Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Eccouncil Exam 312-38 Topic 8 Question 87 Discussion

Actual exam question for Eccouncil's 312-38 exam
Question #: 87
Topic #: 8
[All 312-38 Questions]

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Show Suggested Answer Hide Answer
Suggested Answer: A

According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as 'Scans/Probes/Attempted Access'. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.


by Rana at Jul 07, 2024, 09:39 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Haydee
1 months ago
I wonder if the answer is 'All of the Above' and we're just supposed to find the most relevant one. Nah, probably not. I'll go with option A and hope I don't get a trick question.
upvoted 0 times
Rose
6 days ago
User 3: I agree, let's go with option A.
upvoted 0 times
...
Lenna
17 days ago
User 2: Yeah, that seems like the most relevant one.
upvoted 0 times
...
Marilynn
18 days ago
User 1: I think the answer is option A.
upvoted 0 times
...
Jenelle
23 days ago
User 3: I agree, let's go with option A and see if it's correct.
upvoted 0 times
...
Vallie
29 days ago
User 2: Yeah, that seems like the most relevant filter for detecting SYN/FIN DDoS attempts.
upvoted 0 times
...
Ronna
1 months ago
User 1: I think the answer is A) tcp.flags==0x003
upvoted 0 times
...
...
Anissa
2 months ago
Wow, these options are really something. I bet the person who wrote this question was having a bit too much fun with the hex values. I'm sticking with option A, though. Gotta keep it simple, you know?
upvoted 0 times
...
Shawnna
2 months ago
Ah, the good old tcp.dstport==7. Classic. But I don't think that's going to help me detect a SYN/FIN DDoS attack. I'll have to go with option A on this one.
upvoted 0 times
Malinda
2 days ago
User 3: Yeah, tcp.flags==0x003 is the correct filter for detecting SYN/FIN DDoS.
upvoted 0 times
...
Vallie
23 days ago
User 2: I agree, I think option A (tcp.flags==0x003) is the right choice for detecting SYN/FIN DDoS.
upvoted 0 times
...
Nicolette
1 months ago
User 1: tcp.dstport==7 is a classic filter, but it won't help with SYN/FIN DDoS.
upvoted 0 times
...
...
Tracey
2 months ago
I'm not sure, but I think C) TCP.flags==0x300 could also be a possible filter to detect SYN/FIN DDoS attempts.
upvoted 0 times
...
Quentin
2 months ago
Hmm, option B looks interesting, but I'm not sure if tcp.flags==0X029 is the right way to go. I better double-check the Wireshark documentation just to be safe.
upvoted 0 times
...
Eun
2 months ago
TCP.flags==0x300? Really? That's not even a valid Wireshark filter. I think I'll go with option A - tcp.flags==0x003 to detect SYN/FIN DDoS attacks.
upvoted 0 times
Venita
1 months ago
I agree, TCP.flags==0x300 is not a valid Wireshark filter. Option A is the way to go.
upvoted 0 times
...
Mitzie
1 months ago
Option A - tcp.flags==0x003 is the correct filter for detecting SYN/FIN DDoS attacks.
upvoted 0 times
...
...
Gilma
2 months ago
I agree with Dannie, because SYN/FIN DDoS attacks involve specific TCP flags.
upvoted 0 times
...
Dannie
2 months ago
I think the answer is A) tcp.flags==0x003.
upvoted 0 times
...
Ligia
2 months ago
That makes sense, thanks for explaining. I'll reconsider my answer.
upvoted 0 times
...
Chauncey
2 months ago
I disagree, I believe the correct answer is C) TCP.flags==0x300 because it specifically looks for SYN/FIN flags.
upvoted 0 times
...
Ligia
2 months ago
I think the answer is A) tcp.flags==0x003.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77