Latest ECCouncil 312-50v8 Real Exam Download 681-690

Ensurepass

QUESTION 681

Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

 

A. Ethernet Zapping

B. MAC Flooding

C. Sniffing in promiscuous mode

D. ARP Spoofing

 

Answer: B,D 

In a typical MAC flooding attack,a switch is flooded with packets,each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode,in which all incoming packets are broadcast out on all ports (as with a hub),instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake,or ‘spoofed’,ARP messages to an Ethernet LAN. These frames contain false MAC addresses,confusing network devices,such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).

 

 

QUESTION 682

Ethereal works best on ____________.

 

A. Switched networks

B. Linux platforms

C. Networks using hubs

D. Windows platforms

E. LAN’s

 

Answer: C 

Ethereal is used for sniffing traffic. It will return the best results when used on an unswitched (i.e. hub. network.

 

 

QUESTION 683

The follows is an email header. What address is that of the true originator of the message?

clip_image002

A. 19.25.19.10

B. 51.32.123.21

C. 168.150.84.123

D. 215.52.220.122

E. 8.10.2/8.10.2

 

Answer: C 

Spoofing can be easily achieved by manipulating the "from" name field,however,it is much more difficult to hide the true source address. The "received from" IP address

168.150.84.123 is the true source of the

 

 

QUESTION 684

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

 

A. RSA,LSA,POP

B. SSID,WEP,Kerberos

C. SMB,SMTP,Smart card

D. Kerberos,Smart card,Stanford SRP

 

Answer: D 

Kerberos,Smart cards and Stanford SRP are techniques where the password never leaves the computer.

 

 

QUESTION 685

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

 

A. Snort

B. argus

C. TCPflow

D. Tcpdump

 

Answer: C 

Tcpflow is a program that captures data transmitted as part of TCP connections (flows),and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire,but usually doesn’t store the data that’s actually being transmitted. In contrast,tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.

 

 

QUESTION 686

Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?

 

A. ip == 192.168.0.1 and tcp.syn

B. ip.addr = 192.168.0.1 and syn = 1

C. ip.addr==192.168.0.1 and tcp.flags.syn

D. ip.equals 192.168.0.1 and syn.equals on

 

Answer: C 

 

 

QUESTION 687

When Jason moves a file via NFS over the company’s network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

 

A. macof

B. webspy

C. filesnarf

D. nfscopy

 

Answer: C

 Filesnarf – sniff files from NFS traffic

OPTIONS

-i interface

Specify the interface to listen on.

-v "Versus" mode. Invert thesenseofmatching,to

select non-matching files.

Pattern

Specify regular expression for filename matching.

Expression

Specifyatcpdump(8)filter expression to selecttraffic to sniff.

SEE ALSO

Dsniff,nfsd

 

 

QUESTION 688

Which of the following is not considered to be a part of active sniffing?

 

A. MAC Flooding

B. ARP Spoofing

C. SMAC Fueling

D. MAC Duplicating

 

Answer: C 

 

 

QUESTION 689

ARP poisoning is achieved in _____ steps

 

A. 1

B. 2

C. 3

D. 4

 

Answer: B 

The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router,associating his computer’s MAC address with your IP Address. Now your router thinks the hacker’s computer is your computer. Next,the hacker sends a malicious ARP reply to your computer,associating his MAC Address with the routers IP Address. Now your machine thinks the hacker’s computer is your router. The hacker has now used ARP poisoning to accomplish a MitM attack.

 

 

QUESTION 690

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS’s on a network?

 

A. Covert Channel

B. Crafted Channel

C. Bounce Channel

D. Deceptive Channel

 

Answer: A

 A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially,it is a method of communication that is not part of an actual computer system design,but can be used to transfer information to users or system processes that normally would not be allowed access to the information.

 

Download Latest ECCouncil 312-50v8 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.