112-51 Network Defense Essentials (NDE) Exam Questions and Answers

WPA3 is the latest standard of Wi-Fi Protected Access, which was released in 2018 by the Wi-Fi Alliance. WPA3 uses a new handshake protocol called Simultaneous Authentication of Equals (SAE), which is based on a zero-knowledge proof known as dragonfly. Dragonfly is a key exchange algorithm that uses discrete logarithm cryptography to derive a shared secret between two parties, without revealing any information about their passwords or keys. Dragonfly is resistant to offline dictionary attacks, where an attacker tries to guess the password by capturing the handshake and testing different combinations. Dragonfly is also resistant to key recovery attacks, where an attacker tries to recover the encryption key by exploiting weaknesses in the algorithm or implementation. Dragonfly provides forward secrecy, which means that even if an attacker manages to compromise the password or key in the future, they cannot decrypt the past communication. WPA3 also supports other features such as increased key sizes, opportunistic wireless encryption, and protected management frames, which enhance the security and privacy of wireless networks.References:

• WPA3 Dragonfly Handshake
• WPA3 Encryption and Configuration Guide
• Dragon Fly - Zero Knowledge Proof
• What is SAE (Simultaneous Authentication of Equals)?
• Dragonfly - people.scs.carleton.ca

The type of cloud

The type of cloudservice requested by Cibel.org in the above scenario is Platform-as-a-service (PaaS). PaaS is a cloud-based service that delivers a range of developer tools and deployment capabilities. PaaS provides a complete, ready-to-use, cloud-hosted platform for developing, running, maintaining and managing applications. PaaS customers do not need to install, configure, or manage the underlying infrastructure, such as servers, storage, network, or operating system. Instead, they can focus on the application development and deployment process, using the tools and services provided by the cloud service provider. PaaS solutions support cloud-native development technologies, such as microservices, containers, Kubernetes, serverless computing, that enable developers to build once, then deploy and manage consistently across private cloud, public cloud and on-premises environments. PaaS also offers features such as scalability, availability, security, backup, and monitoring for the applications. PaaS is suitable for organizations that want to develop customized applications without investing in or maintaining the infrastructure123. References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-40 to 3-41
• What is PaaS? A Beginner’s Guide to Platform as a Service - G2, G2, February 19, 2020
• Cloud Service Models Explained: SaaS, IaaS, PaaS, FaaS - Jelvix, Jelvix, July 14, 2020

Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.References:

• [Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring
• Network Defense Essentials (NDE) | Coursera- Week 12: Network Traffic Monitoring
• [Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?

A device-to-cloud model is a type of IoT communication model that connects the IoT devices directly to the cloud platform, where the data is stored, processed, and analyzed. The device-to-cloud model enables remote access, real-time monitoring, and scalability of IoT applications. The device-to-cloud model requires the IoT devices to have internet connectivity and cloud compatibility. In the above scenario, John used a device-to-cloud model to monitor his grandfather’s health condition, as he placed a smart wearable ECGon his grandfather’s wrist that sent the data to the cloud platform, where John could access it from his mobile phone and receive alerts periodically.References:

• Communication Models in IoT (Internet of Things)- Section: Device-to-Cloud Model
• IoT Communication Models - IoTbyHVM- Section: Device to Cloud Communication Model
• Logical Design of IoT | Communication Models | APIs | Functional Blocks- Section: Device-to-Cloud Communication Model

The type of attack initiated by the organization as part of the security campaign discussed in the above scenario is phishing. Phishing is a form of fraud where cybercriminals use email, instant messaging, or other social media to try to gather information such as login credentials by masquerading as a reputable person or organization. Phishing occurs when a malicious party sends a fraudulent email disguised as being from an authorized, trusted source, and tries to persuade the recipient to click on a link, open an attachment, or provide personal information. The link or attachment may lead to a fake website or install malware on the recipient’s device, while the personal information may be used for identity theft, account takeover, or other malicious purposes. Phishing is one of the most common and effective cyberattacks, as it exploits the human factor and relies on social engineering techniques to manipulate the victim’s emotions, such as urgency, fear, orcuriosity. Phishing can be prevented or mitigated by educating the users on how to recognize and report phishing emails, using strong and unique passwords, enabling multi-factor authentication, and installing security software123. References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-30 to 3-31
• 20 types of phishing attacks + phishing examples - Norton, Norton, October 03, 2022
• Types of Email Attacks - GeeksforGeeks, GeeksforGeeks, May 30, 2023

