EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 291:

  What is the key advantage of Session Hijacking?

  A. It can be easily done and does not require sophisticated skills.
  B. You can take advantage of an authenticated connection.
  C. You can successfully predict the sequence number generation.
  D. You cannot be traced in case the hijack is detected.
  B. You can take advantage of an authenticated connection.

  ---

  As an attacker you don't have to steal an account and password in order to take advantage of an authenticated connection.

• Question 292:

  Sandra is the security administrator of ABC.com. One day she notices that the ABC.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crime investigations throughout the United States?

  A. NDCA
  B. NICP
  C. CIRP
  D. NPC
  E. CIA
  D. NPC

• Question 293:

  You are sniffing as unprotected WiFi network located in a JonDonalds Cybercafe with Ethereal to capture hotmail e-mail traffic. You see lots of people using their laptops browsing the web while snipping brewed coffee from JonDonalds. You want to sniff their email message traversing the unprotected WiFi network.

  Which of the following ethereal filters will you configure to display only the packets with the hotmail messages?

  A. (http contains "hotmail") andand ( http contains "Reply-To")
  B. (http contains "e-mail" ) andand (http contains "hotmail")
  C. (http = "login.passport.com" ) andand (http contains "SMTP")
  D. (http = "login.passport.com" ) andand (http contains "POP3")
  A. (http contains "hotmail") andand ( http contains "Reply-To")

  ---

  Each Hotmail message contains the tag Reply-To: and "xxxx-xxx- xxx.xxxx.hotmail.com" in the received tag.

• Question 294:

  Which FTP transfer mode is required for FTP bounce attack?

  A. Active Mode
  B. Passive Mode
  C. User Mode
  D. Anonymous Mode
  B. Passive Mode

  ---

  FTP bounce attack needs the server the support passive connections and the client program needs to use PORT command instead of the PASV command.

• Question 295:

  Which type of scan does not open a full TCP connection?

  A. Stealth Scan
  B. XMAS Scan
  C. Null Scan
  D. FIN Scan
  A. Stealth Scan

  ---

  Stealth Scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active.

• Question 296:

  How does a denial-of-service attack work?

  A. A hacker tries to decipher a password by using a system, which subsequently crashes the network
  B. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
  C. A hacker prevents a legitimate user (or group of users) from accessing a service
  D. A hacker uses every character, word, or letter he or she can think of to defeat authentication
  C. A hacker prevents a legitimate user (or group of users) from accessing a service

  ---

  In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).

• Question 297:

  The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

  (Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures):

  can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source destination entries from log entries.)

  

  What can you infer from the above log?

  A. The system is a windows system which is being scanned unsuccessfully.
  B. The system is a web application server compromised through SQL injection.
  C. The system has been compromised and backdoored by the attacker.
  D. The actual IP of the successful attacker is 24.9.255.53.
  A. The system is a windows system which is being scanned unsuccessfully.

• Question 298:

  SNMP is a protocol used to query hosts, servers and devices about performance or health status data. Hackers have used this protocol for a long time to gather great amount of information about remote hosts. Which of the following features makes this possible?

  A. It is susceptible to sniffing
  B. It uses TCP as the underlying protocol
  C. It is used by ALL devices on the market
  D. It uses a community string sent as clear text
  A. It is susceptible to sniffing
  D. It uses a community string sent as clear text

  ---

  SNMP uses UDP, not TCP, and even though many devices uses SNMP not ALL devices use it and it can be disabled on most of the devices that does use it. However SNMP is susceptible to sniffing and the community string (which can be said acts as a password) is sent in clear text.

• Question 299:

  Which of the following built-in C/C++ functions you should avoid to prevent your program from buffer overflow attacks?

  A. strcpy()
  B. strcat()
  C. streadd()
  D. strscock()
  A. strcpy()
  B. strcat()
  C. streadd()

  ---

  When hunting buffer overflows, the first thing to look for is functions which write into arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you're using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str...() family which expect NUL-terminated strings actually get them - store a '\0' in the last element of each array involved just before you call the function, if necessary. Strscock() is not a valid C/C++ function.

• Question 300:

  Which of the following tools are used for footprinting?(Choose four.

  A. Sam Spade
  B. NSLookup
  C. Traceroute
  D. Neotrace
  E. Cheops
  A. Sam Spade
  B. NSLookup
  C. Traceroute
  D. Neotrace

  ---

  All of the tools listed are used for footprinting except Cheops.