Home / ECCouncil / 312-38

Question list

List of questions

Question 1

(0)

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators

Question 2

(0)

Which of the following is a communication protocol that multicasts messages and information among all member devices in an IP multicast group?

Question 3

(0)

In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?

Question 4

(0)

Attacks are classified into which of the following? Each correct answer represents a complete solution. Choose all that apply.

Question 5

(0)

Which of the following statements are true about an IPv6 network? Each correct answer represents a complete solution. Choose all that apply.

Question 6

(0)

Which of the following transmission modes of communication is one-way?

Question 7

(0)

Which of the following is designed to detect unwanted changes by observing the flame of the environment associated with combustion?

Question 8

(0)

Which of the following features is used to generate spam on the Internet by spammers and worms?

Question 9

(0)

Which of the following tools is described below? It is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of its tools include arpredirect, macof, tcpkill, tcpnice,

Question 10

(0)

Which of the following IP class addresses are not allotted to hosts? Each correct answer represents a complete solution. Choose all that apply.

Related questions

Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com . He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: „It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys." Which of the following tools is John using to crack the wireless encryption keys?

Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted publisher. Which ofthe following script execution policy setting this?

Which of the follow ng security models enable strict identity verification for every user or device attempting to access the network resources?

Which of the following IEEE standards defines a physical bus topology?

Which of the following standards defines Logical Link Control (LLC)?

Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?

Which of the following types of RAID is also known as disk striping?

Which of the following is designed to detect unwanted changes by observing the flame of the environment associated with combustion?

Question 125 - 312-38 discussion

In which of the following attacks does an attacker use software that tries a large number of key combinations in order to get a password?

Buffer overflow

Brute force attack

Zero-day attack

Smurf attack

Suggested answer: B

Explanation:

In a brute force attack, an attacker uses software that tries a large number of key combinations in order to get a password. To prevent such attacks, users should create passwords that are more difficult to guess, i.e., by using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations.

Answer option D is incorrect. Smurf is an attack that generates significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. In such attacks, a perpetrator sends a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, which multiplies the traffic by the number of hosts responding.

Answer option A is incorrect. Buffer overflow is a condition in which an application receives more data than it is configured to accept. It helps an attacker not only to execute a malicious code on the target system but also to install backdoors on the target system for further attacks. All buffer overflow attacks are due to only sloppy programming or poor memory management by the application developers. The main types of buffer overflows are: Stack overflow Format string overflow Heap overflow Integer overflow Answer option C is incorrect. A zero-day attack, also known as zero-hour attack, is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the mvulnerability. User awareness training is the most effective technique to mitigate such attacks.

Show Answer

asked 18/09/2024

Ana Rosa Abascal Ortega

39 questions

Your answer: A B C D

0 comments

Sorted by