ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 212 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 212
Topic #: 1
[All 312-50v13 Questions]

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company's IT department decides to implement a combination of several security measures. They permanently add the MAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP. However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

  • A. Use HTTP instead of HTTPS for protecting usernames and passwords
  • B. Implement network scanning and monitoring tools
  • C. Enable network identification broadcasts
  • D. Retrieve MAC addresses from the OS
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by NikoTomas at March 23, 2025, 2:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
2 weeks, 3 days ago
Selected Answer: B
Answer: B o They deployed encrypted protocols (HTTPS, FTPS, etc...) so the communication must be encrypted end-to-end. This means that sniffing, even if it is still ongoing, don’t have an effect (the attacker can’t read encrypted data). If sniffing is still happening, we can suppose that it can be carried out for example on network device (SPAN port, if attacker has such access) or on the endpoint itself (capturing traffic before it gets encrypted – but it is more about malware than network sniffing). However, sniffing can occur on encrypted traffic as well (it has no effect but it is still sniffing on the network). To resolve this tricky situation, implementing network scanning and monitoring tools looks like most appopriate solution - B).
upvoted 1 times
NikoTomas
2 weeks, 3 days ago
Incorrect answers: C) - Network Identification Broadcast is a network-layer broadcast message used by certain legacy systems or protocols to announce the presence of a host or network segment to other devices on the same local network. It's typically used for discovery, name resolution, or service announcement. You do not want to enable it to make your services being advertised to the attacker. D) Retrieve MAC addresses from the OS – well, it may help in ivestigation if there is some communication with suspicious host(s) in the LAN, but I think it doesn’t satisfy question: “step to enhance network security”. But implementing scanning and monitoring tools (B) enhances it.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago