New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-38 Exam - Topic 8 Question 87 Discussion

Actual exam question for Eccouncil's 312-38 exam
Question #: 87
Topic #: 8
[All 312-38 Questions]

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Show Suggested Answer Hide Answer
Suggested Answer: A

According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as 'Scans/Probes/Attempted Access'. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.


by Rana at Jul 07, 2024, 09:39 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Matthew
3 months ago
C looks interesting, but I don't think it applies here.
upvoted 0 times
...
Jackie
3 months ago
Wait, are we sure about A? Seems too simple.
upvoted 0 times
...
Willard
3 months ago
Definitely A, I've used it before for DDoS analysis.
upvoted 0 times
...
Casie
4 months ago
I think B is the right one, not A.
upvoted 0 times
...
Felicitas
4 months ago
A is the correct filter for SYN/FIN detection.
upvoted 0 times
...
Marjory
4 months ago
I remember that tcp.dstport==7 is related to echo requests, so it can't be the answer for a DDoS attempt.
upvoted 0 times
...
Cyril
4 months ago
I feel like tcp.flags==0x003 might be the right choice, but I’m a bit confused about the hexadecimal values.
upvoted 0 times
...
Teri
4 months ago
I practiced a similar question last week, and I think it was about identifying flags, but I can't recall the exact values.
upvoted 0 times
...
Shakira
5 months ago
I think I remember that SYN/FIN attacks involve specific TCP flag combinations, but I'm not sure which one it is.
upvoted 0 times
...
Felix
5 months ago
I'm confident that option A is the correct Wireshark filter to detect a SYN/FIN DDoS attack. The TCP flags 0x003 match the SYN/FIN pattern we discussed in class.
upvoted 0 times
...
Ellsworth
5 months ago
Okay, I've got this. The key is to look for the TCP flags that indicate a SYN/FIN DDoS attempt. I think option A is the right answer.
upvoted 0 times
...
Johna
5 months ago
Hmm, I'm a bit confused by the different TCP flag options. I'll need to review my notes on TCP flags and DDoS attacks to figure this out.
upvoted 0 times
...
Freeman
5 months ago
This looks like a tricky one. I'll need to think carefully about the TCP flags and how to detect a SYN/FIN DDoS attack.
upvoted 0 times
...
Aracelis
5 months ago
I'm not totally sure about this one. I'll need to double-check the TCP flag values and think through the DDoS detection logic. Gotta be careful on this exam question.
upvoted 0 times
...
Cathrine
5 months ago
Hmm, I'm a bit unsure here. I know we need to send the confirmation email, but I'm not sure if that should be part of the case configuration or a separate process. I'll have to think this through carefully.
upvoted 0 times
...
Robt
5 months ago
This is a good question to test our understanding of the Database Upgrade Assistant. I'll need to think through each option carefully and make sure I select the two correct situations where this tool can be used.
upvoted 0 times
...
Haydee
10 months ago
I wonder if the answer is 'All of the Above' and we're just supposed to find the most relevant one. Nah, probably not. I'll go with option A and hope I don't get a trick question.
upvoted 0 times
Rose
9 months ago
User 3: I agree, let's go with option A.
upvoted 0 times
...
Lenna
9 months ago
User 2: Yeah, that seems like the most relevant one.
upvoted 0 times
...
Marilynn
9 months ago
User 1: I think the answer is option A.
upvoted 0 times
...
Jenelle
9 months ago
User 3: I agree, let's go with option A and see if it's correct.
upvoted 0 times
...
Vallie
9 months ago
User 2: Yeah, that seems like the most relevant filter for detecting SYN/FIN DDoS attempts.
upvoted 0 times
...
Ronna
10 months ago
User 1: I think the answer is A) tcp.flags==0x003
upvoted 0 times
...
...
Anissa
10 months ago
Wow, these options are really something. I bet the person who wrote this question was having a bit too much fun with the hex values. I'm sticking with option A, though. Gotta keep it simple, you know?
upvoted 0 times
...
Shawnna
10 months ago
Ah, the good old tcp.dstport==7. Classic. But I don't think that's going to help me detect a SYN/FIN DDoS attack. I'll have to go with option A on this one.
upvoted 0 times
Merilyn
8 months ago
User 4: Definitely, tcp.flags==0x003 is the way to go for detecting that type of attack.
upvoted 0 times
...
Malinda
9 months ago
User 3: Yeah, tcp.flags==0x003 is the correct filter for detecting SYN/FIN DDoS.
upvoted 0 times
...
Vallie
9 months ago
User 2: I agree, I think option A (tcp.flags==0x003) is the right choice for detecting SYN/FIN DDoS.
upvoted 0 times
...
Nicolette
10 months ago
User 1: tcp.dstport==7 is a classic filter, but it won't help with SYN/FIN DDoS.
upvoted 0 times
...
...
Tracey
10 months ago
I'm not sure, but I think C) TCP.flags==0x300 could also be a possible filter to detect SYN/FIN DDoS attempts.
upvoted 0 times
...
Quentin
10 months ago
Hmm, option B looks interesting, but I'm not sure if tcp.flags==0X029 is the right way to go. I better double-check the Wireshark documentation just to be safe.
upvoted 0 times
...
Eun
10 months ago
TCP.flags==0x300? Really? That's not even a valid Wireshark filter. I think I'll go with option A - tcp.flags==0x003 to detect SYN/FIN DDoS attacks.
upvoted 0 times
Venita
10 months ago
I agree, TCP.flags==0x300 is not a valid Wireshark filter. Option A is the way to go.
upvoted 0 times
...
Mitzie
10 months ago
Option A - tcp.flags==0x003 is the correct filter for detecting SYN/FIN DDoS attacks.
upvoted 0 times
...
...
Gilma
10 months ago
I agree with Dannie, because SYN/FIN DDoS attacks involve specific TCP flags.
upvoted 0 times
...
Dannie
10 months ago
I think the answer is A) tcp.flags==0x003.
upvoted 0 times
...
Ligia
10 months ago
That makes sense, thanks for explaining. I'll reconsider my answer.
upvoted 0 times
...
Chauncey
10 months ago
I disagree, I believe the correct answer is C) TCP.flags==0x300 because it specifically looks for SYN/FIN flags.
upvoted 0 times
...
Ligia
11 months ago
I think the answer is A) tcp.flags==0x003.
upvoted 0 times
...

Save Cancel