EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 231:

  The Circuit-level gateway firewall technology functions at which of the following OSI layer?

  A. Transport layer
  B. Data-link layer
  C. Session layer
  D. Network layer
  C. Session layer

• Question 232:

  James wants to implement certain control measures to prevent denial-of-service attacks against the organization. Which of the following control measures can help James?

  A. Strong passwords
  B. Reduce the sessions time-out duration for the connection attempts
  C. A honeypot in DMZ
  D. Provide network-based anti-virus
  B. Reduce the sessions time-out duration for the connection attempts

• Question 233:

  Which of the following protocols is a method for implementing virtual private networks?

  A. SSL
  B. PPTP
  C. TLS
  D. SNMP
  B. PPTP

• Question 234:

  John works as an Ethical Hacker for www.company.com Inc. He wants to find out the ports that are open in www.company.com's server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task?

  A. TCP SYN
  B. Xmas tree
  C. TCP SYN/ACK
  D. TCP FIN
  A. TCP SYN

  ---

  Explanation/Reference:

  According to the scenario, John does not want to establish a full TCP connection. Therefore, he will use the TCP SYN scanning technique. TCP SYN scanning is also known as half-open scanning because in this type of scanning, a full TCP connection is never opened. The steps of TCP SYN scanning are as follows: 1.The attacker sends a SYN packet to the target port. 2.If the port is open, the attacker receives the SYN/ACK message. 3.Now the attacker breaks the connection by sending an RST packet. 4.If the RST packet is received, it indicates that the port is closed. This type of scanning is hard to trace because the attacker never establishes a full 3-way handshake connection and most sites do not create a log of incomplete TCP connections. Answer option C is incorrect. In TCP SYN/ACK scanning, an attacker sends a SYN/ACK packet to the target port. If the port is closed, the victim assumes that this packet was mistakenly sent by the attacker, and sends the RST packet to the attacker. If the port is open, the SYN/ACK packet will be ignored and the port will drop the packet. TCP SYN/ACK scanning is stealth scanning, but some intrusion detection systems can detect TCP SYN/ACK scanning. Answer option D is incorrect. TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop that packet. TCP FIN scanning is useful only for identifying ports of non-Windows operating systems because Windows operating systems send only RST packets irrespective of whether the port is open or closed. Answer option B is incorrect. Xmas Tree scanning is just the opposite of null scanning. In Xmas Tree scanning, all packets are turned on. If the target port is open, the service running on the target port discards the packets without any reply. According to RFC 793, if the port is closed, the remote system replies with the RST packet. Active monitoring of all incoming packets can help system network administrators detect an Xmas Tree scan.

• Question 235:

  Mark is monitoring the network traffic on his organization's network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

  A. tcp.dstport==7 and udp.srcport==7
  B. tcp.srcport==7 and udp.dstport==7
  C. tcp.dstport==7 and udp.dstport==7
  D. tcp.srcport==7 and udp.srcport==7
  C. tcp.dstport==7 and udp.dstport==7

• Question 236:

  Chris is a senior network administrator. Chris wants to measure the Key Risk Indicator (KRI) to assess the organization. Why is Chris calculating the KRI for his organization? It helps Chris to:

  A. Identifies adverse events
  B. Facilitates backward viewing
  C. Notifies when risk has reached threshold levels
  D. Facilitates post incident management
  C. Notifies when risk has reached threshold levels

• Question 237:

  Which of the following statements are TRUE about Demilitarized zone (DMZ)? Each correct answer represents a complete solution. Choose all that apply.

  A. The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization.
  B. Hosts in the DMZ have full connectivity to specific hosts in the internal network.
  C. Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network.
  D. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet.
  A. The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization.
  C. Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network.
  D. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet.

  ---

  Explanation/Reference:

  A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Hosts in the DMZ have limited connectivity to specific hosts in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external networks, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network such as the Internet.

• Question 238:

  Which of the following is a physical security device designed to entrap a person on purpose?

  A. Mantrap
  B. Trap
  C. War Flying
  D. War Chalking
  A. Mantrap

• Question 239:

  Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office. What layer of the OSI model do IPsec tunnels function on?

  A. The data link layer
  B. The session layer
  C. The network layer
  D. The application and physical layers
  C. The network layer

• Question 240:

  Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP addresses to be private

  addresses, to prevent public Internet devices direct access to them. What should Steven implement on the firewall to ensure this happens?

  A. Steven should use Open Shortest Path First (OSPF).
  B. Steven should enable Network Address Translation (NAT).
  C. Steven should use a Demilitarized Zone (DMZ).
  D. Steven should use IPsec.
  C. Steven should use a Demilitarized Zone (DMZ).