[Free] Download New Updated (October 2016) ECCouncil 312-38 Real Exam 181-190

Ensurepass

QUESTION 181

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:

 

clip_image002

 

Which of the following tools is John using to crack the wireless encryption keys?

 

A.

Cain

B.

PsPasswd

C.

Kismet

D.

AirSnort

 

Correct Answer: D

Explanation:

AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer option C is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks:

 

clip_image004To identify networks by passively collecting packets

clip_image004[1]To detect standard named networks

clip_image004[2]To detect masked networks

clip_image004[3]To collect the presence of non-beaconing networks via data traffic

 

Answer option A is incorrect. Cain is a multipurpose tool that can be used to perform many tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing. This password cracking program can perform the following types of password cracking attacks:

 

clip_image004[4]Dictionary attack

clip_image004[5]Brute force attack

clip_image004[6]Rainbow attack

clip_image004[7]Hybrid attack

 

Answer option B is incorrect. PsPasswd is a tool that helps Network Administrators change an account password on the local or remote system. The command syntax of PsPasswd is as follows:

pspasswd [\computer[,computer[,..] | @file [-u user [-p psswd]] Username [NewPassword]

clip_image006

 

 

QUESTION 182

Which of the following statements are true about volatile memory? Each correct answer represents a complete solution. Choose all that apply.

 

A.


The content is stored permanently and even the power supply is switched off.

B.

A volatile storage device is faster in reading and writing data.

C.

Read only memory (ROM) is an example of volatile memory.

D.

It is computer memory that requires power to maintain the stored information.

 

Correct Answer: BD

Explanation:

Volatile memory, also known as volatile storage, is computer memory that requires power to maintain the stored information, unlike non-volatile memory which does not require a maintained power supply. It has been less popularly known as temporary memory. Most forms of modern random access memory (RAM) are volatile storage, including dynamic random access memory (DRAM) and static random access memory (SRAM). A volatile storage device is faster in reading and writing data.

Answer options A and C are incorrect. Non-volatile memory, nonvolatile memory, NVM, or non- volatile storage, in the most basic sense, is computer memory that can retain the stored information even when not powered. Examples of non-volatile memory include read-only memory, flash memory, most types of magnetic computer storage devices (e.g. hard disks, floppy disks, and magnetic tape), optical discs, and early computer storage methods such as paper tape and punched cards.

 

 

QUESTION 183

You are a professional Computer Hacking forensic investigator. You have been called to collect evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you review to accomplish the task? Each correct answer represents a complete solution. Choos
e all that apply.

 

A.

Program logs

B.

Web server logs

C.

Event logs

D.

System logs

 

Correct Answer: ACD

Explanation:

Evidences of buffer overflow and cookie snooping attacks can be traced from system logs, event logs, and program logs, depending on the type of overflow or cookie snooping attack executed and the error recovery method used by the hacker.

Answer option B is incorrect. Web server logs are used to investigate cross-site scripting attacks.

 

 

 

QUESTION 184

John works as an Ethical Hacker for www.company.com Inc. He wants to find out the ports that are open in www.company.com’s server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task?

 

A.

TCP SYN

B.

Xmas tree

C.

TCP SYN/ACK

D.

TCP FIN

 

Correct Answer: A

Explanation:

According to the scenario, John does not want to establish a full TCP connection. Therefore, he will use the TCP SYN scanning technique. TCP SYN scanning is also known as half-open scanning because in this type of scanning, a full
TCP connection is never opened. The steps of TCP SYN scanning are as follows:

1. The attacker sends a SYN packet to the target port.

2. If the port is open, the attacker receives the SYN/ACK message.

3. Now the attacker breaks the connection by sending an RST packet.

4. If the RST packet is received, it indicates that the port is closed. This type of scanning is hard to trace because the attacker never establishes a full 3-way handshake connection and most sites do not create a log of incomplete TCP connections.

Answer option C is incorrect. In TCP SYN/ACK scanning, an attacker sends a SYN/ACK packet to the target port. If the port is closed, the victim assumes that this packet was mistakenly sent by the attacker, and sends the RST packet to the attacker. If the port is open, the SYN/ACK packet will be ignored and the port will drop the packet. TCP SYN/ACK scanning is stealth scanning, but some intrusion detection systems can detect TCP SYN/ACK scanning.

