ExamGecko
Search Search Login
Home Home / ECCouncil / 312-38
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a management process that provides a framework for promoting quick recovery and the capability for an effective response to protect the interests of its brand, reputation, and stakeholders?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com . He is using a tool to crack the wireless encryption keys. The description of the tool is as follows: „It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys." Which of the following tools is John using to crack the wireless encryption keys?
Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted publisher. Which ofthe following script execution policy setting this?
Which of the follow ng security models enable strict identity verification for every user or device attempting to access the network resources?
Which of the following IEEE standards defines a physical bus topology?
Which of the following standards defines Logical Link Control (LLC)?
Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?
John is a senior network security administrator working at a multinational company. He wants to block specif c sys calls from being used by container binaries. Which Linux kernel feature restricts actions within the container?
Which of the following types of RAID is also known as disk striping?

Question 168 - 312-38 discussion

Report
Export

In which of the following attacks does an attacker successfully insert an intermediary software or program between two communicating hosts?

A.
Session hijacking
Answers
A.
Session hijacking
B.
Denial-of-Service
Answers
B.
Denial-of-Service
C.
Man-in-the-middle
Answers
C.
Man-in-the-middle
D.
Buffer overflow
Answers
D.
Buffer overflow
Suggested answer: C

Explanation:

Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host.

The receiving host responds to the software, presuming it to be the legitimate client.

Answer option B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as a network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large number of protocol packets to the network. The effects of a DoS attack are as follows:

Saturates network resources

Disrupts connections between two computers, thereby preventing communications between services Disrupts services to a specific computer Causes failure to access a Web site Results in an increase in the amount of spam A Denial-of-Service attack is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on the weaknesses in the TCP/ IP protocol.

Answer option D is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:

stack-based buffer overflow attack:

Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow. heap-based buffer overflow attack:

Heap-based overflow attack floods the memory space reserved for the programs.

Answer option A is incorrect. Session hijacking refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to Web developers, as the HTTP cookies used to maintain a session on many Web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

Show Answer
asked 18/09/2024
Marinus Johannes Klomp
40 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms