EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 181:

  How do you defend against MAC attacks on a switch?

  

  A. Disable SPAN port on the switch
  B. Enable SNMP Trap on the switch
  C. Configure IP security on the switch
  D. Enable Port Security on the switch
  D. Enable Port Security on the switch

• Question 182:

  Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies. What do you think is the main reason behind the significant increase in hacking attempts over the past years?

  A. It is getting more challenging and harder to hack for non technical people.
  B. There is a phenomenal increase in processing power.
  C. New TCP/IP stack features are constantly being added.
  D. The ease with which hacker tools are available on the Internet.
  D. The ease with which hacker tools are available on the Internet.

  ---

  Today you don't need to be a good hacker in order to break in to various systems, all you need is the knowledge to use search engines on the internet.

• Question 183:

  Which of the following ICMP message types are used for destinations unreachables?

  B. 3
  C. 11
  D. 13
  E. 17
  B. 3

  ---

  Type 3 messages are used for unreachable messages. 0 is Echo Reply, 8 is Echo request, 11 is time exceeded, 13 is timestamp and 17 is subnet mask request. Learning these would be advisable for the test.

• Question 184:

  

  An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator.

  The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming.

  Google's Gmail was hacked using this technique and attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that

  focused on targeted individuals working for the company.

  What is this deadly attack called?

  A. Spear phishing attack
  B. Trojan server attack
  C. Javelin attack
  D. Social networking attack
  A. Spear phishing attack

• Question 185:

  Sandra is conducting a penetration test for ABC.com. She knows that ABC.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g.

  Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions

  herself around the building several times, Sandra is not able to detect a single AP.

  What do you think is the reason behind this?

  A. Netstumbler does not work against 802.11g.
  B. You can only pick up 802.11g signals with 802.11a wireless cards.
  C. The access points probably have WEP enabled so they cannot be detected.
  D. The access points probably have disabled broadcasting of the SSID so they cannot be detected.
  E. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.
  F. Sandra must be doing something wrong, as there is no reason for her to not see the signals.
  D. The access points probably have disabled broadcasting of the SSID so they cannot be detected.

  ---

  Netstumbler can not detect networks that do not respond to broadcast requests.

• Question 186:

  You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible.

  Which kind of scan would you use to achieve this? (Choose the best answer)

  A. Nessus scan with TCP based pings.
  B. Nmap scan with the sP (Ping scan) switch.
  C. Netcat scan with the u e switches.
  D. Nmap with the sO (Raw IP packets) switch.
  D. Nmap with the sO (Raw IP packets) switch.

  ---

  Running Nmap with the sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified.

• Question 187:

  John has performed a scan of the web server with NMAP but did not gather enough information to accurately identify which operating system is running on the remote host. How could you use a web server to help in identifying the OS that is being used?

  A. Telnet to an Open port and grab the banner
  B. Connect to the web server with an FTP client
  C. Connect to the web server with a browser and look at the web page
  D. Telnet to port 8080 on the web server and look at the default page code
  A. Telnet to an Open port and grab the banner

  ---

  Most Web servers politely identify themselves and the OS to anyone who asks.

• Question 188:

  When referring to the Domain Name Service, what is denoted by a `zone'?

  A. It is the first domain that belongs to a company.
  B. It is a collection of resource records.
  C. It is the first resource record type in the SOA.
  D. It is a collection of domains.
  B. It is a collection of resource records.

  ---

  A reasonable definition of a zone would be a portion of the DNS namespace where responsibility has been delegated.

• Question 189:

  Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

  A. Teardrop
  B. Smurf
  C. Ping of Death
  D. SYN flood
  E. SNMP Attack
  A. Teardrop

  ---

  The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash.

• Question 190:

  While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

  Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ ) Interesting ports on 172.121.12.222: (The 1592 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 25/tcp open smtp 53/tcp closed domain 80/tcp open http 443/tcp open https Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

  What should be your next step to identify the OS?

  A. Perform a firewalk with that system as the target IP
  B. Perform a tcp traceroute to the system using port 53
  C. Run an nmap scan with the -v-v option to give a better output
  D. Connect to the active services and review the banner information
  D. Connect to the active services and review the banner information

  ---

  Most people don't care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.