Free 312-50 Exam Braindumps (page: 42)

Page 41 of 191

What sequence of packets is sent during the initial TCP three-way handshake?

  1. SYN, URG, ACK
  2. FIN, FIN-ACK, ACK
  3. SYN, ACK, SYN-ACK
  4. SYN, SYN-ACK, ACK

Answer(s): D

Explanation:

This is referred to as a "three way handshake." The "SYN" flags are requests by the TCP stack at one end of a socket to synchronize themselves to the sequence numbering for this new sessions. The ACK flags acknowlege earlier packets in this session. Obviously only the initial packet has no ACK flag, since there are no previous packets to acknowlege. Only the second packet (the first response from a server to a client) has both the SYN and the ACK bits set.



Exhibit:

What type of attack is shown in the above diagram?

  1. SSL Spoofing Attack
  2. Identity Stealing Attack
  3. Session Hijacking Attack
  4. Man-in-the-Middle (MiTM) Attack

Answer(s): D

Explanation:

A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.



Exhibit:

Study the following log extract and identify the attack.

  1. Hexcode Attack
  2. Cross Site Scripting
  3. Multiple Domain Traversal Attack
  4. Unicode Directory Traversal Attack

Answer(s): D

Explanation:

The “Get /msadc/……/……/……/winnt/system32/cmd.exe?” shows that a Unicode Directory Traversal Attack has been performed.



Exhibit:


Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

  1. har.txt
  2. SAM file
  3. wwwroot
  4. Repair file

Answer(s): B

Explanation:

He is actually trying to get the file har.txt but this file contains a copy of the SAM file.






Post your Comments and Discuss EC-Council 312-50 exam with other Community members:

312-50 Discussions & Posts