EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 221:

  Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

  A. SYN scan
  B. ACK scan
  C. RST scan
  D. Connect scan
  E. FIN scan
  D. Connect scan

  ---

  The TCP full connect (-sT) scan is the most reliable.

• Question 222:

  The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service. Which of the following Database Server was targeted by the slammer worm?

  A. Oracle
  B. MSSQL
  C. MySQL
  D. Sybase
  E. DB2
  B. MSSQL

  ---

  W32.Slammer is a memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in SQL Server 2000 systems and systems with MSDE 2000 that have not applied the patch released by Microsoft Security Bulletin MS02-039.

• Question 223:

  You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this?

  A. copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt
  B. copy secret.txt c:\windows\system32\tcpip.dll:secret.txt
  C. copy secret.txt c:\windows\system32\tcpip.dll |secret.txt
  D. copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt
  B. copy secret.txt c:\windows\system32\tcpip.dll:secret.txt

• Question 224:

  Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless router's management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop.

  What is Paul seeing here?

  A. MAC Spoofing
  B. Macof
  C. ARP Spoofing
  D. DNS Spoofing
  A. MAC Spoofing

  ---

  You can fool MAC filtering by spoofing your MAC address and pretending to have some other computers MAC address.

• Question 225:

  Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack?

  A. Phishing
  B. Denial of Service
  C. Cross Site Scripting
  D. Backdoor installation
  C. Cross Site Scripting

  ---

  This is a typical Type-1 Cross Site Scripting attack. This kind of cross-site scripting hole is also referred to as a non-persistent or reflected vulnerability, and is by far the most common type. These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. If unvalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. A classic example of this is in site search engines: if one searches for a string which includes some HTML special characters, often the search string will be redisplayed on the result page to indicate what was searched for, or will at least include the search terms in the text box for easier editing. If all occurrences of the search terms are not HTML entity encoded, an XSS hole will result.

• Question 226:

  Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of company, he went through a few scanners that are currently available. Here are the scanners that

  he uses:

  However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.

  What would be the best method to accurately identify the services running on a victim host?

  A. Using Cheops-ng to identify the devices of company.
  B. Using the manual method of telnet to each of the open ports of company.
  C. Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for company.
  D. Using the default port and OS to make a best guess of what services are running on each port for company.
  B. Using the manual method of telnet to each of the open ports of company.

  ---

  By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.

• Question 227:

  You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?

  A. Administrator
  B. IUSR_COMPUTERNAME
  C. LOCAL_SYSTEM
  D. Whatever account IIS was installed with
  C. LOCAL_SYSTEM

  ---

  If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM.

• Question 228:

  This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

  A. UDP Scanning
  B. IP Fragment Scanning
  C. Inverse TCP flag scanning
  D. ACK flag scanning
  B. IP Fragment Scanning

• Question 229:

  One of your team members has asked you to analyze the following SOA record. What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.

  A. 200303028
  B. 3600
  C. 604800
  D. 2400
  E. 60
  F. 4800
  D. 2400

  ---

  The SOA includes a timeout value. This value can tell an attacker how long any DNS "poisoning" would last. It is the last set of numbers in the record.

• Question 230:

  BankerFox is a Trojan that is designed to steal users' banking data related to certain banking entities.

  When they access any website of the affected banks through the vulnerable Firefox 3.5 browser, the Trojan is activated and logs the information entered by the user. All the information entered in that website will be logged by the Trojan and transmitted to the attacker's machine using covert channel.

  BankerFox does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

  

  What is the most efficient way an attacker located in remote location to infect this banking Trojan on a victim's machine?

  A. Physical access - the attacker can simply copy a Trojan horse to a victim's hard disk infecting the machine via Firefox add-on extensions
  B. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer
  C. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer
  D. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer
  E. Downloading software from a website? An attacker can offer free software, such as shareware programs and pirated mp3 files
  E. Downloading software from a website? An attacker can offer free software, such as shareware programs and pirated mp3 files