EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 151:

  Clive has been hired to perform a Black-Box test by one of his clients.

  How much information will Clive obtain from the client before commencing his test?

  A. IP Range, OS, and patches installed.
  B. Only the IP address range.
  C. Nothing but corporate name.
  D. All that is available from the client site.
  C. Nothing but corporate name.

  ---

  Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box (with complete knowledge of the infrastructure to be tested). As you might expect, there are conflicting opinions about this choice and the value that either approach will bring to a project.

• Question 152:

  You want to scan the live machine on the LAN, what type of scan you should use?

  A. Connect
  B. SYN
  C. TCP
  D. UDP
  E. PING
  E. PING

  ---

  The ping scan is one of the quickest scans that nmap performs, since no actual ports are queried. Unlike a port scan where thousands of packets are transferred between two stations, a ping scan requires only two frames. This scan is useful for locating active devices or determining if ICMP is passing through a firewall.

• Question 153:

  This is an example of whois record.

  

  Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

  A. Search engines like Google, Bing will expose information listed on the WHOIS record
  B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record
  C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record
  D. IRS Agents will use this information to track individuals using the WHOIS record information
  B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record
  C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

• Question 154:

  What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

  A. Blind Port Scanning
  B. Idle Scanning
  C. Bounce Scanning
  D. Stealth Scanning
  E. UDP Scanning
  B. Idle Scanning

  ---

  from NMAP:-sI Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable "IP fragmentation ID" sequence generation onthe zombie host to glean information about the open ports on the target.

• Question 155:

  You are the security administrator for a large online auction company based out of Los Angeles. After getting your ENSA CERTIFICATION last year, you have steadily been fortifying your network's security including training OS hardening and network security. One of the last things you just changed for security reasons was to modify all the built-in administrator accounts on the local computers of PCs and in Active Directory. After through testing you found and no services or programs were affected by the name changes.

  Your company undergoes an outside security audit by a consulting company and they said that even through all the administrator account names were changed, the accounts could still be used by a clever hacker to gain unauthorized access. You argue with the auditors and say that is not possible, so they use a tool and show you how easy it is to utilize the administrator account even though its name was changed.

  What tool did the auditors use?

  A. sid2user
  B. User2sid
  C. GetAcct
  D. Fingerprint
  A. sid2user

  ---

  User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more.

• Question 156:

  A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

  Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

  

  Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments. Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

  How do you ensure if the e-mail is authentic and sent from fedex.com?

  A. Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all
  B. Check the Sender ID against the National Spam Database (NSD)
  C. Fake mail will have spelling/grammatical errors
  D. Fake mail uses extensive images, animation and flash content
  A. Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all

• Question 157:

  Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library. What is the name of this library?

  A. NTPCAP
  B. LibPCAP
  C. WinPCAP
  D. PCAP
  C. WinPCAP

  ---

  WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

• Question 158:

  Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host?

  A. Honeypot
  B. DMZ host
  C. DWZ host
  D. Bastion Host
  D. Bastion Host

  ---

  A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. Depending on a network's complexity and configuration, a single bastion host may stand guard by itself, or be part of a larger security system with different layers of protection.

• Question 159:

  Which of the following keyloggers can't be detected by anti-virus or anti-spyware products?

  A. Hardware keylogger
  B. Software Keylogger
  C. Stealth Keylogger
  D. Convert Keylogger
  A. Hardware keylogger

  ---

  A hardware keylogger will never interact with the operating system and therefore it will never be detected by any security programs running in the operating system.

• Question 160:

  Jess the hacker runs L0phtCrack's built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has

  access to.

  But Jess is not picking up hashed from the network.

  Why?

  A. The network protocol is configured to use SMB Signing.
  B. The physical network wire is on fibre optic cable.
  C. The network protocol is configured to use IPSEC.
  D. L0phtCrack SMB filtering only works through Switches and not Hubs.
  A. The network protocol is configured to use SMB Signing.

  ---

  To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session.