Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EC-Council
  3. 312-38

EC-Council 312-38 Exam (page: 18)
EC-Council Certified Network Defender
Updated on: 09-Feb-2026

Viewing Page 18 of 125
312-38 PDF 617 Questions

Adam, a malicious hacker, is sniffing an unprotected Wi-FI network located in a local store with Wireshark to capture hotmail e-mail traffic. He knows that lots of people are using their laptops for browsing the Web in the store. Adam wants to sniff their e-mail messages traversing the unprotected Wi-Fi network. Which of the following Wireshark filters will Adam configure to display only the packets with hotmail email messages?

  1. (http = "login.pass.com") && (http contains "SMTP")
  2. (http contains "email") && (http contains "hotmail")
  3. (http contains "hotmail") && (http contains "Reply-To")
  4. (http = "login.passport.com") && (http contains "POP3")

Answer(s): C

Explanation:

Adam will use (http contains "hotmail") && (http contains "Reply-To") filter to display only the packets with hotmail email messages. Each Hotmail message contains the tag Reply-To: and "xxxx-xxx- xxx.xxxx.hotmail.com" in the received tag. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode. Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features: Data can be captured "from the wire" from a live network connection or read from a file that records the already-captured packets. Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback. Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark. Captured files can be programmatically edited or converted via command-line switches to the "editcap" program. Data display can be refined using a display filter. Plugins can be created for dissecting new protocols.
Answer options B, A, and D are incorrect. These are invalid tags.



Which of the following are the distance-vector routing protocols? Each correct answer represents a complete solution. Choose all that apply.

  1. IS-IS
  2. OSPF
  3. IGRP
  4. RIP

Answer(s): C,D

Explanation:

Following are the two distance-vector routing protocols:
RIP: RIP is a dynamic routing protocol used in local and wide area networks. As such, it is classified as an interior gateway protocol (IGP). It uses the distance-vector routing algorithm. It employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. It implements the split horizon, route poisoning, and hold-down mechanisms to prevent incorrect routing information from being propagated.
IGRP: Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary distance vector Interior Gateway Protocol (IGP). It is used by Cisco routers to exchange routing data within an autonomous system (AS). This is a classful routing protocol and does not support variable length subnet masks (VLSM). IGRP supports multiple metrics for each route, including bandwidth, delay, load, MTU, and reliability.
Answer options B and A are incorrect. OSPF and IS-IS are link state routing protocols.



With which of the following forms of acknowledgment can the sender be informed by the data receiver about all segments that have arrived successfully?

  1. Block Acknowledgment
  2. Negative Acknowledgment
  3. Cumulative Acknowledgment
  4. Selective Acknowledgment

Answer(s): D

Explanation:

Selective Acknowledgment (SACK) is one of the forms of acknowledgment. With selective acknowledgments, the sender can be informed by a data receiver about all segments that have arrived successfully, so the sender retransmits only those segments that have actually been lost. The selective acknowledgment extension uses two TCP options: The first is an enabling option, "SACK-permitted", which may be sent in a SYN segment to indicate that the SACK option can be used
once the connection is established. The other is the SACK option itself, which can be sent over an established connection once permission has been given by "SACK-permitted".
Answer option A is incorrect. Block Acknowledgment (BA) was initially defined in IEEE 802.11e as an optional scheme to improve the MAC efficiency. IEEE 802.11n capable devices are also referred to as High Throughput (HT) devices. Instead of transmitting an individual ACK for every MPDU, multiple MPDUs can be acknowledged together using a single BA frame. Block Ack (BA) contains bitmap size of 64*16 bits. Each bit of this bitmap represents the status (success/failure) of an MPDU.
Answer option B is incorrect. With Negative Acknowledgment, the receiver explicitly notifies the sender which packets, messages, or segments were received incorrectly that may need to be retransmitted.
Answer option C is incorrect. With Cumulative Acknowledgment, the receiver acknowledges that it has correctly received a packet, message, or segment in a stream which implicitly informs the sender that the previous packets were received correctly. TCP uses cumulative acknowledgment with its TCP sliding window.



FILL BLANK
Fill in the blank with the appropriate term. _____________ is a method for monitoring the e-mail delivery to the intended recipient.

  1. Email tracking

Answer(s): A

Explanation:

Email tracking is a method for monitoring the e-mail delivery to the intended recipient. Most tracking technologies utilize some form of digitally time-stamped record to reveal the exact time and date at which e- mail was received or opened, as well the IP address of the recipient. When a user uses such tools to send an e-mail, forward an e-mail, reply to an e-mail, or modify an e-mail, the resulting actions and tracks of the original e-mail are logged. The sender is notified of all actions performed on the tracked e-mail by an automatically generated e-mail. eMailTracker Pro and MailTracking.com are the tools that can be used to perform email tracking.



You work as the network administrator for uCertify Inc. The company has planned to add the support for IPv6 addressing. The initial phase deployment of IPv6 requires support from some IPv6-only devices. These devices need to access servers that support only IPv4. Which of the following tools would be suitable to use?

  1. Multipoint tunnels
  2. NAT-PT
  3. Point-to-point tunnels
  4. Native IPv6

Answer(s): B

Explanation:

NAT-PT (Network address translation-Protocol Translation) is useful when an IPv4-only host needs to communicate with an IPv4-only host. NAT-PT (Network Address Translation-Protocol Translation) is an implementation of RFC 2766 as specified by the IETF. NAT-PT was designed so that it can be run on low-end, commodity hardware. NAT-PT runs in user space, capturing and translating packets between the IPv6 and IPv4 networks (and vice-versa). NAT-PT uses the Address Resolution Protocol (ARP) and Neighbor Discovery (ND) on the IPv4 and IPv6 network systems, respectively.

NAT-Protocol Translation can be used to translate both the source and destination IP addresses.
Answer option D is incorrect. Native IPv6 is of use when the IPv6 deployment is pervasive, with heavy traffic loads.
Answer option C is incorrect. Point-to-point tunnels work well when IPv6 is needed only in a subset of sites. These point-to-point tunnels act as virtual point-to-point serial link. These are useful when the traffic is of very high volume.
Answer option A is incorrect. The multipoint tunnels are used for IPv6 deployment even when IPv6 is needed in a subset of sites and is suitable when the traffic is infrequent and of less predictable volume.



Viewing Page 18 of 125



Share your comments for EC-Council 312-38 exam with other users:

vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA