Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-38 Exam - Topic 8 Question 87 Discussion

Actual exam question for Eccouncil's 312-38 exam
Question #: 87
Topic #: 8
[All 312-38 Questions]

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Show Suggested Answer Hide Answer
Suggested Answer: A

According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as 'Scans/Probes/Attempted Access'. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.


by Rana at Jul 07, 2024, 09:39 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Matthew
6 months ago
C looks interesting, but I don't think it applies here.
upvoted 0 times
...
Jackie
6 months ago
Wait, are we sure about A? Seems too simple.
upvoted 0 times
...
Willard
6 months ago
Definitely A, I've used it before for DDoS analysis.
upvoted 0 times
...
Casie
7 months ago
I think B is the right one, not A.
upvoted 0 times
...
Felicitas
7 months ago
A is the correct filter for SYN/FIN detection.
upvoted 0 times
...
Marjory
7 months ago
I remember that tcp.dstport==7 is related to echo requests, so it can't be the answer for a DDoS attempt.
upvoted 0 times
...
Cyril
7 months ago
I feel like tcp.flags==0x003 might be the right choice, but I’m a bit confused about the hexadecimal values.
upvoted 0 times
...
Teri
7 months ago
I practiced a similar question last week, and I think it was about identifying flags, but I can't recall the exact values.
upvoted 0 times
...
Shakira
8 months ago
I think I remember that SYN/FIN attacks involve specific TCP flag combinations, but I'm not sure which one it is.
upvoted 0 times
...
Felix
8 months ago
I'm confident that option A is the correct Wireshark filter to detect a SYN/FIN DDoS attack. The TCP flags 0x003 match the SYN/FIN pattern we discussed in class.
upvoted 0 times
...
Ellsworth
8 months ago
Okay, I've got this. The key is to look for the TCP flags that indicate a SYN/FIN DDoS attempt. I think option A is the right answer.
upvoted 0 times
...
Johna
8 months ago
Hmm, I'm a bit confused by the different TCP flag options. I'll need to review my notes on TCP flags and DDoS attacks to figure this out.
upvoted 0 times
...
Freeman
8 months ago
This looks like a tricky one. I'll need to think carefully about the TCP flags and how to detect a SYN/FIN DDoS attack.
upvoted 0 times
...
Aracelis
8 months ago
I'm not totally sure about this one. I'll need to double-check the TCP flag values and think through the DDoS detection logic. Gotta be careful on this exam question.
upvoted 0 times
...
Cathrine
8 months ago
Hmm, I'm a bit unsure here. I know we need to send the confirmation email, but I'm not sure if that should be part of the case configuration or a separate process. I'll have to think this through carefully.
upvoted 0 times
...
Robt
8 months ago
This is a good question to test our understanding of the Database Upgrade Assistant. I'll need to think through each option carefully and make sure I select the two correct situations where this tool can be used.
upvoted 0 times
...
Haydee
1 year ago
I wonder if the answer is 'All of the Above' and we're just supposed to find the most relevant one. Nah, probably not. I'll go with option A and hope I don't get a trick question.
upvoted 0 times
Rose
12 months ago
User 3: I agree, let's go with option A.
upvoted 0 times
...
Lenna
1 year ago
User 2: Yeah, that seems like the most relevant one.
upvoted 0 times
...
Marilynn
1 year ago
User 1: I think the answer is option A.
upvoted 0 times
...
Jenelle
1 year ago
User 3: I agree, let's go with option A and see if it's correct.
upvoted 0 times
...
Vallie
1 year ago
User 2: Yeah, that seems like the most relevant filter for detecting SYN/FIN DDoS attempts.
upvoted 0 times
...
Ronna
1 year ago
User 1: I think the answer is A) tcp.flags==0x003
upvoted 0 times
...
...
Anissa
1 year ago
Wow, these options are really something. I bet the person who wrote this question was having a bit too much fun with the hex values. I'm sticking with option A, though. Gotta keep it simple, you know?
upvoted 0 times
...
Shawnna
1 year ago
Ah, the good old tcp.dstport==7. Classic. But I don't think that's going to help me detect a SYN/FIN DDoS attack. I'll have to go with option A on this one.
upvoted 0 times
Merilyn
11 months ago
User 4: Definitely, tcp.flags==0x003 is the way to go for detecting that type of attack.
upvoted 0 times
...
Malinda
12 months ago
User 3: Yeah, tcp.flags==0x003 is the correct filter for detecting SYN/FIN DDoS.
upvoted 0 times
...
Vallie
1 year ago
User 2: I agree, I think option A (tcp.flags==0x003) is the right choice for detecting SYN/FIN DDoS.
upvoted 0 times
...
Nicolette
1 year ago
User 1: tcp.dstport==7 is a classic filter, but it won't help with SYN/FIN DDoS.
upvoted 0 times
...
...
Tracey
1 year ago
I'm not sure, but I think C) TCP.flags==0x300 could also be a possible filter to detect SYN/FIN DDoS attempts.
upvoted 0 times
...
Quentin
1 year ago
Hmm, option B looks interesting, but I'm not sure if tcp.flags==0X029 is the right way to go. I better double-check the Wireshark documentation just to be safe.
upvoted 0 times
...
Eun
1 year ago
TCP.flags==0x300? Really? That's not even a valid Wireshark filter. I think I'll go with option A - tcp.flags==0x003 to detect SYN/FIN DDoS attacks.
upvoted 0 times
Venita
1 year ago
I agree, TCP.flags==0x300 is not a valid Wireshark filter. Option A is the way to go.
upvoted 0 times
...
Mitzie
1 year ago
Option A - tcp.flags==0x003 is the correct filter for detecting SYN/FIN DDoS attacks.
upvoted 0 times
...
...
Gilma
1 year ago
I agree with Dannie, because SYN/FIN DDoS attacks involve specific TCP flags.
upvoted 0 times
...
Dannie
1 year ago
I think the answer is A) tcp.flags==0x003.
upvoted 0 times
...
Ligia
1 year ago
That makes sense, thanks for explaining. I'll reconsider my answer.
upvoted 0 times
...
Chauncey
1 year ago
I disagree, I believe the correct answer is C) TCP.flags==0x300 because it specifically looks for SYN/FIN flags.
upvoted 0 times
...
Ligia
1 year ago
I think the answer is A) tcp.flags==0x003.
upvoted 0 times
...

Save Cancel