[Free] Download New Updated (October 2016) ECCouncil 312-38 Real Exam 111-120

Ensurepass

QUESTION 111

Fill in the blank with the appropriate term. The ______________layer establishes, manages, and terminates the connections between the local and remote application.

 

Correct Answer: session

Explanation:

The session layer of the OSI/RM controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session check pointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls.

 

QUESTION 112

Adam, a malicious hacker, has just succeeded in stealing a secure cookie via a XSS attack. He is able to replay the cookie even while the session is valid on the server. Which of the following is the most likely reason of this cause?

 

A.

No encryption is applied.

B.

Two way encryption is applied.

C.

Encryption is performed at the network layer (layer 1 encryption).

D.

Encryption is performed at the application layer (single encryption key).

 

Correct Answer: D

Explanation:

Single key encryption uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible. Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses the symmetric encryption key algorithm to encrypt data.

 

 

QUESTION 113

Fill in the blank with the appropriate word. A______________policy is defined as the document that describes the scope of an organization’s security requirements.

 

Correct Answer: security

Explanation:

A security policy is defined as the document that describes the scope of an organization’s security requirements. Information security policies are usually documented in one or more information security policy documents. The policy includes the assets that are to be protected. It also provides security solutions to provide necessary protection against the security threats.

 

 

QUESTION 114

Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?

 

A.

AirSnort

B.

Ettercap

C.

BackTrack

D.

Aircrack

 

Correct Answer: B

Explanation:

Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. It is a free open source software. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis.

Answer option C is incorrect. BackTrack is a Linux distribution distributed as a Live CD, which is used for penetration testing. It allows users to include customizable scripts, additional tools and configurable kernels in personalized distributions. It contains various tools, such
as Metasploit integration, RFMON injection capable wireless drivers, kismet, autoscan-network (network discovering and managing application), nmap, ettercap, wireshark (formerly known as Ethereal).

Answer option A is incorrect. AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer option D is incorrect. Aircrack is the fastest WEP/WPA cracking tool used for 802.11a/b/g WEP and WPA cracking.

 

 

QUESTION 115

Which of the following standards is a proposed enhancement to the 802.11a and 802.11b wireless LAN (WLAN) specifications that offers quality of service (QoS) features, including the prioritization of data, voice, and video transmissions?

 

A.

802.15

B.

802.11n

C.

802.11e

D.

802.11h

 

Correct Answer: C

Explanation:

The 802.11e standard is a proposed enhancement to the 802.11a and 802.11b wireless LAN (WLAN) specifications. It offers quality of service (QoS) features, including the prioritization of data, voice, and video transmissions. 802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time division multiple access (TDMA) construct, and adds error- correcting mechanisms for delay-sensitive applications such as voice and video. Answer option D is incorrect. 802.11h refers to the amendment added to the IEEE 802.11 standard for Spectrum and Transmit Power Management Extensions.

Answer option B is incorrect. 802.11n is an amendment to the IEEE 802.11-2007 wireless networking standard to improve network throughput over the two previous standards – 802.11a and 802.11g – with a significant increase in the maximum raw data rate from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a channel width of 40 MHz. Answer option A is incorrect. IEEE 802.15 is a working group of the IEEE 802 and specializes in Wireless PAN (Personal Area Network) standards. It includes seven task groups, which are as follows:

 

1. Task group 1 (WPAN/Bluetooth)

2. Task group 2 (Coexistence)

3. Task group 3 (High Rate WPAN)

4. Task group 4 (Low Rate WPAN)

5. Task group 5 (Mesh Networking)

6. Task Group 6 (BAN)

7. Task group 7 (VLC)

 

 

QUESTION 116

Which of the following key features is used by TCP in order to regulate the amount of data sent by a host to another host on the network?

 

A.

Sequence number

B.

TCP timestamp

C.

Congestion control

D.

Flow control

 

Correct Answer: D

Explanation:

Flow control is the process of regulating the amount of data sent by a host to another host on the network. The flow control mechanism controls packet flow so that a sender does not transmit more packets than a receiver can process. TCP uses a sliding window flow control protocol. In each TCP segment, the receiver specifies in the receive window field the amount of additional received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgment and window update from the receiving host.

Answer option A is incorrect. TCP uses a sequence number for identifying each byte of data.

Answer option B is incorrect. TCP timestamp helps TCP to compute the round-trip time between the sender and receiver.

