CEH Exam Prep 3 Questions with Correct Answers
Excessive RST packets or ICMP type-3 response packets in Wireshark indicate a - Answer-TCP half open/stealth scan attempt on the network.
Check for SYN+ACK, RST, and RST+ACK packets or ICMP type 3 packets/ 3way handshake - Answer-Full TCP Connect S...
CEH Exam Prep 3 Questions with
Correct Answers
Excessive RST packets or ICMP type-3 response packets in Wireshark indicate a -
Answer-TCP half open/stealth scan attempt on the network.
Check for SYN+ACK, RST, and RST+ACK packets or ICMP type 3 packets/ 3way
handshake - Answer-Full TCP Connect Scan
g filter to view the packets moving without a flag set/ NULL - Answer-TCP.flags==0x000
an attacker sends a TCP packet without setting a flag on it If they receive an RST
packet in response, then the port is closed. If there is no response, then the port is open
or filtered - Answer-NULL Port Scan
Use the filter _________ to detect a SYN/FIN attack. - Answer-tcp.flags==0x003
filter to view packets with an ICMP Type-3 Code-3 port to detect a UDP scan attempt -
Answer-icmp.type==3 and icmp.code==3
Use _____ to filter FTP requests Use ______ to verify the success of a password
cracking attempt - Answer-ftp.request.command
ftp.response.code==230
Sniffing performed over a switched network is called ______
In this type of sniffing, the attacker injects packets into the network traffic to gain
information from the switch, which maintains its own ARP cache known as content
addressable memory (CAM). - Answer-Active sniffing
Sniffing performed on the hub is called _____
Since a hub broadcasts all packets, an attacker only has to initiate a session and wait
for someone else to send packets on the same collision domain. - Answer-Passive
The signs of a MAC flooding (AKA Malformed) are detected by analyzing the - Answer-
source IP, destination IP, and TTL values
Check whether the traffic originates from various IP addresses and is directed to the
same destination IP address with the same TTL values
the attacker's MAC address is associated with the IP address of the target host or a
number of hosts in the target network Check for "duplicate IP address configured"
messages in the Warnings tab in Wireshark To locate duplicate IP address traffic, use
the following filter: arp.duplicate-address-detected - Answer-ARP Poisoning attack
, OR, --, ', and = - Answer-SQL injection
concentrates on identifying and responding to security-related activities such as threats,
viruses, malware, data loss, etc. It records logs about user login, unauthorized access
to resources, etc. - Answer-Security logging
concentrates on system-processing activities. It informs the network defender regarding
failures and potentially actionable conditions. It also facilitates service provisioning and
financial decisions - Answer-Operational logging
part of security logging because regulations are developed to enhance the security of
systems and data - Answer-Compliance logging
beneficial to application/system developers, not system administrators. It concentrates
on recording debugging logs, which are analyzed by the application developer to detect
issues. This type of logging can be disabled and enabled in a production system based
on circumstantial requirements. - Answer-Application debug loggingApplication debug
logging
This standard corresponds to WLANs and uses FHSS or DSSS as the frequency
hopping spectrum. It allows an electronic device to connect to the internet using a
wireless connection that is established in any network. - Answer-802.11 (wifi)
This standard is the second extension to the original 802.11 standard. It operates in the
5 GHz frequency band and supports a bandwidth of up to 54 Mbps by using OFDM. It
has a fast maximum speed, but is more sensitive to walls and other obstacles - Answer-
802.11a
IEEE expanded the 802.11 standard by creating the 802.11b specifications in 1999.
This standard operates in the 2.4 GHz industrial, scientific and medical (ISM) radio band
and supports a bandwidth of up to 11 Mbps by using DSSS modulation - Answer-
802.11b
This standard is an enhanced version of the 802.11a and 802.11b standards. It
supports the regulatory domains. The particulars of this standard can be set at the
media access control (MAC) layer. - Answer-802.11d
This standard defines the quality of service (QoS) for wireless applications. The
enhanced service is modified using the MAC layer. This standard maintains the quality
of video and audio streaming, real-time online applications, voice over internet protocol
(VoIP), etc. - Answer-802.11e
This standard is an extension of the 802.11 standard. It supports a maximum bandwidth
of 54 Mbps using the OFDM technology and uses the same 2.4 GHz band as 802.11b.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.