ExamGecko
Home Home / ECCouncil / 312-38

ECCouncil 312-38 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search

Related questions











Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action?

A.
Analysis of Threats
A.
Analysis of Threats
Answers
B.
Analysis of Vulnerabilities
B.
Analysis of Vulnerabilities
Answers
C.
Assessment of Risk
C.
Assessment of Risk
Answers
D.
Identification of Critical Information
D.
Identification of Critical Information
Answers
E.
Application of Appropriate OPSEC Measures
E.
Application of Appropriate OPSEC Measures
Answers
Suggested answer: B

Explanation:

OPSEC is a 5-step process that helps in developing protection mechanisms in order to safeguard sensitive information and preserve essential secrecy. The OPSEC process has five steps, which are as follows:

1.Identification of Critical Information: This step includes identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.

2.Analysis of Threats: This step includes the research and analysis of intelligence, counter-intelligence, and open source information to identify likely adversaries to a planned operation.

3.Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary's intelligence collection capabilities identified in the previous action. 4.Assessment of Risk: Firstly, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Secondly, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.

5.Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.

Which of the following is a communication protocol that multicasts messages and information among all member devices in an IP multicast group?

A.
ICMP
A.
ICMP
Answers
B.
IGMP
B.
IGMP
Answers
C.
BGP
C.
BGP
Answers
D.
EGP
D.
EGP
Answers
Suggested answer: B

Explanation:

Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks. Answer option A is incorrect. Internet Control Message Protocol (ICMP) is a maintenance protocol that allows routers and host computers to swap basic control information when data is sent from one computer to another. It is generally considered a part of the IP layer. It allows the computers on a network to share error and status information.

An ICMP message, which is encapsulated within an IP datagram, is very useful to troubleshoot the network connectivity and can be routed throughout the Internet.

Answer option C is incorrect. BGP stands for Border Gateway Protocol. It is an interautonomous system routing protocol and is a form of Exterior Gateway Protocol (EGP). This protocol is defined in RFC-1267 and RFC-1268. It is used for exchanging network reachability information with other BGP systems. This information includes a complete list of intermediate autonomous systems that the network traffic has to cover in order to reach a particular network. This information is used for figuring out loop-free interdomain routing between autonomous systems. BGP-4 is the latest version of BGP.

Answer option D is incorrect. Exterior Gateway Protocol (EGP) is a protocol that exchanges routing information between different autonomous systems. It is commonly used between hosts on the Internet to exchange routing table information. Border Gateway Protocol (BGP) is the only active EGP.

In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

A.
Smurf attack
A.
Smurf attack
Answers
B.
Buffer-overflow attack
B.
Buffer-overflow attack
Answers
C.
DDoS attack
C.
DDoS attack
Answers
D.
Bonk attack
D.
Bonk attack
Answers
Suggested answer: C

Explanation:

In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack.

Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests.

Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks: stack-based buffer overflow attack:

Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow. heap-based buffer overflow attack:

Heap-based overflow attack floods the memory space reserved for the programs.

Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-of-service (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.

Attacks are classified into which of the following? Each correct answer represents a complete solution. Choose all that apply.

A.
Active attack
A.
Active attack
Answers
B.
Session hijacking
B.
Session hijacking
Answers
C.
Passive attack
C.
Passive attack
Answers
D.
Replay attack
D.
Replay attack
Answers
Suggested answer: A, C

Explanation:

An attack is an action against an information system or network that attempts to violate the system's security policy. Attacks can be broadly classified as being either active or passive.

1.Active attacks modify the target system or message, i.e. they violate the integrity of the system or message.

2.Passive attacks violate confidentiality without affecting the state of the system. An example of such an attack is the electronic eavesdropping on network transmissions to release message contents or to gather unprotected passwords. Answer options B and D are incorrect. Session hijacking and replay attacks come under the category of active attacks.

Which of the following statements are true about an IPv6 network? Each correct answer represents a complete solution. Choose all that apply.

