312-38 Exam Prep Free – 50 Practice Questions to Get You Ready for Exam Day
Getting ready for the 312-38 certification? Our 312-38 Exam Prep Free resource includes 50 exam-style questions designed to help you practice effectively and feel confident on test day
Effective 312-38 exam prep free is the key to success. With our free practice questions, you can:
- Get familiar with exam format and question style
- Identify which topics you’ve mastered—and which need more review
- Boost your confidence and reduce exam anxiety
Below, you will find 50 realistic 312-38 Exam Prep Free questions that cover key exam topics. These questions are designed to reflect the structure and challenge level of the actual exam, making them perfect for your study routine.
Which risk management phase helps in establishing context and quantifying risks?
A. Risk identification
B. Risk assessment
C. Risk review
D. Risk treatment
If an organization has decided to consume PaaS Cloud service model, then identify the organization's responsibility that they need to look after based on shared responsibility model.
A. Data, interfaces, application, etc.
B. Data, interfaces, application, middleware, OS, VM, virtual network, etc.
C. Data, interfaces, application, middleware, OS, VM, virtual network, hypervisors, processing and memory, data storage, network interfaces, facilities and data centers, etc.
D. Data, interfaces, etc.
Which among the following is used by anti-malware systems and threat intelligence platforms to spot and stop malicious activities at an initial stage?
A. Indicators of attack
B. Key risk indicators
C. Indicators of compromise
D. Indicators of exposure
How many layers are present in the OSI layer model?
A. 5
B. 4
C. 7
D. 9
Daniel who works as a network administrator has just deployed an IDS in his organization's network. He wants to calculate the False Positive rate for his implementation. Which of the following formulas will he use, to calculate the False Positive rate?
A. False Negative/True Negative+True Positive
B. False Positive/False Positive+True Negative
C. True Negative/False Negative+True Positive
D. False Negative/False Negative+True Positive
Which phase of incident response process involves collection of incident evidence and sending them to forensic department for further investigation?
A. Incident containment
B. Incident recording and assignment
C. Eradication
D. Preparation for incident response
Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?
A. Analysis of Threats
B. Application of Appropriate OPSEC Measures
C. Identification of Critical Information
D. Analysis of Vulnerabilities
E. Assessment of Risk
How is an “attack” represented?
A. Motive (goal) + method
B. Motive (goal) + method + vulnerability
C. Asset + Threat + Vulnerability
D. Asset + Threat
Which of the following layers provides communication session management between host computers?
A. Application layer
B. Internet layer
C. Transport layer
D. Link layer
Disaster Recovery is a
A. Operation-centric strategy
B. Security-centric strategy
C. Data-centric strategy
D. Business-centric strategy
Which of the following is a presentation layer protocol?
A. TCP
B. RPC
C. BGP
D. LWAPP
What is the range for private ports?
A. 49152 through 65535
B. 1024 through 49151
C. Above 65535
D. 0 through 1023
Which of the following is a session layer protocol?
A. RPC
B. SLP
C. RDP
D. ICMP
Which of the following IP addresses is not reserved for the hosts? Each correct answer represents a complete solution. Choose all that apply.
A. E-Class
B. class D
C. class A
D. B-
Which of the following statement holds true in terms of containers?
A. Container requires more memory space
B. Each container runs in its own OS
C. Container is fully isolated; hence, more secure
D. Process-level isolation happens; a container in hence less secure
Which of the following attacks, the attacker cannot use the software, which is trying a number of key combinations in order to obtain your password?
A. Buffer overflow
B. Zero-day attack
C. Smurf attack
D. None
E. Shock brutal force
A local bank wants to protect their card holder data. The bank should comply with the __________ standard to ensure the security of card holder data.
A. PCI DSS
B. SOX
C. HIPAA
D. ISEC
In ______ method, event logs are arranged in the form of a circular buffer.
A. Non-wrapping method
B. LIFO method
C. Wrapping method
D. FIFO method
Which of the following refers to a potential occurrence of an undesired event that can eventually damage and interrupt the operational and functional activities of an organization?
A. Attack
B. Risk
C. Threat
D. Vulnerability
Which of the following is a Cisco product that performs VPN and firewall functions?
A. Circuit-Level Gateway
B. PIX Firewall
C. IP Packet Filtering Firewall
D. Application Level Firewall
Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?
A. Verification
B. Mitigation
C. Remediation
D. Assessment
How many layers are present in the TCP/IP model?
A. 10
B. 5
C. 4
D. 7
What defines the maximum time period an organization is willing to lose data during a major IT outage event?
A. RPO
B. BC
C. RTO
D. DR
Which of the following steps OPSEC process examines every aspect of the proposed operation to identify the OPSEC indicators that can reveal important information and then compare them with indicators of the opponent's intelligence collection capabilities identified in the previous activity?
A. Identification of Critical Information
B. analysis weakness
C. risk assessment
D. Appropriate OPSEC measures
E. analysis of threats
Which among the following filter is used to detect a SYN/FIN attack?
A. tcp.flags==0x002
B. tcp.flags==0x004
C. tcp.flags==0x003
D. tcp.flags==0x001
Which of the following is also known as slag code?
A. Trojan
B. Logic bomb
C. Worm
D. IRC bot
Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages to detect port scans and other suspicious traffic?
A. PSAD
B. Hping
C. NetRanger
D. Nmap
Which BC/DR activity works on the assumption that the most critical processes are brought back from a remote location first, followed by the less critical functions?
