Download PASSEMALL Prep app now
Scan QR code or get instant email to install app
Question:
The following Wireshark display filter is appropriate: The search string is contained in tcp.
Comments
Your email address will not be published. Required fields are marked *
Comment *
Name*
Email*
URL
Save my name, email, and website in this browser for the next time I comment.
(Select all that apply) Which of the following active sniffer techniques are acceptable for a switched network?
ARP poisoning
MAC flooding
At Layer 5 of the OSI model, which of the following works?
Circuit-level firewall
Which type of IDS is in place in the case that an IDS installed on the network perimeter sees a spike in traffic during off-duty hours and begins logging and alerting?
Anomaly based
When an IDS does not suitably identify a malicious packet entering the network, what takes place?
False negative
What driver and library are required to allow the NIC to work in promiscuous mode In setting up Wireshark if a pen tester is configuring a Windows laptop for a test?
winpcap
In which of the following situation would you select a proxy server?
You want to filter Internet traffic for internal systems.
Which of the following is most likely true in the situation that your customer tells you they understand beyond a doubt an attacker is sending messages back and forth from their network, yet the IDS doesn’t appear to be alerted on the traffic?
The attacker is sending messages over an SSL tunnel.
Which of the following rules are correct for this situation: You are configuring Snort rules and want an alert message of "Attempted FTP" on any FTP packet originating from an outside IP and destined for one of your internal hosts.
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:″Attempted FTP″)
The best describes a honeypot is which of the following?
It is used to gather information about potential network attackers.
(Select all that apply) Which of the following statements are true? An attacker attached a laptop to a switch port and activated a sniffer. The NIC is set to promiscuous mode, and the laptop is left alone for a few hours to collect information.
The packet capture will provide the MAC addresses of other machines connected to the switch.
The packet capture will display all traffic intended for the laptop.
Which of the following best describes active sniffing? (Select all that apply.)
Active sniffing is usually required when switches are in place.
Active sniffing is easier to detect than passive sniffing.
(Select all that apply) Which of the following Wireshark filters would show all traffic coming from or going to systems on the 172.17.15.0/24 subnet?
ip.addr == 172.17.15.0/24
ip.src == 172.17.15.0/24 or ip.dst == 172.17.15.0/24
Machine A (MAC address 00-01-02-AA-BB-CC) and Machine B (MAC address 00-01-02-BB-CC-DD) are on the same subnet. Machine C is on a different subnet and has the address 00-01-02-CCDD-EE. Machine B delivers a communication to Machine C while the attacker is sniffing on the fully switched network. Which of the following conditions would be required for an attacker on Machine A to get a copy of this message?
The ARP cache of Machine B would need to be poisoned, changing the entry for the default gateway to 00-01-02-AA-BB-CC.
Comments