EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 301:

  Usernames, passwords, e-mail addresses, and the location of CGI scripts may be obtained from which of the following information sources?

  A. Company web site
  B. Search engines
  C. EDGAR Database query
  D. Whois query
  A. Company web site

  ---

  Whois query would not enable us to find the CGI scripts whereas in the actual website, some of them will have scripts written to make the website more user friendly. The EDGAR database would in fact give us a lot of the information requested but not the location of CGI scripts, as would a simple search engine on the Internet if you have the time needed.

• Question 302:

  If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response?

  A. The zombie computer will respond with an IPID of 24334.
  B. The zombie computer will respond with an IPID of 24333.
  C. The zombie computer will not send a response.
  D. The zombie computer will respond with an IPID of 24335.
  C. The zombie computer will not send a response.

• Question 303:

  When working with Windows systems, what is the RID of the true administrator account?

  A. 500
  B. 501
  C. 512
  D. 1001
  E. 1024
  F. 1000
  A. 500

  ---

  The built-in administrator account always has a RID of 500.

• Question 304:

  How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.

  A. Session Splicing
  B. Session Stealing
  C. Session Hijacking
  D. Session Fragmentation
  A. Session Splicing

• Question 305:

  Which type of attack is port scanning?

  A. Web server attack
  B. Information gathering
  C. Unauthorized access
  D. Denial of service attack
  B. Information gathering

• Question 306:

  Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization.

  Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats.

  The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.

  

  What is the risk of installing Fake AntiVirus?

  A. Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums
  B. Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker
  C. Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk
  D. Denial of Service attack will be launched against the infected computer crashing other machines on the connected network
  B. Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker

• Question 307:

  This TCP flag instructs the sending system to transmit all buffered data immediately.

  A. SYN
  B. RST
  C. PSH
  D. URG
  E. FIN
  C. PSH

• Question 308:

  What file system vulnerability does the following command take advantage of?

  type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

  A. HFS
  B. ADS
  C. NTFS
  D. Backdoor access
  B. ADS

  ---

  ADS (or Alternate Data Streams) is a "feature" in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream.

• Question 309:

  Which programming language is NOT vulnerable to buffer overflow attacks?

  A. Java
  B. ActiveX
  C. C++
  D. Assembly Language
  A. Java

  ---

  Perl and Java has boundary checking, hence buffer overflows don't occur. On the other hand, Perl and Java don't offer access to the system that is as deep as some programs need.

• Question 310:

  Which of the following snort rules look for FTP root login attempts?

  A. alert tcp -> any port 21 (msg:"user root";)
  B. alert tcp -> any port 21 (message:"user root";)
  C. alert ftp -> ftp (content:"user password root";)
  D. alert tcp any any -> any any 21 (content:"user root";)
  D. alert tcp any any -> any any 21 (content:"user root";)

  ---

  The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:"user root";)