A. Recovery
B. Restoration
C. Response
D. Resumption
Which of the following acts as a verifier for the certificate authority?
A. Registration authority
B. Certificate authority
C. Directory management system
D. Certificate Management system
Which of the following can be used to suppress fire from Class K sources?
A. Water
B. Carbon dioxide
C. Foam
D. Dry Chemical
Which of the following IEEE standards defines a physical bus topology?
A. 802.4
B. 802.5
C. 802.6
D. 802.3
Which of the following systems includes an independent NAS Head and multiple storage arrays?
A. FreeNAS
B. None of these
C. Gateway NAS System
D. Integrated NAS System
Which of the following helps in viewing account activity and events for supported services made by AWS?
A. AWS CloudFormation
B. AWS Certificate Manager
C. AWS CloudHSM
D. AWS CloudTrial
James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack. Which of the following Wireshark filters will he use?
A. Icmp.type==8 or icmp.type==16
B. icmp.type==8 or icmp.type==0
C. icmp.type==8 and icmp.type==0
D. Icmp.type==0 and icmp.type==16
During the recovery process, RTO and RPO should be the main parameters of your disaster recovery plan. What does RPO refer to?
A. The encryption feature, acting as add-on security to the data
B. The hot plugging technique used to replace computer components
C. The duration required to restore the data
D. The interval after which the data quality is lost
Which of the following is a term to describe the use of inert gases and chemical agents to extinguish a fire?
A. Gaseous fire suppression
B. Fire alarm system
C. Fire sprinkler
D. Fire suppression system
Chris is a senior network administrator. Chris wants to measure the Key Risk Indicator (KRI) to assess the organization. Why is Chris calculating the KRI for his organization? It helps Chris to:
A. Identifies adverse events
B. Facilitates backward viewing
C. Notifies when risk has reached threshold levels
D. Facilitates post incident management
You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete solution. (Choose two.)
A. Using WPA encryption
B. Not broadcasting SSID
C. Using WEP encryption
D. MAC filtering the router
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's __________ integrity check mechanism provides security against a replay attack.
A. CBC-MAC
B. CRC-MAC
C. CBC-32
D. CRC-32
Which of the following TCP/IP state transitions represents no connection state at all?
A. Closed
B. Closing
C. Close-wait
D. Fin-wait-1
Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?
A. Behavior-based IDS
B. Anomaly-based IDS
C. Signature-based IDS
D. Stateful protocol analysis
Adam works as a Professional Penetration Tester. A project has been assigned to him to test the vulnerabilities of the CISCO Router of Umbrella Inc. Adam finds out that HTTP Configuration Arbitrary Administrative Access Vulnerability exists in the router. By applying different password cracking tools, Adam gains access to the router. He analyzes the router config file and notices the following lines: logging buffered errors logging history critical logging trap warnings logging 10.0.1.103 By analyzing the above lines, Adam concludes that this router is logging at log level 4 to the syslog server 10.0.1.103. He decides to change the log level from 4 to 0. Which of the following is the most likely reason of changing the log level?
A. Changing the log level from 4 to 0 will result in the logging of only emergencies. This way the modification in the router is not sent to the syslog server.
B. By changing the log level, Adam can easily perform a SQL injection attack.
C. Changing the log level grants access to the router as an Administrator.
D. Changing the log level from 4 to 0 will result in the termination of logging. This way the modification in the router is not sent to the syslog server.
Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other. How will they ensure the authenticity of their emails?
A. Dan will use his digital signature to sign his mails while Alex will use Dan’s public key to verify the authenticity of the mails.
B. Dan will use his digital signature to sign his mails while Alex will use his private key to verify the authenticity of the mails.
C. Dan will use his private key to encrypt his mails while Alex will use his digital signature to verify the authenticity of the mails.
D. Dan will use his public key to encrypt his mails while Alex will use Dan’s digital signature to verify the authenticity of the mails.
Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?
A. Shared Responsibility Model for Container Services
B. Shared Responsibility Model for Infrastructure Services
C. Shared Responsibility Model for Abstract Services
D. Shared Responsibility Model for Storage Services
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?
A. Packet Filtering
B. Circuit level gateway
C. Application level gateway
D. Stateful Multilayer Inspection
Which of the following is a Windows in-built feature that provides filesystem-level encryption in the OS (starting from Windows 2000), except the Home version of Windows?
A. EFS
B. Disk Utility
C. BitLocker
D. FileVault
Which of the following UTP cables supports transmission up to 20MHz?
A. Category 2
B. Category 5e
C. Category 4
D. Category 1
Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?
A. Application sandboxing
B. Deployment of WAFS
C. Application whitelisting
D. Application blacklisting
Which of the following things need to be identified during attack surface visualization?
A. Attacker’s tools, techniques, and procedures
B. Authentication, authorization, and auditing in networks
C. Regulatory frameworks, standards and, procedures for organizations
D. Assets, topologies, and policies of the organization
Which of the following intrusion detection techniques observes the network for abnormal usage patterns by determining the performance parameters for regular activities and monitoring for actions beyond the normal parameters?
A. Statistical anomaly detection
B. Signature/Pattern matching
C. None of these
D. Stateful protocol analysis
Access Full 312-38 Exam Prep Free
Want to go beyond these 50 questions? Click here to unlock a full set of 312-38 exam prep free questions covering every domain tested on the exam.
We continuously update our content to ensure you have the most current and effective prep materials.
Good luck with your 312-38 certification journey!