ExamGecko
Search Search Login
Home Home / ECCouncil / 312-38
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com . He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: „It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys." Which of the following tools is John using to crack the wireless encryption keys?
Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted publisher. Which ofthe following script execution policy setting this?
Which of the follow ng security models enable strict identity verification for every user or device attempting to access the network resources?
Which of the following IEEE standards defines a physical bus topology?
Which of the following standards defines Logical Link Control (LLC)?
Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?
Which of the following types of RAID is also known as disk striping?
Which of the following is designed to detect unwanted changes by observing the flame of the environment associated with combustion?

Question 162 - 312-38 discussion

Report
Export

Which of the following steps are required in an idle scan of a closed port?

Each correct answer represents a part of the solution. Choose all that apply.

A.
The attacker sends a SYN/ACK to the zombie.
Answers
A.
The attacker sends a SYN/ACK to the zombie.
B.
The zombie's IP ID increases by only 1.
Answers
B.
The zombie's IP ID increases by only 1.
C.
In response to the SYN, the target sends a RST.
Answers
C.
In response to the SYN, the target sends a RST.
D.
The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
Answers
D.
The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
E.
The zombie's IP ID increases by 2.
Answers
E.
The zombie's IP ID increases by 2.
Suggested answer: A, B, C, D

Explanation:

Following are the steps required in an idle scan of a closed port:

1.Probe the zombie's IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware of the SYN/ACK, sends back a RST, thus disclosing its IP ID.

2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.

3.Probe the zombie's IP ID again: The zombie's IP ID has increased by only 1 since step 1. So the port is closed.

Show Answer
asked 18/09/2024
Rodolfo Ponce
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms