Eccouncil Exam 312-38 Topic 8 Question 87 Discussion

Actual exam question for Eccouncil's 312-38 exam

Question #: 87
Topic #: 8

[All 312-38 Questions]

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Atcp.flags==0x003

Btcp.flags==0X029

CTCP.flags==0x300

Dtcp.dstport==7

Show Suggested Answer

Suggested Answer: A

According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as 'Scans/Probes/Attempted Access'. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.

by Rana at Jul 07, 2024, 09:39 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Shawnna

5 days ago

Ah, the good old tcp.dstport==7. Classic. But I don't think that's going to help me detect a SYN/FIN DDoS attack. I'll have to go with option A on this one.

upvoted 0 times

...

Tracey

7 days ago

I'm not sure, but I think C) TCP.flags==0x300 could also be a possible filter to detect SYN/FIN DDoS attempts.

upvoted 0 times

...

Quentin

7 days ago

Hmm, option B looks interesting, but I'm not sure if tcp.flags==0X029 is the right way to go. I better double-check the Wireshark documentation just to be safe.

upvoted 0 times

...