EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 131:

  Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

  A. It is a network fault and the originating machine is in a network loop
  B. It is a worm that is malfunctioning or hardcoded to scan on port 500
  C. The attacker is trying to detect machines on the network which have SSL enabled
  D. The attacker is trying to determine the type of VPN implementation and checking for IPSec
  D. The attacker is trying to determine the type of VPN implementation and checking for IPSec

  ---

  Port 500 is used by IKE (Internet Key Exchange). This is typically used for IPSEC-based VPN software, such as Freeswan, PGPnet, and various vendors of in-a- box VPN solutions such as Cisco. IKE is used to set up the session keys. The actual session is usually sent with ESP (Encapsulated Security Payload) packets, IP protocol 50 (but some in-a-box VPN's such as Cisco are capable of negotiating to send the encrypted tunnel over a UDP channel, which is useful for use across firewalls that block IP protocols other than TCP or UDP).

• Question 132:

  Fingerprinting an Operating System helps a cracker because:

  A. It defines exactly what software you have installed
  B. It opens a security-delayed window based on the port being scanned
  C. It doesn't depend on the patches that have been applied to fix existing security holes
  D. It informs the cracker of which vulnerabilities he may be able to exploit on your system
  D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

  ---

  When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases.

• Question 133:

  You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

  

  What is the hexadecimal value of NOP instruction?

  A. 0x60
  B. 0x80
  C. 0x70
  D. 0x90
  D. 0x90

• Question 134:

  What is a sheepdip?

  A. It is another name for Honeynet
  B. It is a machine used to coordinate honeynets
  C. It is the process of checking physical media for virus before they are used in a computer
  D. None of the above
  C. It is the process of checking physical media for virus before they are used in a computer

  ---

  Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

• Question 135:

  An attacker runs netcat tool to transfer a secret file between two hosts.

  Machine A: netcat -l -p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234

  He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

  A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234
  B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234
  C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password
  D. Use cryptcat instead of netcat
  D. Use cryptcat instead of netcat

  ---

  Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption.

• Question 136:

  You have been using the msadc.pl attack script to execute arbitrary commands on an NT4 web server. While it is effective, you find it tedious to perform extended functions. On further research you come across a perl script that runs the following msadc functions:

  

  What kind of exploit is indicated by this script?

  A. A buffer overflow exploit.
  B. A SUID exploit.
  C. A SQL injection exploit.
  D. A chained exploit.
  E. A buffer under run exploit.
  D. A chained exploit.

• Question 137:

  In the context of Trojans, what is the definition of a Wrapper?

  A. An encryption tool to protect the Trojan.
  B. A tool used to bind the Trojan with legitimate file.
  C. A tool used to encapsulated packets within a new header and footer.
  D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan.
  B. A tool used to bind the Trojan with legitimate file.

  ---

  These wrappers allow an attacker to take any executable back-door program and combine it with any legitimate executable, creating a Trojan horse without writing a single line of new code.

• Question 138:

  Jim was having no luck performing a penetration test on his company's network. He was running the test from home and had downloaded every security scanner he could lay his hands on. Despite knowing the IP range of all of the systems and the exact network configuration, Jim was unable to get any useful results. Why is Jim having these problems?

  A. Security scanners can't perform vulnerability linkage
  B. Security Scanners are not designed to do testing through a firewall
  C. Security Scanners are only as smart as their database and can't find unpublished vulnerabilities
  D. All of the above
  D. All of the above

  ---

  Security scanners are designed to find vulnerabilities but not to use them, also they will only find well known vulnerabilities that and no zero day exploits. Therefore you can't use a security scanner for penetration testing but need a more powerful program.

• Question 139:

  Which is the Novell Netware Packet signature level used to sign all packets ?

  B. 1
  C. 2
  D. 3
  D. 3

  ---

  Level 0 is no signature, Level 3 is communication using signature only.

• Question 140:

  Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

  s-1-5-21-1125394485-807628933-54978560-100Johns s-1-5-21-1125394485-807628933-54978560-652Rebecca s-1-5-21-1125394485-807628933-54978560-412Sheela s-1-5-21-1125394485-807628933-54978560-999Shawn s-1-5-21-1125394485-807628933-54978560-777Somia s-1-5-21-1125394485-807628933-54978560-500chang s-1-5-21-1125394485-807628933-54978560-555Micah

  From the above list identify the user account with System Administrator privileges.

  A. John
  B. Rebecca
  C. Sheela
  D. Shawn
  E. Somia
  F. Chang
  G. Micah
  F. Chang

  ---

  The SID of the built-in administrator will always follow this example: S-1-5-domain-500