112-51 Network Defense Essentials (NDE) Exam Questions and Answers

WPA3 is the latest standard of Wi-Fi Protected Access, which was released in 2018 by the Wi-Fi Alliance. WPA3 uses a new handshake protocol called Simultaneous Authentication of Equals (SAE), which is based on a zero-knowledge proof known as dragonfly. Dragonfly is a key exchange algorithm that uses discrete logarithm cryptography to derive a shared secret between two parties, without revealing any information about their passwords or keys. Dragonfly is resistant to offline dictionary attacks, where an attacker tries to guess the password by capturing the handshake and testing different combinations. Dragonfly is also resistant to key recovery attacks, where an attacker tries to recover the encryption key by exploiting weaknesses in the algorithm or implementation. Dragonfly provides forward secrecy, which means that even if an attacker manages to compromise the password or key in the future, they cannot decrypt the past communication. WPA3 also supports other features such as increased key sizes, opportunistic wireless encryption, and protected management frames, which enhance the security and privacy of wireless networks.References:

• WPA3 Dragonfly Handshake
• WPA3 Encryption and Configuration Guide
• Dragon Fly - Zero Knowledge Proof
• What is SAE (Simultaneous Authentication of Equals)?
• Dragonfly - people.scs.carleton.ca

One of the most basic and important security guidelines for laptop users is to always log off or lock the system when unattended. This prevents unauthorized access to the system and the data stored on it by anyone who might have physical access to the laptop. Logging off or locking the system requires a password or other authentication method to resume the session, which adds a layer of protection to the laptop. Johana failed to comply with this security guideline, as she left the system active with the project file open and went for a coffee break, allowing Bob to access her system and modify the project file.References:

• Ten simple steps for keeping your laptop secure- Step 1: Require a password when logging in
• 6 Steps to Practice Strong Laptop Security- Step #1: Set complex passwords where it counts
• A Practical Guide to Securing Your Windows PC- Section: Lock your computer when you step away

The type of cloud

The type of cloudservice requested by Cibel.org in the above scenario is Platform-as-a-service (PaaS). PaaS is a cloud-based service that delivers a range of developer tools and deployment capabilities. PaaS provides a complete, ready-to-use, cloud-hosted platform for developing, running, maintaining and managing applications. PaaS customers do not need to install, configure, or manage the underlying infrastructure, such as servers, storage, network, or operating system. Instead, they can focus on the application development and deployment process, using the tools and services provided by the cloud service provider. PaaS solutions support cloud-native development technologies, such as microservices, containers, Kubernetes, serverless computing, that enable developers to build once, then deploy and manage consistently across private cloud, public cloud and on-premises environments. PaaS also offers features such as scalability, availability, security, backup, and monitoring for the applications. PaaS is suitable for organizations that want to develop customized applications without investing in or maintaining the infrastructure123. References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-40 to 3-41
• What is PaaS? A Beginner’s Guide to Platform as a Service - G2, G2, February 19, 2020
• Cloud Service Models Explained: SaaS, IaaS, PaaS, FaaS - Jelvix, Jelvix, July 14, 2020

The cloud layer of IoT architecture is the layer that hosts the servers that accept, store, and process the sensor data received from IoT gateways. The cloud layer also creates dashboards for monitoring, analyzing, and implementing proactive decisions to tackle the issue. The cloud layer provides scalability, reliability, and security for the IoT system.The cloud layer can use various cloud computing models, such as public, private, hybrid, or community clouds12.References:Network Defense Essentials - EC-Council Learning,IoT Architecture: The 4 Layers of an IoT System

Role-based access control (RBAC) is a type of access control model that refers to assigning permissions to a user role based on the rules defined for each user role by the administrator. In RBAC, the administrator creates different roles and assigns them the appropriate access rights to the resources. The administrator then assigns users to those roles based on their job functions. This way, the administrator can manage the access of users to the resources without having to deal with each user individually.RBAC can simplify the administration, enhance the security, and improve the scalability of the access control system12.References:Network Defense Essentials - EC-Council Learning,Role-Based Access Control (RBAC) and Role-Based Security