WPA2 (Wi-Fi Protected Access 2) is an encryption technology that secures wireless networks using the IEEE 802.11i standard. WPA2 uses a four-way handshake to authenticate the client and the access point, and to generate a pairwise transient key (PTK) for encrypting the data. The PTK is derived from the password pairwise master key (PMK), which is a shared secret between the client and the access point. The PMK can be obtained either by using a pre-shared key (PSK) or by using an 802.1X authentication server. In the above scenario, George performed password cracking on WPA2, as he used sniffing tools to capture the PMK associated with the handshake authentication process. Then, using the PMK, he was able to derive the PTK and decrypt the data exchanged between the client and the access point.References:

• WPA2- Wikipedia
• How WPA2-PSK encryption works?- Cryptography Stack Exchange
• WPA2 Encryption and Configuration Guide- Cisco Meraki Documentation

Geofencing is a technique that uses the user’s location data to create a virtual boundary around a specific geographic area. Mobile applications can use geofencing to trigger certain actions or notifications when the user enters or exits the defined area. For example, a mobile application can send a push notification to the user when they are near a store or a restaurant. However, geofencing can also be used by marketers to gather sensitive data and know about users’ offline activities from the location data. For instance, a mobile application can track the user’s movements and preferences based on the places they visit and the time they spend there.This can help marketers to target the user with personalized ads and offers, but it can also pose a threat to the user’s privacy and security12.References:Network Defense Essentials - EC-Council Learning,Geofencing: What Is It and How Does It Work?

A hub-and-spoke topology is a type of VPN topology that connects multiple remote offices to a central hub, usually the corporate head office, through VPN tunnels. The hub acts as a gateway for the remote offices to access the corporate network resources. However, the remote offices cannot communicate with each other directly, and have to go through the hub. This topology reduces the number of VPN tunnels required, but also increases the load and latency on the hub. In the scenario, John configured a central hub at the corporate head office, through which all branch offices can communicate, but deniedcommunication between the remote offices.Therefore, the type of VPN topology implemented by John is hub-and-spoke12.References:Network Defense Essentials - EC-Council Learning,Network Design Scenario #3: Remote Access VPN Design - Network Defense Blog

The combination of authentication mechanisms that is implemented in the above scenario is biometric and password authentication. Biometric authentication is a type of authentication that uses an inherent factor, such as a retina scan, to verify the identity of the user. Password authentication is a type of authentication that uses a knowledge factor, such as a six-digit code, to verify the identity of the user. By combining biometric and password authentication, Finch has implemented a two-factor authentication (2FA) system that requires the user to provide two different types of authentication factors to gain access to the office. 2FA is a more secure way of authentication than using a single factor, as it reduces the risk of unauthorized access due to stolen or compromised credentials.Biometric and password authentication is a common 2FA method that is used in many applications, such as banking, e-commerce, or health care123.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-28 to 3-29
• What is Biometric Authentication?, Norton, July 29, 2020
• What is Two-Factor Authentication (2FA)?, Authy, 2020

The correct sequence of steps involved in the creation of a data retention policy is 3 -> 1 -> 4 -> 5 -> 2. This is based on the following description of the data retention policy creation process from the web search results:

• Build a team: To design a data retention policy, you need a team of industry experts, such as legal, IT, compliance, and business representatives, who can contribute their knowledge and perspectives to the policy.The team should have a clear leader who can coordinate the tasks and communicate the goals and expectations1.
• Determine legal requirements: The team should research and understand the applicable legal and regulatory requirements for data retention that affect the organization, such as GDPR, HIPAA, PCI DSS, etc.The team should also consider any contractual obligations or industry standards that may influence the data retention policy2134.
• Identify and classify the data: The team should inventory and categorize all the data that the organization collects, stores, and processes, based on their function, subject, or type.The team should also assess the value, risk, and sensitivity of each data category, and determine the appropriate retention period, format, and location for each data category2134.
• Develop the data retention policy: The team should draft the data retention policy document that outlines the purpose, scope, roles, responsibilities, procedures, and exceptions of the data retention policy. The policy should be clear, concise, and consistent, and should reflect the legal and business requirements of the organization.The policy should also include a data retention schedule that specifies the retention period and disposition method for each data category2134.
• Ensure that all employees understand the organization’s data retention policy: The team should communicate and distribute the data retention policy to all the relevant employees and stakeholders, and provide training and guidance on how to comply with the policy.The team should also monitor and enforce the policy, and review and update the policy regularly to reflect any changes in the legal or business environment2134.

