EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 491:

  Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________ implementation of a VPN.

  A. Point-to-Point Mode
  B. Transport Mode
  C. Tunnel Mode
  D. Full Mesh Mode
  C. Tunnel Mode

• Question 492:

  Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

  A. The type of scan she is using is called a NULL scan.
  B. Cindy is attempting to find live hosts on her company's network by using a XMAS scan.
  C. Cindy is using a half-open scan to find live hosts on her network.
  D. She is utilizing a RST scan to find live hosts that are listening on her network.
  C. Cindy is using a half-open scan to find live hosts on her network.

• Question 493:

  Which of the following filters can be used to detect UDP scan attempts using Wireshark?

  A. icmp.type==3 and icmp.code==3
  B. icmp.type==13
  C. icmp.type==8 or icmp.type==0
  D. icmp.type==15
  A. icmp.type==3 and icmp.code==3

• Question 494:

  Which of the following is a software tool used in passive attacks for capturing network traffic?

  A. Sniffer
  B. Intrusion detection system
  C. Intrusion prevention system
  D. Warchalking
  A. Sniffer

  ---

  Explanation/Reference:

  A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the network. A sniffer attack is

  a passive attack because the attacker does not directly connect with the target host. This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good

  examples of sniffers. These tools provide many facilities to users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc. Answer option C is incorrect. An intrusion prevention system (IPS) is a network security

  device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.

  When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

  Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.

  Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging

  information about them, attempting to stop them, and reporting them to security administrators.

  Answer option D is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the

  pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing and war driving.

• Question 495:

  Which of the following steps will NOT make a server fault tolerant? Each correct answer represents a complete solution. (Choose two.)

  A. Adding a second power supply unit
  B. Performing regular backup of the server
  C. Adding one more same sized disk as mirror on the server
  D. Implementing cluster servers' facility
  E. Encrypting confidential data stored on the server
  B. Performing regular backup of the server
  E. Encrypting confidential data stored on the server

  ---

  Explanation/Reference:

  Encrypting confidential data stored on the server and performing regular backup will not make the server fault tolerant.

  Fault tolerance is the ability to continue work when a hardware failure occurs on a system. A fault-tolerant system is designed from the ground up for reliability by building multiples of all critical components, such as CPUs, memories, disks

  and power supplies into the same computer. In the event one component fails, another takes over without skipping a beat.

  Answer options A, C, and D are incorrect. The following steps will make the server fault tolerant:

  Adding a second power supply unit

  Adding one more same sized disk as a mirror on the server implementing cluster servers facility

• Question 496:

  In which of the following conditions does the system enter ROM monitor mode? Each correct answer represents a complete solution. Choose all that apply.

  A. The router does not have a configuration file.
  B. There is a need to set operating parameters.
  C. The user interrupts the boot sequence.
  D. The router does not find a valid operating system image.
  C. The user interrupts the boot sequence.
  D. The router does not find a valid operating system image.

  ---

  Explanation/Reference:

  The system enters ROM monitor mode if the router does not find a valid operating system image, or if a user interrupts the boot sequence. From ROM monitor mode, a user can boot the device or perform diagnostic tests. Answer option A is

  incorrect. If the router does not have a configuration file, it will automatically enter Setup mode when the user switches it on. Setup mode creates an initial configuration.

  Answer option B is incorrect. Privileged EXEC is used for setting operating parameters.

• Question 497:

  During the recovery process, RTO and RPO should be the main parameters of your disaster recovery plan. What does RPO refer to?

  A. The encryption feature, acting as add-on security to the data
  B. The hot plugging technique used to replace computer components
  C. The duration required to restore the data
  D. The interval after which the data quality is lost
  C. The duration required to restore the data

• Question 498:

  Which of the following protocols is described as a connection-oriented and reliable delivery transport layer protocol?

  A. UDP
  B. IP
  C. SSL
  D. TCP
  D. TCP

• Question 499:

  John has planned to update all Linux workstations in his network. The organization is using various Linux distributions including Red hat, Fedora and Debian. Which of following commands will he use to update each respective Linux distribution?

  

  A. 1-ii, 2-i,3-iv,4-iii
  B. 1-v,2-iii,3-i,4-iv
  C. 1-iv,2-v,3-iv,4-iii
  D. 1-iii,2-iv,3-ii,4-v
  A. 1-ii, 2-i,3-iv,4-iii

• Question 500:

  Which of the following types of transmission is the process of sending one bit at a time over a single transmission line?

  A. Unicast transmission
  B. Serial data transmission
  C. Multicast transmission
  D. Parallel data transmission
  B. Serial data transmission

  ---

  Explanation/Reference:

  In serial data transmission, one bit is sent after another (bit-serial) on a single transmission line. It is the simplest method of transmitting digital information from one point to another. This transmission is suitable for providing communication between two participants as well as for multiple participants. It is used for all long-haul communication and provides high data rates. It is also inexpensive and beneficial in transferring data over long distances. Answer option D is incorrect. In parallel data transmission, several data signals are sent simultaneously over several parallel channels. Parallel data transmission is faster than serial data transmission. It is used primarily for transferring data between devices at the same site. For instance, communication between a computer and printer is most often parallel, allowing the entire byte to be transferred in one operation. Answer option A is incorrect. The unicast transmission method is used to establish communication between a single host and a single receiver. Packets sent to a unicast address are delivered to the interface recognized by that IP address, as shown in the following figure:

  

  Answer option C is incorrect. The multicast transmission method is used to establish communication between a single host and multiple receivers. Packets are sent to all interfaces recognized by that IP address, as shown in the figure below: