[Free] Download New Updated (October 2016) ECCouncil 312-38 Real Exam 141-150

Ensurepass

QUESTION 141

Attacks are classified into which of the following? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Active attack

B.

Session hijacking

C.

Passive attack

D.

Replay attack

 

Correct Answer: AC

Explanation:

An attack is an action against an information system or network that attempts to violate the system’s security policy. Attacks can be broadly classified as being either active or passive.

1. Active attacks modify the target system or message, i.e. they violate the integrity of the system or mes
sage.

2. Passive attacks violate confidentiality without affecting the state of the system. An example of such an attack is the electronic eavesdropping on network transmissions to release message contents or to gather unprotected passwords.

Answer options B and D are incorrect. Session hijacking and replay attacks come under the category of active attacks.

 

 

QUESTION 142

Which of the following is a technique for gathering information about a remote network protected by a firewall?

 

A.

Firewalking

B.

Warchalking

C.

War driving

D.

War dialing

 

Correct Answer: A

Explanation:

Fire walking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. If the firewall allows this crafted packet through, it forwards the packet to the next hop. On the next hop, the packet expires and elicits an ICMP “TTL expired in transit” message to the attacker. If the firewall does not allow the traffic, there should be no response, or an ICMP “administratively prohibited” message should be returned to the attacker. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall. The main drawback of this technique is that if an administrator blocks ICMP packets from leaving the network, it is ineffective.

Answer option B is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.

Answer option C is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.

Answer option D is incorrect. War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers – hackers that specialize in computer security – for password guessing.

 

 

 

 

 

QUESTION 143

Which of the following is an Internet application protocol used for transporting Usenet news articles between news servers and for reading and posting articles by end-user client applications?

 

A.

NNTP

B.

BOOTP

C.

DCAP

D.

NTP

 

Correct Answer: A

Explanation:

The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. NNTP is designed so that news articles are stored in a central database, allowing the subscriber to select only those items that he wants to read.

Answer option D is incorrect. Network Time Protocol (NTP) is used to synchronize the timekeeping among the number of distributed time servers and clients. It is used for the time management in a large and diverse network that contains many interfaces. In this protocol, servers define the time, and clients have to be synchronized with the defined time. These clients can choose the most reliable source of time defined from the several NTP servers for their information transmission.

Answer option C is incorrect. The Data Link Switching Client Access Protocol (DCAP) is an application layer protocol that is used between workstations and routers for transporting SNA/NetBIOS traffic over TCP sessions. It was introduced in order to address a few deficiencies by

the Data Link Switching Protocol (DLSw). The DLSw raises the important issues of scalability and efficiency, and since DLSw is a switch-to-switch protocol, it is not efficient when implemented on workstations. DCAP was introduced in order to address these issues.

Answer option B is incorrect. The BOOTP protocol is
used by diskless workstations to collect configuration information from a network server. It is also used to acquire a boot image from the server.

 

 

QUESTION 144

Which of the following attacks is a class of brute force attacks that depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations?

 

A.

Phishing attack

B.

Replay attack

C.

Birthday attack

D.

Dictionary attack

 

Correct Answer: C

Explanation:

A birthday attack is a class of brute force attacks that exploits the mathematics behind the birthday problem in probability theory. It is a type of cryptography attack. The birthday attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations.

Answer option D is incorrect. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit.

Answer option A is incorrect. Phishing is a type of internet fraud attempted by hackers. Hackers try to log into system by masquerading as a trustworthy entity and acquire sensitive information, such as, username, password, bank account details, credit card details, etc. After collecting this information, hackers try to use this information for their gain.

Answer option B is incorrect. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution.

 

 

QUESTION 145

Which of the following is a digital telephone/telecommunication network that carries voice, data, and video over an existing telephone network infrastructure?

 

A.

PPP

B.

Frame relay

C.

ISDN

D.

X.25

 

Correct Answer: C

Explanation:

Integrated Services Digital Network (ISDN) is a digital telephone/telecommunication network that carries voice, data, and video over an existing telephone network infrastructure. It requires an ISDN modem at both the ends of a transmission. ISDN is designed to provide a single interface for hooking up a telephone, fax machine, computer, etc.

ISDN has two levels of service, i.e., Basic Rate Interface (BRI) and Primary Rate Interface (PRI).

Answer option A is incorrect. The Point-to-Point Protocol, or PPP, is a data link protocol commonly used to establish a direct connection between two networking nodes. It can provide connection authentication, transmission encryption privacy, and compression. PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older, non-standard Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous network layer protocols, including Internet Protocol (IP), Novell’s Internetwork Packet Exchange (IPX), NBF, and AppleTalk.

Answer option D is incorrect. The X.25 protocol, adopted as a standard by the Consultative Committee for International Telegraph and Telephone (CCITT), is a commonly-used network protocol. The X.25 protocol allows computers on different public networks (such as CompuServe, Tymnet, or a TCP/IP network) to communicate through an intermediary computer at the network layer level. X.25’s protocols correspond closely to the data-link and physical-layer protocols defined in the Open Systems Interconnection (OSI) communication model.