Dtex Systems is the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated. Dtex Systems is a user and entity behavior analytics (UEBA) platform that provides visibility, detection, and response capabilities for insider threats, compromised accounts, data loss, and fraud. Dtex Systems collects user activity data from endpoints, servers, cloud applications, and network traffic, and applies advanced analytics and machine learning to establish baselines of normal user behavior, identify anomalies, and assign risk scores. Dtex Systems also provides contextual information, such as user intent, motivation, and sentiment, to help security teams understand and respond to the threats.Dtex Systems can integrate with other security tools, such as SIEM, DLP, or IAM, to enhance the security posture of the organization123.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-35 to 3-36
• Dtex Systems - Wikipedia, Wikipedia, March 16, 2021
• Dtex Systems - User and Entity Behavior Analytics (UEBA), Dtex Systems, 2020

A hot backup is a type of backup mechanism that dynamically backs up the data even if the system or application resources are being used. A hot backup does not require the system or application to be shut down or paused during the backup process, and it allows the users to access the data while the backup is in progress. A hot backup ensures that the backup is always up to date and consistent with the current state of the data, and it minimizes the downtime and disruption of the system or application services. A hot backup is suitable for systems or applications that have high availability and performance requirements, such as databases, web servers, or email servers. A hot backup is the type of backup mechanism that Clark implemented in the above scenario, as he performed a backup that dynamically backs up the data even if the system or application resources are being used.References:

• Hot Backup- Week 5: Data Security
• Hot Backup vs. Cold Backup: What’s the Difference?
• Network Defense Essentials (NDE) | Coursera- Module 5: Data Security

anonymous proxy is a type of proxy that hides the user’s IP address and other identifying information from the web servers they access. An anonymous proxy acts as an intermediary between the user and the internet, and it modifies the HTTP headers to prevent the web servers from tracking the user’s location, browser, or device. An anonymous proxy can help the user bypass geo-restrictions, censorship, and online surveillance. However, an anonymous proxy does not encrypt the user’s traffic, and it may still leak some information to the proxy provider or other third parties. An anonymous proxy is the type of proxy employed by Mary in the above scenario, as she used a proxy tool that makes her online activity untraceable.References:

• What is a Proxy Server and How Does it Work?
• 13 Best Proxy Tools for PC [2024 Reviewed]- Section: Anonymous proxies
• The Fastest Free Proxy

The loT communication model that serves as an analyzer for a company to track monthly or yearly energy consumption is the device-to-cloud model. The device-to-cloud model is a loT communication model where the loT devices, such as smart meters, sensors, or thermostats, send data directly to the cloud platform, such as AWS, Azure, or Google Cloud, over the internet. The cloud platform then processes, analyzes, and stores the data, and provides feedback, control, or visualization to the users or applications. The device-to-cloud model enables the company to monitor and optimize the energy consumption of the loT devices in real time, and to leverage the cloud services, such as machine learning, big data analytics, or artificial intelligence, to perform advanced energy management and demand response.The device-to-cloud model also reduces the complexity and cost of the loT infrastructure, as it does not require intermediate gateways or servers to connect the loT devices to the cloud123.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-38 to 3-39
• loT Communication Models: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End Data-Sharing, DZone, July 9, 2018
• loT Communication Models: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End Data-Sharing, Medium, March 26, 2019

A sprinkler system is a type of fire-fighting system that uses a distribution piping system to suppress the fire. A sprinkler system consists of sprinkler heads that are connected to a water supply and activated by heat or smoke detectors. When a fire is detected, the sprinkler heads release water to extinguish the fire and prevent it from spreading.A sprinkler system can be wet, dry, pre-action, or deluge, depending on the type of water supply and activation mechanism12.References:Network Defense Essentials - EC-Council Learning,Essentials Of Fire Fighting, 7th Edition, Product Suite - IFSTA

Biometric authentication is a type of authentication that uses the physical or behavioral characteristics of a person to verify their identity. Biometric authentication is more secure and convenient than other methods such as passwords or tokens, as biometric traits are unique, hard to forge, and easy to use. Some examples of biometric authentication techniques are retina scanner, DNA, and voice recognition. Retina scanner uses a low-intensity light beam to scan the pattern of blood vessels at the back of the eye, which is unique for each individual. DNA uses the genetic code of a person to match their identity, which is the most accurate and reliable biometric technique. Voice recognition uses the sound and pitch of a person’s voice to verify their identity, which is influenced by factors such as anatomy, physiology, and psychology. These techniques fall under biometric authentication, as they use the physical or behavioral traits of a person to authenticate them.References:

• Biometric Authentication- Week 2: Identification, Authentication, and Authorization
• Biometric Authentication: What You Need To Know
• Biometric Authentication Techniques

