- Home
- EC-COUNCIL
- EC Council Certified Incident Handler (ECIH v3)
- EC-COUNCIL.212-89.v2024-08-30.q74
- Question 30
Valid 212-89 Dumps shared by ExamDiscuss.com for Helping Passing 212-89 Exam! ExamDiscuss.com now offer the newest 212-89 exam dumps, the ExamDiscuss.com 212-89 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 212-89 dumps with Test Engine here:
Access 212-89 Dumps Premium Version
(174 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 30/74
Rose is an incident-handling person and she is responsible for detecting and eliminating any kind of scanning attempts over the network by any malicious threat actors. Rose uses Wireshark tool to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?
Correct Answer: D
A TCP Xmas scan is a type of network scanning technique used by attackers to identify open ports on a target machine. The name "Xmas" comes from the set of flags that are turned on within the packet, making it 'lit up like a Christmas tree'. Specifically, the FIN, PSH, and URG flags are set, which corresponds to the hexadecimal value 0X029 in the TCP header's flags field. Wireshark, a popular network protocol analyzer, allows users to create custom filters to detect specific types of network traffic, including malicious scanning attempts. By using the filtertcp.flags==0X029, Rose can detect packets that have these specific flags set, indicating a potential TCP Xmas scan attempt.
References:The technique of using Wireshark to detect specific types of scans, including the TCP Xmas scan, is covered in cybersecurity training materials and documentation related to network analysis and incident handling, such as those associated with the ECIH certification.
References:The technique of using Wireshark to detect specific types of scans, including the TCP Xmas scan, is covered in cybersecurity training materials and documentation related to network analysis and incident handling, such as those associated with the ECIH certification.
- Question List (74q)
- Question 1: Rica works as an incident handler for an international compa...
- Question 2: Which of the following is a volatile evidence collecting too...
- Question 3: Robert is an incident handler working for Xsecurity Inc. One...
- Question 4: Which of the following is NOT part of the static data collec...
- Question 5: Which of the following has been used to evade IDS and IPS?...
- Question 6: An attack on a network is BEST blocked using which of the fo...
- Question 7: Which of the following is a term that describes the combinat...
- Question 8: QualTech Solutions is a leading security services enterprise...
- Question 9: Elizabeth, who works for OBC organization as an incident res...
- Question 10: Stenley is an incident handler working for Texa Corp. locate...
- Question 11: Which of the following is an attack that occurs when a malic...
- Question 12: An insider threat response plan helps an organization minimi...
- Question 13: QualTech Solutions is a leading security services enterprise...
- Question 14: Alexis works as an incident responder at XYZ organization. S...
- Question 15: Alice is a disgruntled employee. She decided to acquire crit...
- Question 16: Allan performed a reconnaissance attack on his corporate net...
- Question 17: Ikeo Corp, hired an incident response team to assess the ent...
- Question 18: Which of the following is an attack that attempts to prevent...
- Question 19: In which of the following phases of the incident handling an...
- Question 20: ZYX company experienced a DoS/DDoS attack on their network. ...
- Question 21: Jason is setting up a computer forensics lab and must perfor...
- Question 22: Matt is an incident handler working for one of the largest s...
- Question 23: Robert is an incident handler working for Xsecurity Inc. One...
- Question 24: Which of the following does NOT reduce the success rate of S...
- Question 25: Bob, an incident responder at CyberTech Solutions, is invest...
- Question 26: Shally, an incident handler, is working for a company named ...
- Question 27: Identify Sarbanes-Oxley Act (SOX) Title, which consists of o...
- Question 28: Michael is a part of the computer incident response team of ...
- Question 29: Which of the following GPG18 and Forensic readiness planning...
- Question 30: Rose is an incident-handling person and she is responsible f...
- Question 31: Which of the following information security personnel handle...
- Question 32: Auser downloaded what appears to be genuine software. Unknow...
- Question 33: Which of the following is a type of malicious code or softwa...
- Question 34: Joseph is an incident handling and response (IH&R) team ...
- Question 35: Which of the following options describes common characterist...
- Question 36: In which of the following phases of incident handling and re...
- Question 37: BadGuy Bob hid files in the slack space, changed the file he...
- Question 38: Which of the following terms refers to the personnel that th...
- Question 39: An attacker after performing an attack decided to wipe evide...
- Question 40: Darwin is an attacker residing within the organization and i...
- Question 41: Ross is an incident manager (IM) at an organization, and his...
- Question 42: Which of the following risk management processes identifies ...
- Question 43: Miko was hired as an incident handler in XYZ company. His fi...
- Question 44: Which of the following is not called volatile data?...
- Question 45: Stanley works as an incident responder at a top MNC based ou...
- Question 46: Ren is assigned to handle a security incident of an organiza...
- Question 47: You are a systems administrator for a company. You are acces...
- Question 48: Nervous Nat often sends emails with screenshots of what he t...
- Question 49: Oscar receives an email from an unknown source containing hi...
- Question 50: Smith employs various malware detection techniques to thorou...
- Question 51: What is the most recent NIST standard for incident response?...
- Question 52: Racheal is an incident handler working in InceptionTech orga...
- Question 53: Which of the following details are included in the evidence ...
- Question 54: Which of the following is the ECIH phase that involves remov...
- Question 55: Eve's is an incident handler in ABC organization. One day, s...
- Question 56: Employee monitoring tools are mostly used by employers to fi...
- Question 57: Which of the following is a standard framework that provides...
- Question 58: You are talking to a colleague who Is deciding what informat...
- Question 59: Marley was asked by his incident handling and response (IH&a...
- Question 60: Which of the following risk mitigation strategies involves e...
- Question 61: Richard is analyzing a corporate network. After an alert in ...
- Question 62: John is a professional hacker who is performing an attack on...
- Question 63: Khai was tasked with examining the logs from a Linux email s...
- Question 64: Which of the following terms refers to an organization's abi...
- Question 65: Adam is an incident handler who intends to use DBCC LOG comm...
- Question 66: Dan is a newly appointed information security professional i...
- Question 67: Which of the following is a common tool used to help detect ...
- Question 68: Michael is an incident handler at CyberTech Solutions. He is...
- Question 69: An incident handler is analyzing email headers to find out s...
- Question 70: Which of the following techniques helps incident handlers to...
- Question 71: Alex is an incident handler for Tech-o-Tech Inc. and is task...
- Question 72: During the vulnerability assessment phase, the incident resp...
- Question 73: Which of the following are malicious software programs that ...
- Question 74: Shiela is working at night as an incident handler. During a ...
