Questions for the 112-51 were updated on : Dec 01 ,2025
Which of the following access control models refers to assigning permissions to a user role based on
the rules defined for each user role by the administrator?
D
Explanation:
Role-based access control (RBAC) is a type of access control model that refers to assigning
permissions to a user role based on the rules defined for each user role by the administrator. In
RBAC, the administrator creates different roles and assigns them the appropriate access rights to the
resources. The administrator then assigns users to those roles based on their job functions. This way,
the administrator can manage the access of users to the resources without having to deal with each
user individually.
RBAC can simplify the administration, enhance the security, and improve the
scalability of the access control system12
. Reference:
Network Defense Essentials - EC-Council
Learning
,
Role-Based Access Control (RBAC) and Role-Based Security
Sarah was accessing confidential office files from a remote location via her personal computer
connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah's
computer without her knowledge. This download might be due to the free Internet access and the
absence of network defense solutions.
Identify the Internet access policy demonstrated in the above scenario.
A
Explanation:
A permissive policy is a type of Internet access policy that allows users to access the Internet from
any device and any location, without any restrictions or security measures. A permissive policy
provides convenience and flexibility for the users, but also exposes them to various risks, such as
malware infection, data leakage, or cyberattacks. In the scenario, Sarah was accessing confidential
office files from a remote location via her personal computer connected to the public Internet, and
accidentally downloaded a malicious file onto her computer.
This indicates that the organization had
a permissive policy for Internet access12
. Reference:
Network Defense Essentials - EC-Council
Learning
,
Internet Access Policy: Definition and Best Practices
Jacob, a network defender in an organization, was instructed to improve the physical security
measures to prevent unauthorized intrusion attempts. In this process, Jacob implemented certain
physical security controls by using warning messages and signs that notify legal consequences to
discourage hackers from making intrusion attempts.
Which of the following type of physical security controls has Jacob implemented in the above
scenario?
D
Explanation:
Deterrent controls are a type of physical security controls that use warning messages and signs to
notify legal consequences and discourage hackers from making intrusion attempts. Deterrent
controls aim to reduce the likelihood of an attack by creating a perception of risk or fear in the
potential attackers.
Deterrent controls can include fences, locks, alarms, cameras, guards, or security
policies12
. Reference:
Network Defense Essentials - EC-Council Learning
,
Understanding the Various
Types of Physical Security Controls
Peter, a security professional, was hired by an organization and was instructed to secure the
application and its content from unauthorized access. In this process, Peter implemented a public-
key cryptosystem that uses modular arithmetic and elementary number theory for Internet
encryption and user authentication.
Which of the following algorithms was employed by Peter in the above scenario?
A
Explanation:
RSA is a public-key cryptosystem that uses modular arithmetic and elementary number theory for
Internet encryption and user authentication. RSA stands for Rivest-Shamir-Adleman, the names of
the inventors of the algorithm. RSA allows users to generate a pair of keys, one public and one
private, that are mathematically related. The public key can be used to encrypt messages or verify
digital signatures, while the private key can be used to decrypt messages or create digital signatures.
RSA is based on the difficulty of factoring large numbers, which makes it secure and widely used12
.
Reference:
What is Public-Key Cryptosystem in Information Security?
,
Network Defense Essentials
(NDE) | Coursera
Which of the following tools is designed to identify and prevent malicious Trojans or malware from
infecting computer systems or electronic devices?
B
Explanation:
HitmanPro is a tool that is designed to identify and prevent malicious Trojans or malware from
infecting computer systems or electronic devices. HitmanPro is a cloud-based malware scanner that
can detect and remove various types of malware, such as viruses, ransomware, spyware, rootkits,
etc.
HitmanPro can also work alongside other antivirus programs and provide a second opinion on
the security status of the system12
. Reference:
Network Defense Essentials - EC-Council Learning
,
HitmanPro - Malware Removal Tool | Sophos
John is working as a security professional in FinCorp Ltd. He was instructed to deploy a security
solution on their corporate network that provides real-time monitoring, correlation of events, threat
detection, and security incident response activities.
Which of the following security solutions helps John in the above scenario?
A
Explanation:
SIEM stands for Security Information and Event Management. It is a security solution that collects,
analyzes, and correlates data from various sources, such as logs, network devices, applications, and
security tools. SIEM provides real-time monitoring, threat detection, and security incident response
activities.
SIEM can help security professionals identify and mitigate security risks, comply with
regulations, and improve the overall security posture of the organization12
. Reference:
Network
Defense Essentials - EC-Council Learning
,
What is SIEM? Security Information and Event
Management Explained
John is working as a network administrator in an MNC company. He was instructed to connect all the
remote offices with the corporate office but at the same time deny communication between the
remote offices. In this process, he configured a central hub at the corporate head office, through
which all branch offices can communicate.
Identify the type of VPN topology implemented by John in the above scenario.
B
Explanation:
A hub-and-spoke topology is a type of VPN topology that connects multiple remote offices to a
central hub, usually the corporate head office, through VPN tunnels. The hub acts as a gateway for
the remote offices to access the corporate network resources. However, the remote offices cannot
communicate with each other directly, and have to go through the hub. This topology reduces the
number of VPN tunnels required, but also increases the load and latency on the hub. In the scenario,
John configured a central hub at the corporate head office, through which all branch offices can
communicate, but denied communication between the remote offices.
Therefore, the type of VPN
topology implemented by John is hub-and-spoke12
. Reference:
Network Defense Essentials - EC-
Council Learning
,
Network Design Scenario #3: Remote Access VPN Design - Network Defense Blog
An loT sensor in an organization generated an emergency alarm indicating a security breach. The
servers hosted in an loT layer accepted, stored, and processed the sensor data received from loT
gateways and created dashboards for monitoring, analyzing, and implementing proactive decisions
to tackle the issue.
Which of the following layers in the loT architecture performed the above activities after receiving an
alert from the loT sensor?
B
Explanation:
The cloud layer of IoT architecture is the layer that hosts the servers that accept, store, and process
the sensor data received from IoT gateways. The cloud layer also creates dashboards for monitoring,
analyzing, and implementing proactive decisions to tackle the issue. The cloud layer provides
scalability, reliability, and security for the IoT system.
The cloud layer can use various cloud
computing models, such as public, private, hybrid, or community clouds12
. Reference:
Network
Defense Essentials - EC-Council Learning
,
IoT Architecture: The 4 Layers of an IoT System
Which of the following types of network segmentation is an easy approach to divide a network but
can be expensive as it occupies more space?
D
A major fire broke out in the storeroom of CyberSol Inc. It first gutted the equipment in the
storeroom and then started spreading to other areas in the company. The officials of the company
informed the fire department. The fire rescue team reached the premises and used a distribution
piping system to suppress the fire, thereby preventing any human or asset loss.
Identify the type of fire-fighting system used by the rescue team in the above scenario.
B
Explanation:
A sprinkler system is a type of fire-fighting system that uses a distribution piping system to suppress
the fire. A sprinkler system consists of sprinkler heads that are connected to a water supply and
activated by heat or smoke detectors. When a fire is detected, the sprinkler heads release water to
extinguish the fire and prevent it from spreading.
A sprinkler system can be wet, dry, pre-action, or
deluge, depending on the type of water supply and activation mechanism12
. Reference:
Network
Defense Essentials - EC-Council Learning
,
Essentials Of Fire Fighting, 7th Edition, Product Suite - IFSTA
Which of the following layers of loT architecture employs protocols and networks for connecting,
sending, and receiving data between devices and network?
C
Explanation:
The communication layer of IoT architecture employs protocols and networks for connecting,
sending, and receiving data between devices and network. The communication layer is responsible
for enabling data exchange among the IoT devices and the cloud or other devices.
The
communication layer can use various types of networks, such as wired, wireless, cellular, or satellite,
and various types of protocols, such as TCP/IP, MQTT, CoAP, or ZigBee12
. Reference:
Network
Defense Essentials - EC-Council Learning
,
IoT Architecture: The 4 Layers of an IoT System
Which of the following practices helps security professionals protect mobile applications from
various attacks?
B
Explanation:
Containerization is a practice that helps security professionals protect mobile applications from
various attacks. Containerization is a technique that isolates critical corporate data from the rest of
the device data and applications. Containerization creates a secure and encrypted environment on
the device where the corporate data and applications can be accessed and managed.
This way,
containerization prevents unauthorized access, data leakage, malware infection, or device theft from
compromising the corporate data and applications12
. Reference:
Network Defense Essentials - EC-
Council Learning
,
Mobile Application Security: Containerization vs. App Wrapping vs. SDK
Which of the following components of VPN is used to manage tunnels and encapsulate private data?
B
Explanation:
A VPN protocol is a component of VPN that is used to manage tunnels and encapsulate private data.
A VPN protocol defines the rules and standards for establishing and maintaining a secure connection
between the VPN client and the VPN server. A VPN protocol also specifies how the data is encrypted,
authenticated, and transmitted over the tunnel.
Some common VPN protocols are IPSec, SSL/TLS,
PPTP, L2TP, and OpenVPN12
. Reference:
Network Defense Essentials - EC-Council Learning
,
VPN
Protocols Explained & Compared: OpenVPN, IPSec, PPTP, IKEv2
Which of the following techniques protects sensitive data by obscuring specific areas with random
characters or codes?
D
Which of the following solutions is a software or a hardware device on a network or host that filters
the incoming and outgoing traffic to prevent unauthorized access to private networks?
A
Explanation:
A firewall is a software or a hardware device on a network or host that filters the incoming and
outgoing traffic to prevent unauthorized access to private networks. A firewall can use various
criteria, such as IP addresses, ports, protocols, or application rules, to allow or deny the traffic. A
firewall can also perform other functions, such as logging, auditing, encryption, or proxy services.
A
firewall can be deployed at different levels of a network, such as network perimeter, network
segment, or host level12
. Reference:
Network Defense Essentials - EC-Council Learning
,
Firewall
(computing) - Wikipedia