112-51 Exam Dumps - ECCouncil NDE Questions and Answers

One of the most basic and important security guidelines for laptop users is to always log off or lock the system when unattended. This prevents unauthorized access to the system and the data stored on it by anyone who might have physical access to the laptop. Logging off or locking the system requires a password or other authentication method to resume the session, which adds a layer of protection to the laptop. Johana failed to comply with this security guideline, as she left the system active with the project file open and went for a coffee break, allowing Bob to access her system and modify the project file.References:

• Ten simple steps for keeping your laptop secure- Step 1: Require a password when logging in
• 6 Steps to Practice Strong Laptop Security- Step #1: Set complex passwords where it counts
• A Practical Guide to Securing Your Windows PC- Section: Lock your computer when you step away

Centralized authentication is a method that uses a central server to authenticate users and devices on a network. The central server stores the credentials and access rights of the users and devices, and verifies them when they request to access the network resources. The central server can also provide encryption keys to the users and devices for secure communication. In the scenario, Jessica’s laptop and the access point use a RADIUS server as the central server for authentication.The RADIUS server transmits authentication keys to both the access point and Jessica’s laptop, which helps the access point identify the wireless client12.References:Network Defense Essentials - EC-Council Learning,Centralized Authentication: What It Is and How It Works

Port 48101 is the port number used by the malware to spread the infection to other loT devices. This port is associated with the Mirai botnet, which is one of the most notorious loT malware that targets vulnerable loT devices and turns them into a network of bots that can launch distributed denial-of-service (DDoS) attacks. Mirai scans the internet for loT devices that use default or weak credentials and infects them by logging in via Telnet or SSH. Once infected, the device connects to a command and control (C&C) server on port 48101 and waits for instructions. The C&C server can then direct the botnet to attack a target by sending TCP, UDP, or HTTP requests. Mirai has been responsible for some of the largest DDoS attacks in history, such as the one that disrupted Dyn DNS in 2016 and affected major websites like Twitter, Netflix, and Reddit.References:

• Mirai (malware), Wikipedia, March 16, 2021
• Mirai Botnet: A History of the Largest loT Botnet Attacks, Imperva, December 10, 2020
• Mirai Botnet: How loT Devices Almost Brought Down the Internet, Cloudflare, March 17, 2021

The Sarbanes-Oxley Act (SOX) is a US law that was enacted in 2002 in response to the corporate scandals involving Enron, WorldCom, and others. The SOX aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures, such as financial statements, audit reports, and internal controls.The SOX also establishes the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing of public companies and imposes criminal penalties for fraud and non-compliance12.References:Network Defense Essentials - EC-Council Learning,Sarbanes-Oxley Act of 2002 (SOX) | U.S. Department of Labor

WPA3 is the latest standard of Wi-Fi Protected Access, which was released in 2018 by the Wi-Fi Alliance. WPA3 uses a new handshake protocol called Simultaneous Authentication of Equals (SAE), which is based on a zero-knowledge proof known as dragonfly. Dragonfly is a key exchange algorithm that uses discrete logarithm cryptography to derive a shared secret between two parties, without revealing any information about their passwords or keys. Dragonfly is resistant to offline dictionary attacks, where an attacker tries to guess the password by capturing the handshake and testing different combinations. Dragonfly is also resistant to key recovery attacks, where an attacker tries to recover the encryption key by exploiting weaknesses in the algorithm or implementation. Dragonfly provides forward secrecy, which means that even if an attacker manages to compromise the password or key in the future, they cannot decrypt the past communication. WPA3 also supports other features such as increased key sizes, opportunistic wireless encryption, and protected management frames, which enhance the security and privacy of wireless networks.References:

• WPA3 Dragonfly Handshake
• WPA3 Encryption and Configuration Guide
• Dragon Fly - Zero Knowledge Proof
• What is SAE (Simultaneous Authentication of Equals)?
• Dragonfly - people.scs.carleton.ca

A sprinkler system is a type of fire-fighting system that uses a distribution piping system to suppress the fire. A sprinkler system consists of sprinkler heads that are connected to a water supply and activated by heat or smoke detectors. When a fire is detected, the sprinkler heads release water to extinguish the fire and prevent it from spreading.A sprinkler system can be wet, dry, pre-action, or deluge, depending on the type of water supply and activation mechanism12.References:Network Defense Essentials - EC-Council Learning,Essentials Of Fire Fighting, 7th Edition, Product Suite - IFSTA

A false positive alert is a type of IDS alert that occurs when the IDS mistakenly identifies benign or normal traffic as malicious or suspicious, and triggers an alarm, although there is no active attack in progress. A false positive alert can be caused by various factors, such as misconfigured IDS rules, outdated signatures, network anomalies, or legitimate traffic that resembles attack patterns. A false positive alert can waste the time and resources of the security team, as they have to investigate and verify the alert, and also reduce the trust and confidence in the IDS. A false positive alert can be reduced by tuning and updating the IDS, filtering out irrelevant traffic, and using multiple detection methods. A false positive alert is the type of IDS alert Jay has received in the above scenario, as he received an event triggered as an alarm, although there is no active attack in progress.References:

• False Positive Alert- Week 10: Intrusion Detection and Prevention Systems
• What is a False Positive in Cybersecurity?
• How to Reduce False Positives in Intrusion Detection Systems

Sharing confidential data on an unsecured network is a security risk associated with mobile usage policies. Mobile devices are often used to access and transmit sensitive information over public or untrusted networks, such as WiFi hotspots, cellular networks, or Bluetooth connections. This exposes the data to interception, modification, or redirection by malicious actors who may exploit mobile security vulnerabilities or use network-based attacks, such as man-in-the-middle, spoofing, or sniffing. To prevent this risk, mobile users should follow best practices such as using encryption, VPN, certificate pinning, and secure protocols to protect the data in transit. They should also avoid sending or receiving sensitive data over unsecured networks or applications, and verify the identity and integrity of the endpoint servers before establishing a connection.References:

• The 9 Most Common Security Threats to Mobile Devices in 2021, Auth0, June 25, 2021
• 7 Mobile App Security Risks and How to Mitigate Them, Cypress Data Defense, July 10, 2020
• The Latest Mobile Security Threats and How to Prevent Them, Security Intelligence, February 19, 2019