EC-COUNCIL 312-49V9 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V9 Online Questions & Answers

• Question 101:

  Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

  A. Graph-based approach
  B. Neural network-based approach
  C. Rule-based approach
  D. Automated field correlation approach
  D. Automated field correlation approach

• Question 102:

  Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system?

  A. Net sessions
  B. Net file
  C. Net config
  D. Net share
  A. Net sessions

• Question 103:

  The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. (Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.) Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

  Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 From the options given below choose the one which best interprets the following entry: Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

  A. An IDS evasion technique
  B. A buffer overflow attempt
  C. A DNS zone transfer
  D. Data being retrieved from 63.226.81.13
  A. An IDS evasion technique

• Question 104:

  Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc.

  Which of the following network attacks refers to a process in which an attacker changes his or her IP address so that he or she appears to be someone else?

  A. IP address spoofing
  B. Man-in-the-middle attack
  C. Denial of Service attack
  D. Session sniffing
  A. IP address spoofing

• Question 105:

  Click on the Exhibit Button To test your website for vulnerabilities, you type in a Quotation mark (? for the username field. After you click Ok, you receive the following error message window: What can you infer from this error window?

  A. SQL injection is not possible
  B. SQL injection is possible
  C. The user for line 3306 in the SQL database has a weak password
  D. The Quotation mark (? is a valid username
  B. SQL injection is possible

• Question 106:

  You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

  A. IBM Methodology
  B. Microsoft Methodology
  C. Google Methodology
  D. LPT Methodology
  D. LPT Methodology

• Question 107:

  In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

  A. The change in the routing fabric to bypass the affected router
  B. More RESET packets to the affected router to get it to power back up
  C. STOP packets to all other routers warning of where the attack originated
  D. RESTART packets to the affected router to get it to power back up
  A. The change in the routing fabric to bypass the affected router

• Question 108:

  What happens when a file is deleted by a Microsoft operating system using the FAT file system?

  A. The file is erased and cannot be recovered
  B. The file is erased but can be recovered partially
  C. A copy of the file is stored and the original file is erased
  D. Only the reference to the file is removed from the FAT and can be recovered
  D. Only the reference to the file is removed from the FAT and can be recovered

• Question 109:

  You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are reQuired MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information posted on the job website considered?

  A. Trade secret
  B. Social engineering exploit
  C. Competitive exploit
  D. Information vulnerability
  D. Information vulnerability

• Question 110:

  Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

  Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

  A. Disallow UDP 53 in from outside to DNS server
  B. Allow UDP 53 in from DNS server to outside
  C. Disallow TCP 53 in from secondaries or ISP server to DNS server
  D. Block all UDP traffic
  A. Disallow UDP 53 in from outside to DNS server