A.
For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.
A.
For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.
Answers
B.
It increases the number of available IP addresses.
B.
It increases the number of available IP addresses.
Answers
C.
It uses longer subnet masks than those used in IPv4.
C.
It uses longer subnet masks than those used in IPv4.
Answers
D.
It provides improved authentication and security.
D.
It provides improved authentication and security.
Answers
E.
It uses 128-bit addresses.
E.
It uses 128-bit addresses.
Answers
Suggested answer: A, B, D, E

Explanation:

IP addressing version 6 (IPv6) is the latest version of IP addressing. IPv6 is designed to solve many of the problems that were faced by IPv4, such as address depletion, security, auto-configuration, and extensibility. With the fast increasing number of networks and the expansion of the World Wide Web, the allotted IP addresses are depleting rapidly, and the need for more network addresses is arising. IPv6 solves this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These addresses are hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address is 45CF: 6D53: 12CD: AFC7: E654: BB32: 543C: FACE. Answer option C is incorrect. The subnet masks used in IPv6 addresses are of the same length as those used in IPv4 addresses.

Which of the following transmission modes of communication is one-way?

A.
Half duplex
A.
Half duplex
Answers
B.
full-duplex mode
B.
full-duplex mode
Answers
C.
#NAME?
C.
#NAME?
Answers
D.
root mode
D.
root mode
Answers
E.
None
E.
None
Answers
Suggested answer: A

Which of the following is designed to detect unwanted changes by observing the flame of the environment associated with combustion?

A.
Fire extinguishing system
A.
Fire extinguishing system
Answers
B.
None
B.
None
Answers
C.
Gaseous fire-extinguishing systems
C.
Gaseous fire-extinguishing systems
Answers
D.
sprinkler
D.
sprinkler
Answers
E.
Smoke alarm system
E.
Smoke alarm system
Answers
Suggested answer: E

Which of the following features is used to generate spam on the Internet by spammers and worms?

A.
AutoComplete
A.
AutoComplete
Answers
B.
SMTP relay
B.
SMTP relay
Answers
C.
Server Message Block (SMB) signing
C.
Server Message Block (SMB) signing
Answers
D.
AutoFill
D.
AutoFill
Answers
Suggested answer: B

Explanation:

SMTP relay feature of e-mail servers allows them to forward e-mail to other e-mail servers. Unfortunately, this feature is exploited by spammers and worms to generate spam on the Internet.

Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. It is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

A.
Dsniff
A.
Dsniff
Answers
B.
Cain
B.
Cain
Answers
C.
Libnids
C.
Libnids
Answers
D.
LIDS
D.
LIDS
Answers
Suggested answer: A

Explanation:

Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

Answer option B is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:

Dictionary attack

Brute force attack

Rainbow attack Hybrid attack

Answer options D and C are incorrect. These tools are port scan detection tools that are used in the Linux operating system.

Which of the following IP class addresses are not allotted to hosts? Each correct answer represents a complete solution. Choose all that apply.

A.
Class C
A.
Class C
Answers
B.
Class D
B.
Class D
Answers
C.
Class A
C.
Class A
Answers
D.
Class B
D.
Class B
Answers
E.
Class E
E.
Class E
Answers
Suggested answer: B, E

Explanation:

Class addresses D and E are not allotted to hosts. Class D addresses are reserved for multicasting, and their address range can extend from 224 to 239. Class E addresses are reserved for experimental purposes. Their addresses range from 240 to 254.

Answer option C is incorrect. Class A addresses are specified for large networks. It consists of up to 16,777,214 client devices (hosts), and their address range can extend from 1 to 126.

Answer option D is incorrect. Class B addresses are specified for medium size networks. It consists of up to 65,534 client devices, and their address range can extend from 128 to 191.

Answer option A is incorrect. Class C addresses are specified for small local area networks (LANs). It consists of up to 245 client devices, and their address range can extend from 192 to 223.

Total 613 questions
Go to page: of 62