EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 351:

  You are Network Administrator Investment Bank. You're worried about people breeching network and can steal information before you can detect and shut down access. Which of the following is the best way to deal with this issue?

  A. To implement a strong firewall.
  B. Implement a honey pot.
  C. To implement a strong password policy.
  D. None
  E. To implement the network is based on antivirus.
  B. Implement a honey pot.

• Question 352:

  You work as the network administrator for uCertify Inc. The company has planned to add the support for IPv6 addressing. The initial phase deployment of IPv6 requires support from some IPv6-only devices. These devices need to access servers that support only IPv4. Which of the following tools would be suitable to use?

  A. Multipoint tunnels
  B. NAT-PT
  C. Point-to-point tunnels
  D. Native IPv6
  B. NAT-PT

  ---

  Explanation/Reference:

  NAT-PT (Network address translation-Protocol Translation) is useful when an IPv4-only host needs to communicate with an IPv4-only host. NAT-PT (Network Address Translation-Protocol Translation) is an implementation of RFC 2766 as specified by the IETF. NAT-PT was designed so that it can be run on low-end, commodity hardware. NAT-PT runs in user space, capturing and translating packets between the IPv6 and IPv4 networks (and vice-versa). NAT-PT uses the Address Resolution Protocol (ARP) and Neighbor Discovery (ND) on the IPv4 and IPv6 network systems, respectively.

  

  NAT-Protocol Translation can be used to translate both the source and destination IP addresses.

  Answer option D is incorrect. Native IPv6 is of use when the IPv6 deployment is pervasive, with heavy traffic loads.

  Answer option C is incorrect. Point-to-point tunnels work well when IPv6 is needed only in a subset of sites. These point-to-point tunnels act as virtual point-to-point serial link. These are useful when the traffic is of very high volume. Answer

  option A is incorrect. The multipoint tunnels are used for IPv6 deployment even when IPv6 is needed in a subset of sites and is suitable when the traffic is infrequent and of less predictable volume.

• Question 353:

  Which of the following tools is an open source network intrusion prevention and detection system that works network sniffer and record the operation of the network, which is coordinated pre-signatures?

  A. dsniff
  B. kismet
  C. None
  D. KisMAC
  E. bridle
  E. bridle

• Question 354:

  A local bank wants to protect their card holder data. The bank should comply with the __________ standard to ensure the security of card holder data.

  A. PCI DSS
  B. SOX
  C. HIPAA
  D. ISEC
  A. PCI DSS

• Question 355:

  Which of the following statements are true about security risks? Each correct answer represents a complete solution. (Choose three.)

  A. They are considered an indicator of threats coupled with vulnerability.
  B. They can be removed completely by taking proper actions.
  C. They can be analyzed and measured by the risk analysis process.
  D. They can be mitigated by reviewing and taking responsible actions based on possible risks.
  A. They are considered an indicator of threats coupled with vulnerability.
  C. They can be analyzed and measured by the risk analysis process.
  D. They can be mitigated by reviewing and taking responsible actions based on possible risks.

  ---

  Explanation/Reference:

  In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk

  on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process.

  Answer option B is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

• Question 356:

  A local bank wants to protect their cardholder data. Which standard should the bark comply with in order to ensure security of this data?

  A. GDPR
  B. HIPAA
  C. SOX
  D. PCI DSS
  D. PCI DSS

• Question 357:

  Identify the correct statements regarding a DMZ zone:

  A. It is a file integrity monitoring mechanism
  B. It is a Neutral zone between a trusted network and an untrusted network
  C. It serves as a proxy
  D. It includes sensitive internal servers such as database servers
  B. It is a Neutral zone between a trusted network and an untrusted network

• Question 358:

  Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and Hateful inspection?

  A. Circuit-level gateway firewall
  B. Next generation firewall
  C. Network address translation
  D. Stateful muIti-layer inspection firewall
  B. Next generation firewall

• Question 359:

  John visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1. Original cookie values:

  ItemID1=2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1=2 ItemPrice1=1 ItemID2=1 ItemPrice2=1

  Now, he clicks the Buy button, and the prices are sent to the server that calculates the total price. Which of the following hacking techniques is John performing?

  A. Computer-based social engineering
  B. Man-in-the-middle attack
  C. Cookie poisoning
  D. Cross site scripting
  C. Cookie poisoning

  ---

  Explanation/Reference:

  John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

  

  For example: The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1. Original cookie values: ItemID1= 2 ItemPrice1=900 ItemID2=1 ItemPrice2=200 Modified cookie values: ItemID1= 2 ItemPrice1=1 ItemID2=1 ItemPrice2=1 Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price. Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values: Original cookie values: LoggedIn= True Username = Mark Modified cookie values: LoggedIn= True Username = Admin Now, after modifying the cookie values, the attacker can do the admin login. Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

• Question 360:

  Which of the following filters car be applied to detect an ICMP ping sweep attempt using Wireshark?

  A. icmp.type==8
  B. icmp.type==13
  C. icmp.type==17
  D. icmp.type==15
  A. icmp.type==8