EC-COUNCIL 312-38 Study Guide Archives Updated on Nov 22, 2022
Download 312-38 Mock Test Study Material
NEW QUESTION 24
Which of the following is a malicious program that looks like a normal program?
- A. Worm
- B. Virus
- C. Impersonation
- D. Trojan horse
Answer: D
NEW QUESTION 25
Each of the following is a network layer protocol used for a particular (MAC) address to obtain an IP address?
- A. None
- B. RARP
- C. P.M
- D. ARP
- E. PIM
Answer: B
NEW QUESTION 26
Which of the following statements are NOT true about the FAT16 file system?Each correct answer represents a complete solution. Choose all that apply.
- A. It supports file-level compression.
- B. It does not support file-level security.
- C. It supports the Linux operating system.
- D. It works well with large disks because the cluster size increases as the disk partition size increases.
Answer: A,D
Explanation:
The FAT16 file system was developed for disks larger than 16MB. It uses 16-bit allocation table
entries. The FAT16 file system supports all Microsoft operating systems. It also supports OS/2 and
Linux.
Answer options C and A are incorrect. All these statements are true about the FAT16 file system.
NEW QUESTION 27
Which of the following layers provides communication session management between host computers?
- A. Link layer
- B. Application layer
- C. Transport layer
- D. Internet layer
Answer: C
Explanation:
Explanation/Reference:
NEW QUESTION 28
John works as a C programmer. He develops the following C program:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int buffer(char *str) {
char buffer1[10];
strcpy(buffer1, str);
return 1;
}
int main(int argc, char *argv[]) {
buffer (argv[1]);
printf("Executed\n");
return 1;
}
His program is vulnerable to a __________ attack.
- A. Cross site scripting
- B. SQL injection
- C. Denial-of-Service
- D. Buffer overflow
Answer: D
Explanation:
This program takes a user-supplied string and copies it into 'buffer1', which can hold up to 10 bytes of data. If a user sends more than 10 bytes, it would result in a buffer overflow.
NEW QUESTION 29
Which of the following VPN topologies establishes a persistent connection between an organization's main office and its branch offices using a third-party network or the Internet?
- A. Hub-and-Spoke
- B. Full Mesh
- C. Star
- D. Point-to-Point
Answer: A
NEW QUESTION 30
Which of the following firewalls are used to track the state of active connections and determine the network packets allowed to enter through the firewall? Each correct answer represents a complete solution. Choose all that apply.
- A. Circuit-level gateway
- B. Stateful
- C. Dynamic packet-filtering
- D. Proxy server
Answer: B,C
Explanation:
A dynamic packet-filtering firewall is a fourth generation firewall technology. It is also known as a stateful firewall. It tracks the state of active connections and determines which network packets are allowed to enter through the firewall. It records session information, such as IP addresses and port numbers to implement a more secure network. The dynamic packet-filtering firewall operates at Layer3, Layer4, and Layer5.
Answer option A is incorrect. A circuit-level gateway is a type of firewall that works at the session layer of the OSI model between the application layer and the transport layer of the TCP/IP stack. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit-level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect.
Answer option C is incorrect. A proxy server firewall intercepts all messages entering and leaving the network.
The proxy server effectively hides the true network addresses.
NEW QUESTION 31
Which of the following networks interconnects devices centered on an individual person's workspace?
- A. WWAN
- B. WPAN
- C. WLAN
- D. WMAN
Answer: B
NEW QUESTION 32
Which of the following is a software tool used in passive attacks for capturing network traffic?
- A. Warchalking
- B. Intrusion detection system
- C. Sniffer
- D. Intrusion prevention system
Answer: C
Explanation:
A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the
LAN card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the
network. A sniffer attack is a passive attack because the attacker does not directly connect with the target host.
This attack is most often used to grab logins and passwords from network traffic. Tools such as Ethereal,
Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many facilities to
users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.
Answer option C is incorrect. An intrusion prevention system (IPS) is a network security device that monitors
network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or
prevent those activities. When an attack is detected, it can drop the offending packets while still allowing all
other traffic to pass.
Answer option B is incorrect. An IDS (Intrusion Detection System) is a device or software application that
monitors network and/or system activities for malicious activities or policy violations and produces reports to a
Management Station. Intrusion prevention is the process of performing intrusion detection and attempting to
stop detected possible incidents. Intrusion detection and prevention systems (IDPS) are primarily focused on
identifying possible incidents, logging information about them, attempting to stop them, and reporting them to
security administrators.
Answer option D is incorrect. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi
wireless network. Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such
as a wall, the pavement, or a lamp post. The name warchalking is derived from the cracker terms war dialing
and war driving.
NEW QUESTION 33
Which of the following is a computer networking protocol used by hosts to retrieve IP address assignments and other configuration information?
- A. Telnet
- B. DHCP
- C. ARP
- D. SNMP
Answer: B
Explanation:
The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Answer option B is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets. Answer option A is incorrect. The Simple Network Management Protocol (SNMP) allows a monitored device (for example, a router or a switch) to run an SNMP agent. This protocol is used for managing many network devices remotely. When a monitored device runs an SNMP agent, an SNMP server can then query the SNMP agent running on the device to collect information such as utilization statistics or device configuration information. An SNMP-managed network typically consists of three components: managed devices, agents, and one or more network management systems. Answer option D is incorrect. Telnet (Telecommunication network) is a network protocol used on the Internet or local area networks to provide a bidirectional interactive communications facility. Typically, Telnet provides access to a command-line interface on a remote host via a virtual terminal connection which consists of an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). User data is interspersed in-band with TELNET control information. Typically, the Telnet protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23.
NEW QUESTION 34
What is the bit size of the Next Header field in the IPv6 header format?
- A. 4 bits
- B. 8 bits
- C. 2 bits
- D. 20 bits
Answer: B
NEW QUESTION 35
Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system?
- A. Hping
- B. Nmap
- C. SuperScan
- D. Netscan
Answer: C
Explanation:
Explanation
NEW QUESTION 36
Which of the following statements are true about an IPv6 network? Each correct answer represents a complete solution. Choose all that apply.
- A. For interoperability, IPv4 addresses use the last 32 bits of IPv6 addresses.
- B. It provides improved authentication and security.
- C. It uses 128-bit addresses.
- D. It uses longer subnet masks than those used in IPv4.
- E. It increases the number of available IP addresses.
Answer: A,B,C,E
Explanation:
IP addressing version 6 (IPv6) is the latest version of IP addressing. IPv6 is designed to solve many of the problems that were faced by IPv4, such as address depletion, security, auto-configuration, and extensibility.
With the fast increasing number of networks and the expansion of the World Wide Web, the allotted IP addresses are depleting rapidly, and the need for more network addresses is arising. IPv6 solves this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These addresses are hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address is 45CF: 6D53: 12CD: AFC7: E654:
BB32: 543C: FACE.
Answer option C is incorrect. The subnet masks used in IPv6 addresses are of the same length as those used in IPv4 addresses.
NEW QUESTION 37
FILL BLANK
Fill in the blank with the appropriate term.
A ______________ is a translation device or service that is often controlled by a separate Media Gateway
Controller, which provides the call control and signaling functionality.
Answer:
Explanation:
Media gateway
Explanation: A Media gateway is a translation device or service that converts digital media streams between
disparate telecommunications networks such as PSTN, SS7, Next Generation Networks (2G, 2.5G and 3G
radio access networks) or PBX. Media gateways enable multimedia communications across Next Generation
Networks over multiple transport protocols such as Asynchronous Transfer Mode (ATM) and Internet Protocol
(IP). Because the media gateway connects different types of networks, one of its main functions is to convert
between different transmission and coding techniques. Media streaming functions such as echo cancellation,
DTMF, and tone sender are also located in the media gateway. Media gateways are often controlled by a
separate Media Gateway Controller, which provides the call control and signaling functionality.
NEW QUESTION 38
Which among the following tools can help in identifying IoEs to evaluate human attack surface?
- A. SET
- B. Amass
- C. securiCAD
- D. Skybox
Answer: C
NEW QUESTION 39
In which of the following attacks do computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic?
- A. Bonk attack
- B. Buffer-overflow attack
- C. Smurf attack
- D. DDoS attack
Answer: D
Explanation:
In the distributed denial of service (DDOS) attack, an attacker uses multiple computers throughout the network that it has previously infected. Such computers act as zombies and work together to send out bogus messages, thereby increasing the amount of phony traffic. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. TFN, TRIN00, etc. are tools used for the DDoS attack.
Answer option A is incorrect. A Smurf attack is a type of attack that uses third-party intermediaries to defend against, and get back to the originating system. In a Smurf attack, a false ping packet is forwarded by the originating system. The broadcast address of the third-party network is the packet's destination. Hence, each machine on the third-party network has a copy of the ping request. The victim system is the originator. The originator rapidly forwards a large number of these requests via different intermediary networks. The victim gets overwhelmed by these large number of requests.
Answer option B is incorrect. A buffer-overflow attack is performed when a hacker fills a field, typically an address bar, with more characters than it can accommodate. The excess characters can be run as executable code, effectively giving the hacker control of the computer and overriding any security measures set. There are two main types of buffer overflow attacks:
stack-based buffer overflow attack:
Stack-based buffer overflow attack uses a memory object known as a stack. The hacker develops the code which reserves a specific amount of space for the stack. If the input of user is longer than the amount of space reserved for it within the stack, then the stack will overflow.
heap-based buffer overflow attack:
Heap-based overflow attack floods the memory space reserved for the programs.
Answer option D is incorrect. Bonk attack is a variant of the teardrop attack that affects mostly Windows computers by sending corrupt UDP packets to DNS port 53. It is a type of denial-of-service (DoS) attack. A bonk attack manipulates a fragment offset field in TCP/IP packets. This field tells a computer how to reconstruct a packet that was fragmented, because it is difficult to transmit big packets. A bonk attack causes the target computer to reassemble a packet that is too big to be reassembled and causes the target computer to crash.
NEW QUESTION 40
The IP addresses reserved for experimental purposes belong to which of the following classes?
- A. Class D
- B. Class A
- C. Class C
- D. Class E
Answer: D
NEW QUESTION 41
Adam works as a Security Analyst for Umbrella Inc. The company has a Linux-based network comprising an Apache server for Web applications. He received the following Apache Web server log, which is as follows:
[Sat Nov 16 14:32:52 2009] [error] [client 128.0.0.7] client denied by server configuration: /export/home/htdocs/ test The first piece in the log entry is the date and time of the log message. The second entry determines the severity of the error being reported.
Now Adam wants to change the severity level to control the types of errors that are sent to the error log. Which of the following directives will Adam use to accomplish the task?
- A. LogFormat
- B. ErrorLog
- C. CustomLog
- D. LogLevel
Answer: D
Explanation:
The LogLevel directive is used in server Error log of the Apache Web server log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level. Eight different levels are present in the LogLevel directive, which are shown below in order of their descending significance:
Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when LogLevel crit is specified, then messages with log levels of alert and emerg will also be reported.
Answer option B is incorrect. The ErrorLog directive is used to set the name and location of the file to which the server will log any errors it encounters. If the file-path does not begin with a slash sign (/), it is assumed to be relative to the ServerRoot. If the file-path begins with a pipe sign (|), then it is assumed to be a command that handles the error log.
Answer option A is incorrect. The CustomLog directive is used to log requests to the server. The format of the log is specified and the logging can be made conditional on request characteristics with the help of environment variables. Environment variables can be adjusted on a per-request basis with the help of the mod_setenvif or mod_rewrite module.
Answer option C is incorrect. The LogFormat directive can exist in one of the two forms. In the first form, only one argument is specified; and in the second form explicit format with a nickname is associated. This directive specifies the log format that is used by logs specified in subsequent TransferLog directives.
NEW QUESTION 42
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?
- A. Netresident
- B. Snort
- C. NetWitness
- D. Wireshark
Answer: D
Explanation:
Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a
free packet sniffer computer application. It is used for network troubleshooting, analysis, software
and communications protocol development, and education. Wireshark is very similar to tcpdump,
but it has a graphical front-end, and many more information sorting and filtering options. It allows
the user to see all traffic being passed over the network (usually an Ethernet network but support
is being added for others) by putting the network interface into promiscuous mode.
Wireshark uses pcap to capture packets, so it can only capture the packets on the networks
supported by pcap. It has the following features:
Data can be captured "from the wire" from a live network connection or read from a file that
records the already-captured packets.
Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP,
and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark. Captured files can be programmatically edited or converted via command-line switches to the "editcap" program. Data display can be refined using a display filter. Plugins can be created for dissecting new protocols. Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity. Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events and activities.
NEW QUESTION 43
......
312-38 Questions Prepare with Learning Information: https://www.passleadervce.com/CertifiedEthicalHacker/reliable-312-38-exam-learning-guide.html
Practice Material for 312-38 Exam Question Preparation: https://drive.google.com/open?id=1r5_M9qpM7asFEj4PHMfKnRZPIR_P0IJs