EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 281:

  You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as?

  A. Footprinting
  B. Firewalking
  C. Enumeration
  D. Idle scanning
  B. Firewalking

  ---

  Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker's host to a destination host through a packet-filtering device. This technique can be used to map `open' or `pass through' ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.

• Question 282:

  An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

  A. 2
  B. 256
  C. 512
  D. Over 10,000
  C. 512

  ---

  The hosts with IP address 202.176.56.0-255 and 202.176.56.0-255 will be scanned (256+256=512)

• Question 283:

  The follows is an email header. What address is that of the true originator of the message?

  Return-Path:

  Received: from smtp.com (fw.emumail.com [215.52.220.122]. by raq-221-181.ev1.net (8.10.2/8.10.2. with ESMTP id h78NIn404807 for ; Sat, 9 Aug 2003 18:18:50 -0500 Received: (qmail 12685 invoked from

  network.; 8 Aug 2003 23:25:25 -0000 Received: from ([19.25.19.10].

  by smtp.com with SMTP

  Received: from unknown (HELO CHRISLAPTOP. (168.150.84.123.

  by localhost with SMTP; 8 Aug 2003 23:25:01 -0000

  From: "Bill Gates"

  To: "mikeg"

  Subject: We need your help!

  Date: Fri, 8 Aug 2003 19:12:28 -0400

  Message-ID: <51.32.123.21@CHRISLAPTOP>

  MIME-Version: 1.0

  Content-Type: multipart/mixed;

  boundary="----=_NextPart_000_0052_01C35DE1.03202950"

  X-Priority: 3 (Normal.

  X-MSMail-Priority: Normal

  X-Mailer: Microsoft Outlook, Build 10.0.2627

  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal

  A. 19.25.19.10
  B. 51.32.123.21
  C. 168.150.84.123
  D. 215.52.220.122
  E. 8.10.2/8.10.2
  C. 168.150.84.123

  ---

  Spoofing can be easily achieved by manipulating the "from" name field, however, it is much more difficult to hide the true source address. The "received from" IP address 168.150.84.123 is the true source of the

• Question 284:

  Bank of Timbukut is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web Application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a web browser.

  John Stevens is in charge of information security at Bank of Timbukut. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank's customers had been changed ! However, money hasn't been removed from the bank, instead money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web Application's logs and found the following entries.

  

  What kind of attack did the Hacker attempt to carry out at the Bank?

  A. Brute Force attack in which the Hacker attempted guessing login ID and password from password cracking tools
  B. The Hacker used a generator module to pass results to the Web Server and exploited Web Application CGI vulnerability.
  C. The Hacker first attempted logins with suspected user names, then used SQL injection to gain access to valid login IDs
  D. The Hacker attempted Session Hijacking, in which the hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session.
  C. The Hacker first attempted logins with suspected user names, then used SQL injection to gain access to valid login IDs

  ---

  Typing things like ` or 1=1 in the login field is evidence of a hacker trying out if the system is vulnerable to SQL injection.

• Question 285:

  How do you defend against ARP Poisoning attack? (Select 2 answers) A. Enable DHCP Snooping Binding Table

  

  B. Restrict ARP Duplicates
  C. Enable Dynamic ARP Inspection
  D. Enable MAC snooping Table
  C. Enable Dynamic ARP Inspection

• Question 286:

  Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

  In this context, what would be the most affective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer)

  A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
  B. Hire more computer security monitoring personnel to monitor computer systems and networks.
  C. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
  D. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.
  A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

  ---

  Bridging the gap would consist of educating the white hats and the black hats equally so that their knowledge is relatively the same. Using books, articles, the internet, and professional training seminars is a way of completing this goal.

• Question 287:

  Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

  A. symmetric algorithms
  B. asymmetric algorithms
  C. hashing algorithms
  D. integrity algorithms
  C. hashing algorithms

  ---

  In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.

• Question 288:

  You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

  A. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers
  B. Examining the SMTP header information generated by using the mx command parameter of DIG
  C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address
  D. Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers
  C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address

• Question 289:

  A POP3 client contacts the POP3 server:

  A. To send mail
  B. To receive mail
  C. to send and receive mail
  D. to get the address to send mail to
  E. initiate a UDP SMTP connection to read mail
  B. To receive mail

  ---

  POP is used to receive e-mail.SMTP is used to send e-mail.

• Question 290:

  Bob is a Junior Administrator at ABC Company. On One of Linux machine he entered the following firewall rules:

  iptables t filter A INPUT -p tcp --dport 23 j DROP

  Why he entered the above line?

  A. To accept the Telnet connection
  B. To deny the Telnet connection
  C. The accept all connection except telnet connection
  D. None of Above
  B. To deny the Telnet connection

  ---

  -t, --table This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: filter This is the default table, and contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). nat This table is consulted when a packet which is creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). -A, --append Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. -p, --protocol [!] protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. Also a protocol name from /etc/protocols is allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted. All may not be used in in combination with the check command. --destination-port [!] [port[:port]] Destination port or port range specification. The flag --dport is an alias for this option. -j, --jump target This specifies the target of the rule; ie. what to do if the packet matches it. The target can be a user- defined chain (not the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented.