Latest ECCouncil 312-50v8 Real Exam Download 681-690

QUESTION 681
Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.
Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)
A. Ethernet Zapping
B. MAC Flooding
C. Sniffing in promiscuous mode
D. ARP Spoofing
Answer: B,D 
In a typical MAC flooding attack,a switch is flooded with packets,each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode,in which all incoming packets are broadcast out on all ports (as with a hub),instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake,or ‘spoofed’,ARP messages to an Ethernet LAN. These frames contain false MAC addresses,confusing network devices,such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).
QUESTION 682
Ethereal works best on ____________.
A. Switched networks
B. Linux platforms
C. Networks using hubs
D. Windows platforms
E. LAN’s
Answer: 
Ethereal is used for sniffing traffic. It will return the best results when used on an unswitched (i.e. hub. network.
QUESTION 683
The follows is an email header. What address is that of the true originator of the message?
clip_image002
A. 19.25.19.10
B. 51.32.123.21
C. 168.150.84.123
D. 215.52.220.122
E. 8.10.2/8.10.2
Answer: 
Spoofing can be easily achieved by manipulating the “from” name field,however,it is much more difficult to hide the true source address. The “received from” IP address
168.150.84.123 is the true source of the
QUESTION 684
Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?
A. RSA,LSA,POP
B. SSID,WEP,Kerberos
C. SMB,SMTP,Smart card
D. Kerberos,Smart card,Stanford SRP
Answer: 
Kerberos,Smart cards and Stanford SRP are techniques where the password never leaves the computer.
QUESTION 685
Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?
A. Snort
B. argus
C. TCPflow
D. Tcpdump
Answer: 
Tcpflow is a program that captures data transmitted as part of TCP connections (flows),and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire,but usually doesn’t store the data that’s actually being transmitted. In contrast,tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.
QUESTION 686
Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?
A. ip == 192.168.0.1 and tcp.syn
B. ip.addr = 192.168.0.1 and syn = 1
C. ip.addr==192.168.0.1 and tcp.flags.syn
D. ip.equals 192.168.0.1 and syn.equals on
Answer: 
QUESTION 687
When Jason moves a file via NFS over the company’s network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?
A. macof
B. webspy
C. filesnarf
D. nfscopy
Answer: C
 Filesnarf – sniff files from NFS traffic
OPTIONS
-i interface
Specify the interface to listen on.
-v “Versus” mode. Invert thesenseofmatching,to
select non-matching files.
Pattern
Specify regular expression for filename matching.
Expression
Specifyatcpdump(8)filter expression to selecttraffic to sniff.
SEE ALSO
Dsniff,nfsd
QUESTION 688
Which of the following is not considered to be a part of active sniffing?
A. MAC Flooding
B. ARP Spoofing
C. SMAC Fueling
D. MAC Duplicating
Answer: 
QUESTION 689
ARP poisoning is achieved in _____ steps
A. 1
B. 2
C. 3
D. 4
Answer: 
The hacker begins by sending a malicious ARP “reply” (for which there was no previous request) to your router,associating his computer’s MAC address with your IP Address. Now your router thinks the hacker’s computer is your computer. Next,the hacker sends a malicious ARP reply to your computer,associating his MAC Address with the routers IP Address. Now your machine thinks the hacker’s computer is your router. The hacker has now used ARP poisoning to accomplish a MitM attack.
QUESTION 690
How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS’s on a network?
A. Covert Channel
B. Crafted Channel
C. Bounce Channel
D. Deceptive Channel
Answer: A
 A covert channel is described as: “any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy.” Essentially,it is a method of communication that is not part of an actual computer system design,but can be used to transfer information to users or system processes that normally would not be allowed access to the information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s