EC-COUNCIL Certified Ethical Hacker 312-50 Questions & Answers

• Question 21:

  Which of the following activities will NOT be considered as passive footprinting?

  A. Go through the rubbish to find out any information that might have been discarded.

  B. Search on financial site such as Yahoo Financial to identify assets.

  C. Scan the range of IP address found in the target DNS database.

  D. Perform multiples queries using a search engine.

  Correct Answer: C

  Passive footprinting is a method in which the attacker never makes contact with the target systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the systems behind the IP addresses that is targeted by the scan.

• Question 22:

  User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

  A. 18 U.S.C 1029 Possession of Access Devices

  B. 18 U.S.C 1030 Fraud and related activity in connection with computers

  C. 18 U.S.C 1343 Fraud by wire, radio or television

  D. 18 U.S.C 1361 Injury to Government Property

  E. 18 U.S.C 1362 Government communication systems

  F. 18 U.S.C 1831 Economic Espionage Act

  G. 18 U.S.C 1832 Trade Secrets Act

  Correct Answer: B

  http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html

• Question 23:

  You are footprinting Acme.com to gather competitive intelligence. You visit the acme.com websire for contact information and telephone number numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but now it is not there. How would it be possible for you to retrieve information from the website that is outdated?

  A. Visit google search engine and view the cached copy.

  B. Visit Archive.org site to retrieve the Internet archive of the acme website.

  C. Crawl the entire website and store them into your computer.

  D. Visit the company's partners and customers website for this information.

  Correct Answer: B

  The Internet Archive (IA) is a non-profit organization dedicated to maintaining an archive of Web and multimedia resources. Located at the Presidio in San Francisco, California, this archive includes "snapshots of the World Wide Web" (archived copies of pages, taken at various points in time), software, movies, books, and audio recordings (including recordings of live concerts from bands that allow it). This site is found at www.archive.org.

• Question 24:

  

  Which of the following nmap command in Linux procedures the above output?

  A. sudo nmap sP 192.168.0.1/24

  B. root nmap sA 192.168.0.1/24

  C. run nmap TX 192.168.0.1/24

  D. launch nmap PP 192.168.0.1/24

  Correct Answer: A

  This is an output from a ping scan. The option sP will give you a ping scan of the 192.168.0.1/24 network.

• Question 25:

  While reviewing the results of a scan run against a target network you come across the following:

  

  What was used to obtain this output?

  A. An SNMP Walk

  B. Hping2 diagnosis

  C. A Bo2K System query

  D. Nmap protocol/port scan

  Correct Answer: A

  The snmpwalk command is designed to perform a sequence of chained GETNEXT requests automatically, rather than having to issue the necessary snmpgetnext requests by hand. The command takes a single OID, and will display a list of all the results which lie within the subtree rooted on this OID.

• Question 26:

  You are conducting an idlescan manually using HPING2. During the scanning process, you notice that almost every query increments the IPID- regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of he following options would be a possible reason?

  A. Hping2 can't be used for idlescanning

  B. The Zombie you are using is not truly idle

  C. These ports are actually open on the target system

  D. A stateful inspection firewall is resetting your queries

  Correct Answer: B

  If the IPID increments more than one value that means that there has been network traffic between the queries so the zombie is not idle.

• Question 27:

  Which of the following is a patch management utility that scans one or more computers on your network and alerts you if you important Microsoft Security patches are missing. It then provides links that enable those missing patches to be downloaded and installed.

  A. MBSA

  B. BSSA

  C. ASNB

  D. PMUS

  Correct Answer: A

  The Microsoft Baseline Security Analyzer (MBSA) is a tool put out by Microsoft to help analyze security problems in Microsoft Windows. It does this by scanning the system for security problems in Windows, Windows components such as the IIS web server application, Microsoft SQL Server, and Microsoft Office. One example of an issue might be that permissions for one of the directories in the wwwroot folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.

• Question 28:

  Gerald, the systems administrator for Hyped Enterprise, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, his discovers numerous remote tools were installed that no one claims to have knowledge of in his department.

  Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to proxy server in Brazil.

  Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China.

  What tool Geralds's attacker used to cover their tracks?

  A. Tor

  B. ISA

  C. IAS

  D. Cheops

  Correct Answer: A

  Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

• Question 29:

  Study the log below and identify the scan type. tcpdump w host 192.168.1.10

  

  A. nmap R 192.168.1.10

  B. nmap S 192.168.1.10

  C. nmap V 192.168.1.10

  D. nmap sO T 192.168.1.10

  Correct Answer: D

  -sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine.

• Question 30:

  Which type of scan does not open a full TCP connection?

  A. Stealth Scan

  B. XMAS Scan

  C. Null Scan

  D. FIN Scan

  Correct Answer: A

  Stealth Scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active.