PrepAway - Latest Free Exam Questions & Answers

Which of the following fingerprint types would this solution use?

An administrator has to determine host operating systems on the network and has deployed a
transparent proxy. Which of the following fingerprint types would this solution use?

PrepAway - Latest Free Exam Questions & Answers

A.
Packet

B.
Active

C.
Port

D.
Passive

Explanation:
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device
during standard layer 4 network communications. The combination of parameters may then be used to
infer the remote machine’s operating system (aka, OS fingerprinting), or incorporated into a device
fingerprint.
Certain parameters within the TCP protocol definition are left up to the implementation. Different
operating systems and different versions of the same operating system set different defaults for these
values. By collecting and examining these values, one may differentiate among various operating systems,
and implementations of TCP/IP. Just inspecting the Initial TTL and window size TCP/IP fields is often
enough in order to successfully identify an operating system, which eases the task of performing manual
OS fingerprinting.
Passive OS fingerprinting is the examination of a passively collected sample of packets from a host in
order to determine its operating system platform. It is called passive because it doesn’t involve
communicating with the host being examined.In this question, the proxy will use passive fingerprinting because the proxy is a ‘transparent proxy’. It isn’t
seen by the computer.
Incorrect Answers:
A: Active or Passive fingerprinting can both be called packet fingerprinting because the OS is learned from
the TCP/IP packets. However, ‘packet fingerprinting’ is not a specific term for OS fingerprinting. The other
answers are more specific about the type of fingerprinting used.
B: Active fingerprinting involves sending packets to the target system and examining the response. This
method is not used with transparent proxies.
C: Port fingerprinting is not a method used to discover the operating system of a computer.

https://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting
http://www.windowsecurity.com/articles-tutorials/intrusion_detection/Operating-System-FingerprintingPackets-Part1.html


Leave a Reply