nerdexam
EC-Council

EC0-350 · Question #785

EC0-350 Question #785: Real Exam Question with Answer & Explanation

The correct answer is D. The sniffing interface cannot be detected.. See the full explanation below for the reasoning.

Question

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

Options

  • AUse a ping flood against the IP of the sniffing NIC and look for latency in the responses.
  • BSend your attack traffic and look for it to be dropped by the IDS.
  • CSet your IP to that of the IDS and look for it as it attempts to knock your computer off the network.
  • DThe sniffing interface cannot be detected.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full EC0-350 Practice