FILL BLANKFill in the blank with the appropriate term. ___________ is a prime example of a high-interaction honeypot.
Answer(s): A
Honeynet is a prime example of a high-interaction honeypot. Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient. Honeynets and honeypots are usually implemented as parts of larger network intrusion-detection systems. A honeyfarm is a centralized collection of honeypots and analysis tools.
Which of the following tools is an open source protocol analyzer that can capture traffic in real time?
Answer(s): B
Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications, protocol development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features:Data can be captured "from the wire" from a live network connection or read from a file that records the already-captured packets.Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback. Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.Data display can be refined using a display filter. Plugins can be created for dissecting new protocols. Answer option C is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).Answer option D is incorrect. NetWitness is used to analyze and monitor the network traffic and activity.Answer option A is incorrect. Netresident is used to capture, store, analyze, and reconstruct network events and activities.
Which of the following tools are NOT used for logging network activities in the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.
Answer(s): A,B
PsLoggedOn and PsGetSid are not logging tools. They are command-line utilities used in the Windows operating system.PsLoggedOn is an applet that displays both the local and remote logged on users. If an attacker specifies a user name instead of a computer, PsLoggedOn searches the computers in the network and tells whether the user is currently logged on or not. The command syntax for PsLoggedOn is as follows:psloggedon [- ] [-l] [-x] [\\computername | username]PsGetSid is a tool that is used to query SIDs remotely. Using PsGetSid, the attacker can access the SIDs of user accounts and translate an SID into the user name. The command syntax for PsGetSid is as follows: psgetsid [\\computer[,computer[,...] | @file] [-u username [-p password]]] [account|SID]Answer options C and D are incorrect. Timbersee and Swatch are tools used for logging network activities in the Linux operating system.
FILL BLANKFill in the blank with the appropriate term.The _______________ model is a description framework for computer network protocols and is sometimes called the Internet Model or the DoD Model.
The TCP/IP model is a description framework for computer network protocols. It describes a set of general design guidelines and implementations of specific networking protocols to enable computers to communicate over a network. TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. Protocols exist for a variety of different types of communication services between computers. The TCP/IP Model is sometimes called the Internet Model or the DoD Model.The TCP/IP model has four unique layers as shown in the image. This layer architecture is often compared with the seven-layer OSI Reference Model. The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).
Post your Comments and Discuss EC-Council 312-38 exam with other Community members:
meep Commented on March 01, 2025 meep meepmeep meepmeep meepmeep meepmeep meep UNITED KINGDOM
Mohammed Commented on March 01, 2025 I want to let you know that I passed this test yesterday. These questions are valid as of this week. UNITED ARAB EMIRATES
Kuwan Commented on December 23, 2024 Have you recently taken a certification exam? Your experience can help others! ?? Was the exam harder or easier than expected? ?? Any tricky topics or surprises? ?? What study methods worked best for you? Drop your thoughts below and help future test-takers succeed! UNITED STATES
Bryan Commented on August 22, 2023 Big thanks to AllBrainDumps for providing such a great resource, helping me preparing to achieve my goal, saving lots of time! TAIWAN PROVINCE OF CHINA
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the 312-38 content, but please register or login to continue.