Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 291-300

September 22, 2017

EnsurePass
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 291 – (Topic 8)

SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections.

The signature for SYN Flood attack is:

  1. The source and destination address having the same value.

  2. The source and destination port numbers having the same value.

  3. A large number of SYN packets appearing on a network without the corresponding reply packets.

  4. A large number of SYN packets appearing on a network with the corresponding reply packets.

Answer: C

Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system#39;s small quot;in-processquot; queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable.

Question No: 292 – (Topic 8)

What is the goal of a Denial of Service Attack?

  1. Capture files from a remote computer.

  2. Render a network or computer incapable of providing normal service.

  3. Exploit a weakness in the TCP stack.

  4. Execute service at PS 1009.

Answer: B

Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high- profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).

Question No: 293 – (Topic 8)

Hackers usually control Bots through:

  1. IRC Channel

  2. MSN Messenger

  3. Trojan Client Software

  4. Yahoo Chat

  5. GoogleTalk

Answer: A

Explanation: Most of the bots out today has a function to connect to a predetermined IRC channel in order to get orders.

Question No: 294 – (Topic 8)

If you send a SYN to an open port, what is the correct response?(Choose all correct answers.

  1. SYN

  2. ACK

  3. FIN

  4. PSH

Answer: A,B

Explanation: The proper response is a SYN / ACK. This technique is also known as half- open scanning.

Question No: 295 – (Topic 8)

Global deployment of RFC 2827 would help mitigate what classification of attack?

  1. Sniffing attack

  2. Denial of service attack

  3. Spoofing attack

  4. Reconnaissance attack

  5. Prot Scan attack

Answer: C Explanation:

RFC 2827 – Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing

Question No: 296 – (Topic 8)

Smurf is a simple attack based on IP spoofing and broadcasts. A single packet (such

as an ICMP Echo Request) is sent as a directed broadcast to a subnet on the Internet. All the machines on that subnet respond to this broadcast. By spoofing the source IP Address of the packet, all the responses will get sent to the spoofed IP Address. Thus, a hacker can often flood a victim with hundreds of responses for every request the hacker sends out.

Who are the primary victims of these attacks on the Internet today?

  1. IRC servers are the primary victim to smurf attacks

  2. IDS devices are the primary victim to smurf attacks

  3. Mail Servers are the primary victim to smurf attacks

  4. SPAM filters are the primary victim to surf attacks

Answer: A

Explanation: IRC servers are the primary victim to smurf attacks. Script-kiddies run programs that scan the Internet looking for quot;amplifiersquot; (i.e. subnets that will respond). They compile lists of these amplifiers and exchange them with their friends. Thus, when a victim is flooded with responses, they will appear to come from all over the Internet. On IRCs, hackers will use bots (automated programs) that connect to IRC servers and collect IP addresses. The bots then send the forged packets to the amplifiers to inundate the victim.

Question No: 297 – (Topic 8)

Which one of the following instigates a SYN flood attack?

  1. Generating excessive broadcast packets.

  2. Creating a high number of half-open connections.

  3. Inserting repetitive Internet Relay Chat (IRC) messages.

  4. A large number of Internet Control Message Protocol (ICMP) traces.

Answer: B

Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system#39;s small quot;in-processquot; queue with connection requests, but

it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable.

Question No: 298 – (Topic 8)

What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?

  1. Fraggle Attack

  2. Man in the Middle Attack

  3. Trojan Horse Attack

  4. Smurf Attack

  5. Back Orifice Attack

Answer: D Explanation:

Trojan and Back orifice are Trojan horse attacks. Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP#39;s capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address.

Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The quot;smurfquot; attack#39;s cousin is called quot;fragglequot;, which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of quot;smurfquot;.

Question No: 299 – (Topic 8)

Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

  1. Teardrop

  2. Smurf

  3. Ping of Death

  4. SYN flood

  5. SNMP Attack

Answer: A Explanation:

The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash.

Question No: 300 – (Topic 8)

A denial of Service (DoS) attack works on the following principle:

  1. MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.

  2. All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.

  3. Overloaded buffer systems can easily address error conditions and respond appropriately.

  4. Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).

  5. A server stops accepting connections from certain networks one those network become flooded.

Answer: D

Explanation: Denial-of-service (often abbreviated as DoS) is a class of attacks in which an attacker attempts to prevent legitimate users from accessing an Internet service, such as a web site. This can be done by exercising a software bug that causes the software running the service to fail (such as the “Ping of Death” attack against Windows NT systems), sending enough data to consume all available network bandwidth (as in the May, 2001 attacks against Gibson Research), or sending data in such a way as to consume a particular resource needed by the service.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE