EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 101:

  Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

  A. They are using UDP that is always authorized at the firewall
  B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended
  C. They have been able to compromise the firewall, modify the rules, and give themselves proper access
  D. They are using an older version of Internet Explorer that allow them to bypass the proxy server
  B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

• Question 102:

  What type of port scan is represented here.

  

  A. Stealth Scan
  B. Full Scan
  C. XMAS Scan
  D. FIN Scan
  A. Stealth Scan

• Question 103:

  Which of the following Trojans would be considered 'Botnet Command Control Center'?

  A. YouKill DOOM
  B. Damen Rock
  C. Poison Ivy
  D. Matten Kit
  C. Poison Ivy

• Question 104:

  Josh is the network administrator for Consultants Galore, an IT consulting firm based in Kansas City. Josh is responsible for the company's entire network which consists of one Windows Server 2003 Active Directory domain. Almost all employees have Remote Desktop access to the servers so they can perform their work duties. Josh has created a security group in Active Directory called "RDP Deny" which contains all the user accounts that should not have Remote Desktop permission to any of the servers. What Group Policy change can Jayson make to ensure that all users in the "RDP Deny" group cannot access the company servers through Remote Desktop?

  A. Josh should add the "RDP Deny" group into the list of Restricted Groups to prevent the users from accessing servers remotely.
  B. By adding the "RDP Deny" group to the "Deny logon as a service" policy, the users in that security group will not be able to establish remote connections to any of the servers.
  C. He should add the "RDP Deny" group to the "Deny RDP connections to member servers" policy.
  D. Josh needs to add the "RDP Deny" group to the "Deny logon through Terminal Services" policy. *
  D. Josh needs to add the "RDP Deny" group to the "Deny logon through Terminal Services" policy. *

• Question 105:

  You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts. Which of the following commands accomplish this?

  A. Machine A#yes AAAAAAAAAAAAAAAAAAAAAA | nc v v l p 2222 > /dev/nullMachine B#yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null
  B. Machine Acat somefile | nc v v l p 2222Machine Bcat somefile | nc othermachine 2222
  C. Machine Anc l p 1234 | uncompress c | tar xvfpMachine Btar cfp - /some/dir | compress c | nc w 3 machinea 1234
  D. Machine Awhile true : donc v l s p 6000 machineb 2Machine Bwhile true ; donc v l s p 6000 machinea 2done
  A. Machine A#yes AAAAAAAAAAAAAAAAAAAAAA | nc v v l p 2222 > /dev/nullMachine B#yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null

  ---

  Machine A is setting up a listener on port 2222 using the nc command and then having the letter A sent an infinite amount of times, when yes is used to send data yes NEVER stops until it recieves a break signal from the terminal (Control+C), on the client end (machine B), nc is being used as a client to connect to machine A, sending the letter B and infinite amount of times, while both clients have established a TCP connection each client is infinitely sending data to each other, this process will run FOREVER until it has been stopped by an administrator or the attacker.

• Question 106:

  After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?

  1.

  mkdir -p /etc/X11/applnk/Internet/.etc

  2.

  mkdir -p /etc/X11/applnk/Internet/.etcpasswd

  3.

  touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

  4.

  touch -acmr /etc /etc/X11/applnk/Internet/.etc

  5.

  passwd nobody -d

  6.

  /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

  7.

  passwd dns -d

  8.

  touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

  9.

  touch -acmr /etc/X11/applnk/Internet/.etc /etc

  A. Change password of user nobody
  B. Extract information from a local directory
  C. Change the files Modification Access Creation times
  D. Download rootkits and passwords into a new directory
  C. Change the files Modification Access Creation times

• Question 107:

  Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

  A. UDP is filtered by a gateway
  B. The packet TTL value is too low and cannot reach the target
  C. The host might be down
  D. The destination network might be down
  E. The TCP windows size does not match
  F. ICMP is filtered by a gateway
  A. UDP is filtered by a gateway
  B. The packet TTL value is too low and cannot reach the target
  C. The host might be down
  F. ICMP is filtered by a gateway

  ---

  If the destination host or the destination network is down there is no way to get an answer and if TTL (Time To Live) is set too low the UDP packets will "die" before reaching the host because of too many hops between the scanning computer and the target. The TCP receive window size is the amount of received data (in bytes) that can be buffered during a connection. The sending host can send only that amount of data before it must wait for an acknowledgment and window update from the receiving host and ICMP is mainly used for echo requests and not in port scans.

• Question 108:

  Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65,536 bytes. What is Lee seeing here?

  A. Lee is seeing activity indicative of a Smurf attack.
  B. Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing.
  C. Lee is seeing a Ping of death attack.
  D. This is not unusual traffic, ICMP packets can be of any size.
  C. Lee is seeing a Ping of death attack.

• Question 109:

  What is the command used to create a binary log file using tcpdump?

  A. tcpdump -r log
  B. tcpdump -w ./log
  C. tcpdump -vde -r log
  D. tcpdump -l /var/log/
  B. tcpdump -w ./log

  ---

  tcpdump [ -adeflnNOpqStvx ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ]

  -w Write the raw packets to file rather than parsing and printing them out.

• Question 110:

  You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?

  A. Use NetScan Tools Pro to conduct the scan
  B. Run nmap XMAS scan against 192.168.1.10
  C. Run NULL TCP hping2 against 192.168.1.10
  D. The firewall is blocking all the scans to 192.168.1.10
  C. Run NULL TCP hping2 against 192.168.1.10