100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CEH Exam Prep 3 Questions with Correct Answers $13.99
Add to cart
Quickly navigate to
Preview
  2.  
  3. CEH
  4.  
  5. CEH

Exam (elaborations)

CEH Exam Prep 3 Questions with Correct Answers
 0 purchase
  • Course
  • CEH
  • Institution
  • CEH

CEH Exam Prep 3 Questions with Correct Answers Excessive RST packets or ICMP type-3 response packets in Wireshark indicate a - Answer-TCP half open/stealth scan attempt on the network. Check for SYN+ACK, RST, and RST+ACK packets or ICMP type 3 packets/ 3way handshake - Answer-Full TCP Connect S...

[Show more]

Preview 2 out of 11  pages

Document information

  • August 12, 2024
  • 11
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • CEH
  • CEH

Seller

avatar-seller
Scholarsstudyguide

Reviews received

Content preview

CEH Exam Prep 3 Questions with
Correct Answers
Excessive RST packets or ICMP type-3 response packets in Wireshark indicate a -
Answer-TCP half open/stealth scan attempt on the network.

Check for SYN+ACK, RST, and RST+ACK packets or ICMP type 3 packets/ 3way
handshake - Answer-Full TCP Connect Scan

g filter to view the packets moving without a flag set/ NULL - Answer-TCP.flags==0x000

an attacker sends a TCP packet without setting a flag on it If they receive an RST
packet in response, then the port is closed. If there is no response, then the port is open
or filtered - Answer-NULL Port Scan

Use the filter _________ to detect a SYN/FIN attack. - Answer-tcp.flags==0x003

filter to view packets with an ICMP Type-3 Code-3 port to detect a UDP scan attempt -
Answer-icmp.type==3 and icmp.code==3

Use _____ to filter FTP requests Use ______ to verify the success of a password
cracking attempt - Answer-ftp.request.command
ftp.response.code==230

Sniffing performed over a switched network is called ______
In this type of sniffing, the attacker injects packets into the network traffic to gain
information from the switch, which maintains its own ARP cache known as content
addressable memory (CAM). - Answer-Active sniffing

Sniffing performed on the hub is called _____
Since a hub broadcasts all packets, an attacker only has to initiate a session and wait
for someone else to send packets on the same collision domain. - Answer-Passive

The signs of a MAC flooding (AKA Malformed) are detected by analyzing the - Answer-
source IP, destination IP, and TTL values
Check whether the traffic originates from various IP addresses and is directed to the
same destination IP address with the same TTL values

the attacker's MAC address is associated with the IP address of the target host or a
number of hosts in the target network Check for "duplicate IP address configured"
messages in the Warnings tab in Wireshark To locate duplicate IP address traffic, use
the following filter: arp.duplicate-address-detected - Answer-ARP Poisoning attack

, OR, --, ', and = - Answer-SQL injection

concentrates on identifying and responding to security-related activities such as threats,
viruses, malware, data loss, etc. It records logs about user login, unauthorized access
to resources, etc. - Answer-Security logging

concentrates on system-processing activities. It informs the network defender regarding
failures and potentially actionable conditions. It also facilitates service provisioning and
financial decisions - Answer-Operational logging

part of security logging because regulations are developed to enhance the security of
systems and data - Answer-Compliance logging

beneficial to application/system developers, not system administrators. It concentrates
on recording debugging logs, which are analyzed by the application developer to detect
issues. This type of logging can be disabled and enabled in a production system based
on circumstantial requirements. - Answer-Application debug loggingApplication debug
logging


This standard corresponds to WLANs and uses FHSS or DSSS as the frequency
hopping spectrum. It allows an electronic device to connect to the internet using a
wireless connection that is established in any network. - Answer-802.11 (wifi)

This standard is the second extension to the original 802.11 standard. It operates in the
5 GHz frequency band and supports a bandwidth of up to 54 Mbps by using OFDM. It
has a fast maximum speed, but is more sensitive to walls and other obstacles - Answer-
802.11a

IEEE expanded the 802.11 standard by creating the 802.11b specifications in 1999.
This standard operates in the 2.4 GHz industrial, scientific and medical (ISM) radio band
and supports a bandwidth of up to 11 Mbps by using DSSS modulation - Answer-
802.11b

This standard is an enhanced version of the 802.11a and 802.11b standards. It
supports the regulatory domains. The particulars of this standard can be set at the
media access control (MAC) layer. - Answer-802.11d

This standard defines the quality of service (QoS) for wireless applications. The
enhanced service is modified using the MAC layer. This standard maintains the quality
of video and audio streaming, real-time online applications, voice over internet protocol
(VoIP), etc. - Answer-802.11e

This standard is an extension of the 802.11 standard. It supports a maximum bandwidth
of 54 Mbps using the OFDM technology and uses the same 2.4 GHz band as 802.11b.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

69052 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 15 years now

Start selling
$13.99
  • (0)
Add to cart
Added