Answer option D is incorrect. TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port.

If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop that packet. TCP FIN scanning is useful only for identifying ports of non-Windows operating systems because Windows operating systems send only RST packets irrespective of whether the port is open or closed.

Answer option B is incorrect. Xmas Tree scanning is just the opposite of null scanning. In Xmas Tree scanning, all packets are turned on. If the target port is open, the service running on the target port discards the packets without any reply. According to RFC 793, if the port is closed, the remote system replies with the RST packet. Active monitoring of all incoming packets can help system network administrators detect an Xmas Tree scan.

 

 

QUESTION 185

Fill in the blank with the appropriate term. ______________ is a prime example of a high-interaction honeypot.

 

Correct Answer: Honeynet

Explanation:

Honeynet is a prime example of a high-interaction honeypot. Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of larger network intrusion-detection systems. A honeyfarm is a centralized collection of honeypots and analysis tools.

 

 

QUESTION 186

Which of the following tools is an open source protocol analyzer that can capture traffic in real time?

 

A.

Netresident

B.

Wireshark

C.

Snort

D.

NetWitness

 

Correct Answer: B

Explanation:

Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wires
hark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.

Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features:

Data can be captured “from the wire” from a live network connection or read from a file that records the already-captured packets.

Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.

Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.

Captured files can be programmatically edited or converted via command-line switches to the “editcap” program.

Data display can be refined using a display filter. Plugins can be created for dissecting new protocols.

Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity.

Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events and activities.

 

 

QUESTION 187

Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.

 

A.

PsLoggedOn

B.

PsGetSid

C.

Timbersee

D.

Swatch

 

Correct Answer: AB

Explanation:

PsLoggedOn and PsGetSid are not logging tools. They are command-line utilities used in the Windows operating system.

PsLoggedOn is an applet that displays both the local and remote logged on users. If an attacker specifies a user name instead of a computer, PsLoggedOn searches the computers in the network and tells whether the user is currently logged on or not. The command syntax for PsLoggedOn is as follows:

psloggedon [- ] [-l] [-x] [\computername | username]

PsGetSid is a tool that is used to query SIDs remotely. Using PsGetSid, the attacker can access the SIDs of user accounts and translate an SID into the user name. The command syntax for PsGetSid is as follows:

psgetsid [\computer[,computer[,…] | @file] [-u username [-p password]]] [account|SID]

Answer options C and D are incorrect. Timbersee and Swatch are tools used for logging network activities in the Linux operating system.

 

 

QUESTION 188

Fill in the blank with the appropriate term. The______________ model is a description framework for computer network protocols and is sometimes called the Internet Model or the DoD Model.

 

Correct Answer: TCP/IP

Explanation:

The TCP/IP model is a description framework for computer network protocols. It describes a set of general design guidelines and implementations of specific networking protocols to enable computers to communicate over a network. TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. Protocols exist for a variety of different types of communication services between computers. The TCP/IP Model is sometimes called the Internet Model or the DoD Model. The TCP/IP model has four unique layers as shown in the image. This layer architecture is often compared with the seven-layer OSI Reference Model. The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).

 

clip_image008

 

 

QUESTION 189

Which of the following is a software tool used in passive attacks for capturing network traffic?

 

A.

Intrusion prevention system

B.

Intrusion detection system

C.

Warchalking

D.

Sniffer

 

Correct Answer: D

Explanation:

A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host. This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.

Answer option A is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.

Answer option C is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.

 

 

QUESTION 190

Which of the following types of coaxial cable is used for cable TV and cable modems?

 

A.

RG-8

B.

RG-62

C.

RG-59

D.

RG-58

 

Correct Answer: C

Explanation:

RG-59 type of coaxial cable is used for cable TV and cable modems.

Answer option A is incorrect. RG-8 coaxial cable is primarily used as a backbone in an Ethernet LAN environment and often connects one wiring closet to another. It is also known as 10Base5 or ThickNet.

Answer option B is incorrect. RG-62 coaxial cable is used for ARCNET and automotive radio antennas.

Answer option D is incorrect. RG-58 coaxial cable is used for Ethernet networks. It uses baseband signaling and 50-Ohm terminator. It is also known as 10Base2 or ThinNet.

 

Free VCE & PDF File for ECCouncil 312-38 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in 312-38 Actual Test (October 2016) and tagged , , , , , , , . Bookmark the permalink.