The DMCA is a US law that aims to protect the rights of digital content creators and owners. It prohibits the unauthorized copying, distribution, modification, or circumvention of digital content, such as software, music, movies, etc. The DMCA also provides exceptions for certain purposes, such as fair use, research, education, or maintenance and repair of systems.In the scenario, Daniel was authorized to make a copy of computer programs while maintaining or repairing the system, which falls under the DMCA exception for system maintenance and repair12.References:Network Defense Essentials - EC-Council Learning,Network Defense Essentials (NDE) | Coursera

The network defense approach that was employed by Alice on her laptop was the preventive approach. The preventive approach aims to stop or deter potential attacks before they happen by implementing security measures that reduce the attack surface and increase the difficulty of exploitation. Biometric authentication is an example of a preventive measure that uses a physical characteristic, such as a fingerprint, iris, or face, to verify the identity of the user and grant access to the device or system. Biometric authentication is more secure than traditional methods, such as passwords or PINs, because it is harder to forge, guess, or steal. By locking her laptop and using biometric authentication, Alice prevented Bob from accessing her laptop and her confidential files without her permission.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 1-7 to 1-8
• What is Biometric Authentication?, Norton, July 29, 2020
• An introduction to network defense basics, Enable Sysadmin, November 26, 2019

HTTPS (Hypertext Transfer Protocol Secure) is a protocol that uses TLS/SSL to ensure secure transmission of data over the Internet. HTTPS is an extension of HTTP, which is the standard protocol for transferring data between web servers and browsers. HTTPS encrypts the data exchanged between the client and the server, preventing anyone from intercepting, modifying, or stealing the data. HTTPS also verifies the identity of the server using digital certificates, preventing spoofing or phishing attacks. HTTPS is widely used for web applications that handle sensitive information, such as online banking, e-commerce, or social media.References:

• HTTPS- Week 7: Email Security
• How does SSL work? | SSL certificates and TLS | Cloudflare
• SSL and TLS: A Beginners Guide | SANS Institute

Denial-of-service (DoS) is the category of suspicious traffic signature that George identified in the above scenario. DoS signatures are designed to detect attempts to disrupt or degrade the availability or performance of a system or network by overwhelming it with excessive or malformed traffic. SYN flood and ping of death are examples of DoS attacks that exploit the TCP/IP protocol to consume the resources or crash the target server. A SYN flood attack sends a large number of TCP SYN packets to the targetserver, without completing the three-way handshake, thus creating a backlog of half-open connections that exhaust the server’s memory or bandwidth. A ping of death attack sends a malformed ICMP echo request packet that exceeds the maximum size allowed by the IP protocol, thus causing the target server to crash or reboot.DoS attacks can cause serious damage to the organization’s reputation, productivity, and revenue, and should be detected and mitigated as soon as possible123.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-33 to 3-34
• What is a denial-of-service attack?, Cloudflare, 2020
• Denial-of-service attack - Wikipedia, Wikipedia, March 16, 2021

Orchestrators are tools that automate container deployment, administration, and scaling tasks. They allow you to reliably manage fleets of hundreds or thousands of containers in production environments. Orchestrators simplify container admin by letting you think in terms of application components instead of individual containers. They’re able to take control of all your app’s requirements, including config values, secrets, and network services. Orchestrators are the solution employed by Joseph in the above scenario, as he used an automated solution that converts images into containers, deploys them to the hosts, and further monitors container workflow from a single location.References:

• 13 Most Useful Container Orchestration Tools in 2024 - Spacelift
• Network Defense Essentials - CERT - EC-Council- Module 6: Virtualization and Cloud Computing

Unauthorized access signatures were identified by Kalley through the installed monitoring system. Unauthorized access signatures are designed to detect attempts to gain unauthorized access to a system or network by exploiting vulnerabilities, misconfigurations, or weak credentials. Password cracking, sniffing, and brute-forcing are common techniques used by attackers to obtain or guess the passwords of legitimate users or administrators and gain access to their accounts or privileges. These techniques generate suspicious traffic patterns that can be detected by traffic monitoring systems, such as Snort, using signature-based detection. Signature-based detection is based on the premise that abnormal or malicious network traffic fits a distinct pattern, whereas normal or benign traffic does not. Therefore, by installing a traffic monitoring system and capturing and reporting suspicious traffic signatures, Kalley can identify and prevent unauthorized access attempts and protect the security of her organization’s network.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-33 to 3-34
• Detecting Suspicious Traffic via Signatures - Intrusion Detection with Snort, O’Reilly, 2003
• Threat Signature Categories - Palo Alto Networks, Palo Alto Networks, 2020