Free Access to ECCouncil.212-82.v2024-11-23.q101 with Valid Practice Test (Page 16)

Question 71

Tenda, a network specialist at an organization, was examining logged data using Windows Event Viewer to identify attempted or successful unauthorized activities. The logs analyzed by Tenda include events related to Windows security; specifically, log-on/log-off activities, resource access, and also information based on Windows system's audit policies.
Identify the type of event logs analyzed by Tenda in the above scenario.

A.Application event log
B.Setup event log
C.System event log
D.Security event log

Question 72

A startup firm contains various devices connected to a wireless network across the floor. An AP with Internet connectivity is placed in a corner to allow wireless communication between devices. To support new devices connected to the network beyond the APS range, an administrator used a network device that extended the signals of the wireless AP and transmitted it to uncovered area, identify the network component employed by the administrator to extend signals in this scenario.

A.Wireless repeater
B.Wireless bridge
C.wireless modem
D.Wireless router

Question 73

Anderson, a security engineer, was Instructed to monitor all incoming and outgoing traffic on the organization's network to identify any suspicious traffic. For this purpose, he employed an analysis technique using which he analyzed packet header fields such as IP options, IP protocols, IP fragmentation flags, offset, and identification to check whether any fields are altered in transit.
Identify the type of attack signature analysis performed by Anderson in the above scenario.

A.Context-based signature analysis
B.Atomic-signature-based analysis
C.Composite-signature-based analysis
D.Content-based signature analysis

Question 74

Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packet, but the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?

A.Desynchronization
B.Obfuscating
C.Session splicing
D.Urgency flag

Correct Answer: B

Obfuscating is the technique used by Kevin to evade the IDS system in the above scenario. Obfuscating is a technique that involves encoding or modifying packets or data with various methods or characters to make them unreadable or unrecognizable by an IDS (Intrusion Detection System). Obfuscating can be used to bypass or evade an IDS system that relies on signatures or patterns to detect malicious activities. Obfuscating can include encoding packets with Unicode characters, which are characters that can represent various languages and symbols. The IDS system cannot recognize the packet, but the target web server can decode them and execute them normally. Desynchronization is a technique that involves creating discrepancies or inconsistencies between the state of a connection as seen by an IDS system and the state of a connection as seen by the end hosts. Desynchronization can be used to bypass or evade an IDS system that relies on stateful inspection to track and analyze connections. Desynchronization can include sending packets with invalid sequence numbers, which are numbers that indicate the order of packets in a connection. Session splicing is a technique that involves splitting or dividing packets or data into smaller fragments or segments to make them harder to detect by an IDS system. Session splicing can be used to bypass or evade an IDS system that relies on packet size or content to detect malicious activities. Session splicing can include sending packets with small MTU (Maximum Transmission Unit) values, which are values that indicate the maximum size of packets that can be transmitted over a network. An urgency flag is a flag in the TCP (Transmission Control Protocol) header that indicates that the data in the packet is urgent and should be processed immediately by the receiver. An urgency flag is not a technique to evade an IDS system, but it can be used to trigger an IDS system to generate an alert or a response.

Question 75

An international bank recently discovered a security breach in its transaction processing system. The breach involved a sophisticated malware that not only bypassed the standard antivirus software but also remained undetected by the intrusion detection systems for months. The malware was programmed to intermittently alter transaction values and transfer small amounts to a foreign account, making detection challenging due to the subtlety of its actions. After a thorough investigation, cybersecurity experts identified the nature of this malware. Which of the following best describes the type of malware used in this breach?

A.Ransomware, encrypting transaction data to extort money from the bank
B.presenting itself as legitimate software while performing malicious transactions
C.Spyware, gathering sensitive information about the bank's transactions and customers Rootki'
D.embedding itself deeply in the system to manipulate transaction processes

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File