) issues it. The RA acts
as a verifier for the CA, ensuring that the entity requesting the certificate is who they claim to be.
This process is crucial for maintaining trust within a digital environment, as it prevents the issuance
of certificates to fraudulent or unauthorized entities.
Reference: The role of the Registration Authority in the verification process is outlined in the EC-
Council’s Certified Network Defender (CND) curriculum, which covers the essential concepts of
network security, including the management and issuance of digital certificates.
Will is working as a Network Administrator. Management wants to maintain a backup of all the
company data as soon as it starts operations. They decided to use a RAID backup storage technology
for their data backup
plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data
written to one disk is copied automatically to the other disk as well. This maintains an additional
copy of the dat
a.
Which RAID level is used here?
B
Explanation:
The RAID level used here is RAID 1, which is also known as disk mirroring. In this setup, all the data
written to one disk is automatically copied to another disk, creating an exact duplicate of the data.
This ensures that if one disk fails, the data is still available on the other disk, providing redundancy
and protecting against data loss. RAID 1 is a common choice for systems where data availability and
integrity are critical.
Reference: This explanation is consistent with the principles outlined in the EC-Council’s Certified
Network Defender (CND) course materials, which describe RAID 1 as a configuration that duplicates
data across multiple disks to ensure redundancy and data availability1
.
You are monitoring your network traffic with the Wireshark utility and noticed that your network is
experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the
network. What will be your
first reaction as a first responder?
C
Explanation:
As a first responder to a suspected DoS incident, the initial reaction should be to make an initial
assessment. This involves quickly evaluating the situation to understand the scope and impact of the
incident. An initial assessment helps in determining whether the unusual traffic is indeed a DoS
attack or a false positive. It also aids in deciding the next steps, such as whether to escalate the
incident, what resources are required, and how to communicate the issue to relevant stakeholders.
Reference: The approach aligns with best practices for incident response, which emphasize the
importance of an initial assessment to understand the nature and extent of a security incident before
proceeding with further actions123
.
If a network is at risk from unskilled individuals, what type of threat is this?
C
Explanation:
Unstructured threats typically originate from individuals who lack advanced skills or a sophisticated
understanding of network systems. These threats often involve simple methods to disrupt network
operations, such as basic malware attacks or exploiting known vulnerabilities that have not been
patched. In the context of the Certified Network Defender (CND) program, unstructured threats are
recognized as those that can be caused by unskilled individuals who may inadvertently introduce
risks to the network through misconfigurations or inadequate security practices.
Reference: The Certified Network Defender (CND) curriculum addresses various types of threats,
including unstructured threats, and emphasizes the importance of securing networks against all
levels of skill and sophistication among potential attackers12
.
It also covers the need for continuous
monitoring and the implementation of security best practices to mitigate the risks posed by both
unstructured and structured threats34
.
According to the company's security policy, all access to any network resources must use Windows
Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is
not using Windows
Authentication. What needs to happen to force this server to use Windows Authentication?
D
Explanation:
To enforce Windows Active Directory Authentication on a Linux server, the Pluggable Authentication
Modules (PAM) configuration files must be edited. PAM provides a way to develop programs that are
independent of authentication scheme. These files, located in /etc/pam.d/, dictate how a Linux
system handles authentication for various services. To integrate Windows Active Directory with a
Linux server, specific PAM modules like pam_krb5 or pam_winbind can be used. These modules
allow the Linux system to communicate with the Active Directory server for authentication purposes.
The process typically involves installing necessary packages, joining the Linux server to the AD
domain, and configuring the PAM files to use AD for authentication.
Reference: The procedure for integrating Linux servers with Windows Active Directory is documented
in various Linux administration guides and resources12
.
Specific steps can also be found in tutorials
and official documentation from Linux distributions that support Active Directory integration345
.
Kelly is taking backups of the organization's dat
a. Currently, he is taking backups of only those files which are created or modified after the last
backup. What type of backup is Kelly using?
B
Explanation:
An incremental backup is a type of data backup that copies only the files that have been created or
modified since the last backup operation of any type. This method is efficient because it only backs
up data that has changed, which can save on storage space and reduce the time needed to complete
the backup. In Kelly’s case, since he is backing up only the new or changed files since the last backup,
he is using an incremental backup approach.
Reference: The explanation aligns with the standard backup methodologies where an incremental
backup captures only the changes made since the last backup, which can be either a full or another
incremental backup1234
.
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He
suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's
network. Which
of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?
C
Explanation:
TCP OS fingerprinting attempts can be identified by analyzing various TCP/IP stack behaviors, one of
which is the TCP Maximum Segment Size (MSS). The MSS value indicates the size of the largest
segment of TCP data that a device is willing to receive. Different operating systems have different
default MSS values, and a value less than 1460 can suggest an OS fingerprinting attempt, as it may
indicate that the sender is trying to avoid fragmentation or is probing to discover the OS based on
MSS response.
Reference: The use of Wireshark to monitor and analyze network traffic, including identifying TCP OS
fingerprinting attempts, is covered in the EC-Council’s Certified Network Defender (CND) course. The
course materials would include detailed explanations on how to use Wireshark filters to detect such
activities, and the reference to MSS values is consistent with standard network analysis practices for
identifying OS fingerprinting attempts.