Eccouncil Exam 312-38 Topic 8 Question 87 Discussion

Actual exam question for Eccouncil's 312-38 exam

Question #: 87
Topic #: 8

[All 312-38 Questions]

Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on

the network?

Atcp.flags==0x003

Btcp.flags==0X029

CTCP.flags==0x300

Dtcp.dstport==7

Show Suggested Answer

Suggested Answer: A

According to NIST guidelines, the incident category that includes activities seeking to access or identify a federal agency computer, open ports, protocols, services, or any combination thereof for later exploitation is categorized as 'Scans/Probes/Attempted Access'. This category encompasses any unauthorized attempts to access systems, networks, or data, which may include scanning for vulnerabilities or probing to discover open ports and services.

by Rana at Jul 07, 2024, 09:39 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ligia

3 days ago

I think the answer is A) tcp.flags==0x003.

upvoted 0 times

...