EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 481:

  Which of the following steps are required in an idle scan of a closed port? Each correct answer represents a part of the solution. Choose all that apply.

  A. The attacker sends a SYN/ACK to the zombie.
  B. The zombie's IP ID increases by only 1.
  C. In response to the SYN, the target sends a RST.
  D. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.
  E. The zombie's IP ID increases by 2.
  A. The attacker sends a SYN/ACK to the zombie.
  B. The zombie's IP ID increases by only 1.
  C. In response to the SYN, the target sends a RST.
  D. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.

  ---

  Explanation/Reference:

  Following are the steps required in an idle scan of a closed port:

  1.Probe the zombie's IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware of the SYN/ACK, sends back a RST, thus disclosing its IP ID.

  

  2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The zombie ignores the unsolicited RST, and the IP ID remains unchanged.

  

  3.Probe the zombie's IP ID again: The zombie's IP ID has increased by only 1 since step 1. So the port is closed.

  

• Question 482:

  Each of the following is a network layer protocol used for a particular (MAC) address to obtain an IP address?

  A. ARP
  B. None
  C. RARP
  D. P.M
  E. PIM
  C. RARP

• Question 483:

  Which of the following IEEE standards operates at 2.4 GHz bandwidth and transfers data at a rate of 54 Mbps?

  A. 802.11r
  B. 802.11n
  C. 802.11g
  D. 802.11a
  C. 802.11g

• Question 484:

  Adam, malicious hacker, has just succeeded in stealing through a secure cookie XSS attack. He is able to play back the cookie even if the session is valid on the server. Which of the following is the most likely cause of this issue?

  A. Two-way encryption is used.
  B. Encryption is performed at the application level (one encryption key).
  C. Encryption does not apply.
  D. Scrambling is performed in the network (layer 1 encryption)
  E. None
  B. Encryption is performed at the application level (one encryption key).

• Question 485:

  Which of the following is a distributed application architecture that partitions tasks or workloads between service providers and service requesters? Each correct answer represents a complete solution. Choose all that apply.

  A. Client-server computing
  B. Peer-to-peer (P2P) computing
  C. Client-server networking
  D. Peer-to-peer networking
  A. Client-server computing
  C. Client-server networking

  ---

  Explanation/Reference:

  Client-server networking is also known as client-server computing. It is a distributed application architecture that partitions tasks or workloads between service providers (servers) and service requesters, called clients. Often clients and

  servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client does not share any of its resources,

  but requests a server's content or service function. Clients therefore initiate

  communication sessions with servers which await (listen to) incoming requests.

  Answer options D and B are incorrect. Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the

  application. They are said to form a peer-to-peer network of nodes. Peer-to-peer networking (also known simply as peer networking) differs from client-server networking, where certain devices have the responsibility to provide or "serve" data,

  and other devices consume or otherwise act as "clients" of those servers.

• Question 486:

  Which of the following is a credit card-sized device used to securely store personal information and used in conjunction with a PIN number to authenticate users?

  A. Proximity card
  B. Java card
  C. SD card
  D. Smart card
  D. Smart card

  ---

  Explanation/Reference:

  A smart card is a credit card-sized device used to securely store personal information such as certificates, public and private keys, passwords, etc. It is used in conjunction with a PIN number to authenticate users. In Windows, smart cards are used to enable certificate-based authentication. To use smart cards, Extensible Authentication Protocol (EAP) must be configured in Windows. Answer option B is incorrect. Java Card is a technology that allows Java-based applications to be run securely on smart cards and small memory footprint devices. Java Card gives a user the ability to program devices and make them application specific. It is widely used in SIM cards and ATM cards. Java Card products are based on the Java Card Platform specifications developed by Sun Microsystems, a supplementary of Oracle Corporation. Many Java card products also rely on the global platform specifications for the secure management of applications on the card. The main goals of the Java Card technology are portability and security. Answer option A is incorrect. Proximity card (or Prox Card) is a generic name for contactless integrated circuit devices used for security access or payment systems. It can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards. Modern proximity cards are covered by the ISO/IEC 14443 (Proximity Card) standard. There is also a related ISO/IEC 15693 (Vicinity Card) standard. Proximity cards are powered by resonant energy transfer and have a range of 0-3 inches in most instances. The user will usually be able to leave the card inside a wallet or purse. The price of the cards is also low, usually US$2-$5, allowing them to be used in applications such as identification cards, keycards, payment cards and public transit fare cards. Answer option C is incorrect. Secure Digital (SD) card is a non-volatile memory card format used in portable devices such as mobile phones, digital cameras, and handheld computers. SD cards are based on the older MultiMediaCard (MMC) format, but they are a little thicker than MMC cards. Generally an SD card offers a write-protect switch on its side. SD cards generally measure 32 mm x 24 mm x 2.1 mm, but they can be as thin as 1.4 mm. The devices that have SD card slots can use the thinner MMC cards, but the standard SD cards will not fit into the thinner MMC slots. Some SD cards are also available with a USB connector. SD card readers allow SD cards to be accessed via many connectivity ports such as USB, FireWire, and the common parallel port.