Answer option C is incorrect. Congestion control concerns controlling traffic entry into a telecommunications network, so as to avoid congestive collapse by attempting to avoid oversubscription of any of the processing or link capabilities of the intermediate nodes and networks and taking resource reducing steps, such as reducing the rate of sending packets. It should not be confused with flow control, which prevents the sender from overwhelming the receiver.

 

 

QUESTION 117

Which of the following representatives in the incident response process are included in the incident response team? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Information security representative

B.

Legal representative

C.

Technical representative

D.

Lead investigator

E.

Human resources

F.

Sales representative

 

Correct Answer: ABCDE

Explanation:

Incident response is a process that detects a problem, determines the cause of an issue, minimizes the damages, resolves the problem, and documents each step of process for future reference. To perform all these roles, an incident response team is needed. The incident response team includes the following representatives who are involved in the incident response process:

Lead investigator: The lead investigator is the manager of an incident response team. He is always involved in the creation of an incident response plan. The duties of a lead investigator are as follows: Keep the management updated. Ensure that the incident response moves smoothly and efficiently.Interview and interrogate the suspects and witnesses.

Information security representative: The information security representative is a member of the incident response team who alerts the team about possible security safeguards that can impact their ability to respond to an incident.

Legal representative: The legal representative is a member of the incident response team who ensures that the process follows all the laws during the response to an incident.

Technical representative: Technical representative is a representative of the incident response team. More than one technician can be deployed to an incident. The duties of a technical representative are as follows: Perform forensic backups of the systems that are involved in an incident. Provide more information about the configuration of the network or system.

Human resources: Human resources personnel ensure that the policies of the organization are enforced during the incident response process. They suspend access to a suspect if it is needed. Human resources personnel are closely related with the legal representatives and cover up the organization’s legal responsibility.

 

 

 

 

QUESTION 118

Which of the following is a device that provides local communication between the datalogger and a computer?

 

A.

Controllerless modem

B.

Optical modem

C.

Acoustic modem

D.

Short haul modem

 

Correct Answer: D

Explanation:

A short haul modem is a device that provides local communication between the datalogger and a computer with an RS-232 serial port. It transmits data up to 6.5 miles over a four-wire unconditioned line (two twisted pairs).

Answer option B is incorrect. An optical modem is a device that is used for converting a computer’s electronic signals into optical signals for transmission over optical fiber. It also converts optical signals from an optical fiber cable back into electronic signals. It provides higher data transmission rates because it uses extremely high capacity of the optical fiber cable for transmitting data.

Answer option C is incorrect. An acoustic modem provides wireless communication under water. The optimum performance of a wireless acoustic modem system depends upon the speed of sound, water depth, existence of thermocline zones, ambient noise, and seasonal change. Answer option A is incorrect. A controllerless modem is a hardware-based modem that does not have the physical communications port controller circuitry. It is also known as WinModem or software modem. A controllerless modem is very inexpensive and can easily be upgraded with new software.

 

 

QUESTION 119

Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

 

A.

Contingency Plan

B.

Disaster Recovery Plan

C.

Business Continuity Plan

D.

Continuity Of Operations Plan

 

Correct Answer: A

Explanation:

Contingency plan is prepared and documented for emergency response, backup operations, and recovery maintained by an activity as the element of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation.

A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and “triggers” for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption.

Answer option B is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It should also include the plan for sudden loss such as hard disc crash. The business should use backup and data recovery utilities to limit the loss of data.

Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization’s essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.

Answer option C is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.

 

 

QUESTION 120

Fill in the blank with the appropriate term. ______________is the use of sensitive words in e-mails to jam the authorities that listen in on them by providing a form of a red herring and an intentional annoyance.

 

Correct Answer: Email jamming

Explanation:

Email jamming is the use of sensitive words in e-mails to jam the authorities that listen in on them by providing a form of a red herring and an intentional annoyance. In this attack, an attacker deliberately includes “sensitive” words and phrases in otherwise innocuous emails to ensure that these are picked up by the monitoring systems. As a result the senders of these emails will eventually be added to a “harmless” list and their emails will be no longer intercepted, hence it will allow them to regain some privacy.

 

Free VCE & PDF File for ECCouncil 312-38 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in 312-38 Actual Test (October 2016) and tagged , , , , , , , . Bookmark the permalink.