References:

• How to Create a Data Retention Policy | Smartsheet, Smartsheet, July 17, 2019
• What Is a Data Retention Policy? Best Practices + Template, Drata, November 29, 2023
• Data Retention Policy: What It Is and How to Create One - SpinOne, SpinOne, 2020
• How to Develop and Implement a Retention Policy - SecureScan, SecureScan, 2020

One of the most basic and important security guidelines for laptop users is to always log off or lock the system when unattended. This prevents unauthorized access to the system and the data stored on it by anyone who might have physical access to the laptop. Logging off or locking the system requires a password or other authentication method to resume the session, which adds a layer of protection to the laptop. Johana failed to comply with this security guideline, as she left the system active with the project file open and went for a coffee break, allowing Bob to access her system and modify the project file.References:

• Ten simple steps for keeping your laptop secure- Step 1: Require a password when logging in
• 6 Steps to Practice Strong Laptop Security- Step #1: Set complex passwords where it counts
• A Practical Guide to Securing Your Windows PC- Section: Lock your computer when you step away

Physical security controls are security measures that prevent or deter unauthorized physical access to a facility, resource, or information. Physical security controls include locks, doors, gates, fences, guards, cameras, alarms, sensors, biometrics, and badges. Physical security controls protect the network and its components from theft, damage, sabotage, or natural disasters. Clark implemented physical security controls in the above scenario, as he installed security controls that allow employees to enter the office only after scanning their badges or fingerprints.References:

• Understanding the Various Types of Physical Security Controls- Week 4: Network Security Controls: Physical Controls
• The Role of Physical Security in Maintaining Network Security
• Physical Security: Planning, Measures & Examples + PDF

Wireless security

A close-up of a wireless router Description automatically generated

Explore

The correct order of wireless encryption modes in terms of security from high to low is 2 -> 1 -> 4 -> 3. This is based on the following comparison of the wireless encryption modes:

• WPA3: WPA3 is the latest and most secure wireless encryption mode, introduced in 2018 as a successor to WPA2. WPA3 uses the AES encryption protocol and provides several security enhancements, such as stronger password protection, individualized encryption, forward secrecy, and protection against brute-force and dictionary attacks. WPA3 also supports two modes: WPA3-Personal and WPA3-Enterprise, which offer different levels of security for home and business networks. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) to replace the Pre-Shared Key (PSK) method and provide more robust password-based authentication.WPA3-Enterprise uses 192-bit cryptographic strength to provide additional protection for sensitive data and networks123.
• WPA2 Enterprise with RADIUS: WPA2 Enterprise with RADIUS is a wireless encryption mode that combines the security features of WPA2 Enterprise and the authentication features of RADIUS. WPA2 Enterprise is a mode of WPA2 that uses the AES encryption protocol and provides stronger security than WPA2 Personal, which uses the PSK method. WPA2 Enterprise uses the 802.1X standard to implement Extensible Authentication Protocol (EAP) methods, such as EAP-TLS, EAP-TTLS, or PEAP, to authenticate users and devices before granting access to the network. RADIUS is a protocol that allows a central server to manage authentication, authorization, and accounting for network access. RADIUS can integrate with WPA2 Enterprise to provide centralized and scalable authentication for large and complex networks, such as corporate or campus networks .
• WPA2 Enterprise: WPA2 Enterprise is a wireless encryption mode that uses the AES encryption protocol and provides stronger security than WPA2 Personal, which uses the PSK method. WPA2 Enterprise uses the 802.1X standard to implement Extensible Authentication Protocol (EAP) methods, such as EAP-TLS, EAP-TTLS, or PEAP, to authenticate users and devices before granting access to the network. WPA2 Enterprise is suitable for business or public networks that require individual and secure authentication for each user or device .
• WPA2 PSK: WPA2 PSK is a wireless encryption mode that uses the AES encryption protocol and provides better security than WEP or WPA, which use the TKIP encryption protocol. WPA2 PSK uses the Pre-Shared Key (PSK) method, which means that all users and devices share the same password or passphrase to join the network. WPA2 PSK is easy to set up and use, but it has some security drawbacks, such as being vulnerable to brute-force and dictionary attacks, or having the password compromised by a rogue user or device. WPA2 PSK is suitable for home or small networks that do not require individual authentication or advanced security features .

References:

• Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? - How-To Geek, How-To Geek, March 12, 2023
• WiFi Security: WEP, WPA, WPA2, WPA3 And Their Differences - NetSpot, NetSpot, February 8, 2024
• What is WPA3? And some gotchas to watch out for in this Wi-Fi security upgrade - CSO Online, CSO Online, November 18, 2020
• [Types of Wireless Security Encryption - GeeksforGeeks], GeeksforGeeks, 2020
• [Wireless Security Protocols: WEP, WPA, and WPA2 - Lifewire], Lifewire, February 17, 2021
• [WPA vs. WPA2 vs. WPA3: Wi-Fi Security Explained - MakeUseOf], MakeUseOf, January 13, 2021

anonymous proxy is a type of proxy that hides the user’s IP address and other identifying information from the web servers they access. An anonymous proxy acts as an intermediary between the user and the internet, and it modifies the HTTP headers to prevent the web servers from tracking the user’s location, browser, or device. An anonymous proxy can help the user bypass geo-restrictions, censorship, and online surveillance. However, an anonymous proxy does not encrypt the user’s traffic, and it may still leak some information to the proxy provider or other third parties. An anonymous proxy is the type of proxy employed by Mary in the above scenario, as she used a proxy tool that makes her online activity untraceable.References:

• What is a Proxy Server and How Does it Work?
• 13 Best Proxy Tools for PC [2024 Reviewed]- Section: Anonymous proxies
• The Fastest Free Proxy

Finch has implemented the COBO (Corporate-Owned, Business-Only) mobile usage policy in the above scenario. COBO is a policy where the organization provides mobile devices to the employees and restricts them to use the devices only for work-related purposes. The organization has full control over the devices and can enforce security measures, such as encryption, password protection, remote wipe, and application whitelisting or blacklisting. The employees are not allowed to use the devices for personal use, such as browsing the internet, making personal calls, or installing personal apps. COBO is a policy that aims to maximize security and minimize distractions and risks for the organization and the employees.References:

• Mobile usage policy in office - sample, cell phone policy in companies and organization, HR Help Board, 2020
• Employee Cell Phone Policy Template, Workable, 2020
• How Employers Enforce Cell Phone Policies in the Workplace, Indeed, 2022

Anomaly-based IDS is a type of IDS that detects intrusions by comparing the observed network events with a baseline of normal behavior and identifying any deviation from it. Anomaly-based IDS can detect unknown or zero-day attacks that do not match any known signature, but they can also generate false positives due to legitimate changes in network behavior. Anomaly-based IDS can use various techniques to model the normal behavior, such as statistical analysis, machine learning, or artificial intelligence. Anomaly-based IDS is the type of IDS employed by Messy in the above scenario, as he deployed an IDS that depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.References:

• Anomaly-Based Intrusion Detection System- Chapter 2: Anomaly-Based Intrusion Detection System
• Network Defense Essentials (NDE) | Coursera- Week 10: Intrusion Detection and Prevention Systems
• A systematic literature review for network intrusion detection system (IDS)- Section 3.2: Anomaly-based IDS

The DMCA is a US law that aims to protect the rights of digital content creators and owners. It prohibits the unauthorized copying, distribution, modification, or circumvention of digital content, such as software, music, movies, etc. The DMCA also provides exceptions for certain purposes, such as fair use, research, education, or maintenance and repair of systems.In the scenario, Daniel was authorized to make a copy of computer programs while maintaining or repairing the system, which falls under the DMCA exception for system maintenance and repair12.References:Network Defense Essentials - EC-Council Learning,Network Defense Essentials (NDE) | Coursera

A wireless repeater is a wireless network component that takes a signal from one access point and boosts its signal strength to create a new network. A wireless repeater can extend the range of a wireless network by repeating the signal from the original access point. This way, the wireless repeater can provide network connectivity to areas that are inaccessible to capture direct signals from the access point.In the scenario, Robert used a wireless repeater to provide network connectivity to all areas12.References:Network Defense Essentials - EC-Council Learning,Understanding the Wireless Network Components

Biometric authentication is a type of authentication that uses the physical or behavioral characteristics of a person to verify their identity. Biometric authentication is more secure and convenient than other methods such as passwords or tokens, as biometric traits are unique, hard to forge, and easy to use. Some examples of biometric authentication techniques are retina scanner, DNA, and voice recognition. Retina scanner uses a low-intensity light beam to scan the pattern of blood vessels at the back of the eye, which is unique for each individual. DNA uses the genetic code of a person to match their identity, which is the most accurate and reliable biometric technique. Voice recognition uses the sound and pitch of a person’s voice to verify their identity, which is influenced by factors such as anatomy, physiology, and psychology. These techniques fall under biometric authentication, as they use the physical or behavioral traits of a person to authenticate them.References:

• Biometric Authentication- Week 2: Identification, Authentication, and Authorization
• Biometric Authentication: What You Need To Know
• Biometric Authentication Techniques