• Question 487:

  Which of the following is a congestion control mechanism that is designed for unicast flows operating in an Internet environment and competing with TCP traffic?

  A. Sliding Window
  B. TCP Friendly Rate Control
  C. Selective Acknowledgment D. Additive increase/multiplicative-decrease
  B. TCP Friendly Rate Control

  ---

  Explanation/Reference:

  TCP-Friendly Rate Control (TFRC) is a congestion control mechanism that is designed for unicast flows operating in an Internet environment and competing with TCP traffic. Its goal is to compete fairly with TCP traffic on medium timescales,

  but to be much less variable than TCP on short timescales.

  TCP congestion control works by maintaining a window of packets that have not yet been acknowledged. This window is increased by one packet every round-trip time if no packets have been lost, and is decreased by half if a packet loss is

  detected. Thus, TCP's window is a function of the losses observed in the network and the round trip time experienced by the flow. The idea behind TFRC is to measure the loss probability and round trip time and to use these as the

  parameters to a model of TCP throughput. The expected throughput from this model is then used to directly drive the transmit rate of a TFRC flow.

  Answer option D is incorrect. The additive increase/multiplicative-decrease (AIMD) algorithm is a feedback control algorithm used in TCP Congestion Avoidance. Its major goal is to achieve fairness and efficiency in allocating resources. AIMD

  combines linear growth of the congestion window with an exponential reduction when congestion takes place.

  The approach taken is to increase the transmission rate (window size), probing for usable bandwidth, until loss occurs. The policy of additive increase may, for instance, increase the congestion window by 1 MSS (Maximum segment size)

  every RTT (Round Trip Time) until a loss is detected. When loss is detected, the policy is changed to be one of multiplicative decrease, which may, for instance, cut the congestion window in half after the loss. A loss event is generally

  described to be either a timeout or the event of receiving 3 duplicate ACKs.

  Answer option C is incorrect. Selective Acknowledgment (SACK) is one of the forms of acknowledgment. With selective acknowledgments, the sender can be informed by a data receiver about all segments that have arrived successfully, so

  the sender retransmits only those segments that have actually been lost. The selective acknowledgment extension uses two TCP options:

  The first is an enabling option, "SACK-permitted", which may be sent in a SYN segment to indicate that the SACK option can be used once the connection is established. The other is the SACK option itself, which can be sent over an

  established connection once permission has been given by "SACK-permitted". Answer option A is incorrect. Sliding Window Protocols are a feature of packet-based data transmission protocols. They are used where reliable in-order delivery

  of packets is required, such as in the data link layer (OSI model) as well as in TCP.

  Conceptually, each portion of the transmission (packets in most data link layers, but bytes in TCP) is assigned a unique consecutive sequence number, and the receiver uses the numbers to place received packets in the correct order,

  discarding duplicate packets and identifying missing ones. The problem with this is that there is no limit of the size of the sequence numbers that can be required.

• Question 488:

  The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?

  A. You should run the up2data -u command.
  B. You should run the up2date --d -f -u command.
  C. You should run the WSUS --d -f -u command.
  D. You should type the sysupdate --d command.
  B. You should run the up2date --d -f -u command.

• Question 489:

  Identify the virtualization level that creates a massive pool of storage areas for different virtual machines running on the hardware.

  A. Fabric virtualization
  B. Storage device virtualization
  C. Server virtualization
  D. File system virtualization
  B. Storage device virtualization

• Question 490:

  Which of the following entities is responsible for cloud security?

  A. Cloud consumer
  B. Cloud provider
  C. Both cloud consumer and provider
  D. Cloud broker
  C. Both cloud consumer and provider