Answer option B is incorrect. Frame relay is a telecommunication service designed for cost- efficient data transmission for intermittent traffic between local area networks (LANs) and between end-points in a wide area network (WAN). Frame relay puts data in a variable-size unit called a frame. It checks for lesser errors as compared to other traditional forms of packet switching and hence speeds up data transmission.

When an error is detected in a frame, it is simply dropped. The end points are responsible for detecting and retransmitting dropped frames.

 

 

 

 

QUESTION 146

Fill in the blank with the appropriate term. ______________ is a prime example of a high-interaction honeypot.

 

Correct Answer: Honeynet

Explanation:

Honeynet is a prime example of a high-interaction honeypot. Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of larger network intrusion-detection systems. A honeyfarm is a centralized collection of honeypots and analysis tools.

 

 

QUESTION 147

Fill in the blank with the appropriate term. ______________ is an enumeration technique used to glean information about computer systems on a network and the services running its open ports.

 

Correct Answer: Banner grabbing

Explanation:

Banner grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports. Administrators can use this to take inventory of the systems and services on their network. An intruder however can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.

Some examples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively. Tools commonly used to perform banner grabbing are Telnet, which is included with most operating systems, and Netcat.

For example, one could establish a connection to a target host running a Web service with netcat, then send a bad html request in order to get information about the service on the host:

[root@prober] nc www.targethost.com 80

HEAD / HTTP/1.1

HTTP/1.1 200 OK

Date: Mon, 11 May 2009 22:10:40 EST

Server: Apache/2.0.46 (Unix) (Red Hat/Linux)

Last-Modified: Thu, 16 Apr 2009 11:20:14 PST

ETag: “1986-69b-123a4bc6”

Accept-Ranges: bytes

Content-Length: 1110

Connection: close

Content-Type: text/html

The administrator can now catalog this system or an intruder now knows what version of Apache to look for exploits.

 

 

QUESTION 148

Which of the following steps are required in an idle scan of a closed port? Each correct answer represents a part of the solution. Choose all that apply.

 

A.

The attacker sends a SYN/ACK to the zombie.

B.

The zombie’s IP ID increases by only 1.

C.

In response to the SYN, the target sends a RST.

D.

The zombie ignores the unsolicited RST, and the IP ID remains unchanged.

E.

The zombie’s IP ID increases by 2.

 

Correct Answer: ABCD

Explanation:

Following are the steps required in an idle scan of a closed port:

 

1.Probe the zombie’s IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware of the SYN/ACK, sends back a RST, thus disclosing its IP ID.

clip_image002

 

2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.

clip_image004

 

3.Probe the zombie’s IP ID again: The zombie’s IP ID has increased by only 1 since step 1. So the port is closed.

clip_image006

 

 

QUESTION 149

Which of the following is a mechanism that helps in ensuring that only the intended and authorized recipients are able to read data?

 

A.

Integrity

B.

Data availability

C.

Confidentiality

D.

Authentication

 

Correct Answer: C

Explanation:

Confidentiality is a mechanism that ensures that only the intended and authorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it.

Answer option A is incorrect. In information security, integrity means that data cannot be modified without authorization. This is not the same thing as referential integrity in databases. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on. There are many ways in which integrity could be violated without malicious intent. In the simplest case, a user on a system could mis-type someone’s address. On a larger scale, if an automated process is not written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the integrity of the data compromised. Information security professionals are tasked with finding ways to implement controls that prevent errors of integrity.

Answer option B is incorrect. Data availability is one of the security principles that ensures that the data and communication services will be available for use when needed (expected). It is a method of describing products and services availability by which it is ensured that data continues to be available at a required level of performance in situations ranging from normal to disastrous. Data availability is achieved through redundancy, which depends upon where the data is stored and how it can be reached.

Answer option D is incorrect. Authentication is the act of establishing or confirming something (or someone) as authentic, i.e., the claims made by or about the subject are true (“authentification” is a variant of this word).

 

 

QUESTION 150

Which of the following help in estimating and totaling up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Business Continuity Planning

B.

Benefit-Cost Analysis

C.

Disaster recovery

D.

Cost-benefit analysis

 

Correct Answer: BD

Explanation:

Cost-benefit analysis is a process by which business decisions are analyzed. It is used to estimate and total up the equivalent money value of the benefits and costs to the community of projects for establishing whether they are worthwhile. It is a term that refers both to:

helping to appraise, or assess, the case for a project, program, or policy proposal; an approach to making economic decisions of any kind. Under both definitions, the process involves, whether explicitly or implicitly, weighing the total expected costs against the total expected benefits of one or more actions in order to choose the best or most profitable option. The formal process is often referred to as either CBA (Cost-Benefit Analysis) or BCA (Benefit-Cost Analysis).

Answer option A is incorrect. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan that defines how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a Business Continuity Plan.

Answer option C is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

 

Free VCE & PDF File for ECCouncil 312-38 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in 312-38 Actual Test (October 2016) and tagged , , , , , , , . Bookmark the permalink.