EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 331:

  Bob is going to perform an active session hijack against company. He has acquired the target that allows session oriented connections (Telnet) and performs sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.

  So, what is Bob most likely to do next?

  A. Take over the session.
  B. Reverse sequence prediction.
  C. Guess the sequence numbers.
  D. Take one of the parties' offline.
  C. Guess the sequence numbers.

• Question 332:

  SSL has been seen as the solution to several common security problems. Administrators will often make use of SSL to encrypt communication from point A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?

  A. SSL is redundant if you already have IDS in place.
  B. SSL will trigger rules at regular interval and force the administrator to turn them off.
  C. SSL will slow down the IDS while it is breaking the encryption to see the packet content.
  D. SSL will mask the content of the packet and Intrusion Detection System will be blinded.
  D. SSL will mask the content of the packet and Intrusion Detection System will be blinded.

  ---

  Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.

• Question 333:

  What is Hunt used for?

  A. Hunt is used to footprint networks
  B. Hunt is used to sniff traffic
  C. Hunt is used to hack web servers
  D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic
  E. Hunt is used for password cracking
  D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic

  ---

  Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions.

• Question 334:

  Johnny is a member of the hacking group orpheus1. He is currently working on breaking into the Department of Defense's front end exchange server. He was able to get into the server, located in a DMZ, by using an unused service account that had a very weak password that he was able to guess. Johnny wants to crack the administrator password, but does not have a lot of time to crack it. He wants to use a tool that already has the LM hashes computed for all possible permutations of the administrator password.

  What tool would be best used to accomplish this?

  A. RainbowCrack
  B. SMBCrack
  C. SmurfCrack
  D. PSCrack
  A. RainbowCrack

  ---

  RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade- off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

• Question 335:

  Buffer X is an Accounting application module for company can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted.

  Dave decided to insert 400 characters into the 200-character buffer which overflows the buffer. Below is the code snippet:

  Void func (void)

  {int I; char buffer [200];

  for (I=0; I<400; I++)

  buffer (I)= `A';

  return;

  }

  How can you protect/fix the problem of your application as shown above? (Choose two)

  A. Because the counter starts with 0, we would stop when the counter is less then 200.
  B. Because the counter starts with 0, we would stop when the counter is more than 200.
  C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data.
  D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data.
  A. Because the counter starts with 0, we would stop when the counter is less then 200.
  C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data.

  ---

  I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200.

• Question 336:

  Melissa is a virus that attacks Microsoft Windows platforms. To which category does this virus belong?

  A. Polymorphic
  B. Boot Sector infector
  C. System
  D. Macro
  D. Macro

  ---

  The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment.

• Question 337:

  The evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is attempting to perform?

  A. Syn flood
  B. Smurf
  C. Ping of death
  D. Fraggle
  C. Ping of death

• Question 338:

  What is the algorithm used by LM for Windows2000 SAM ?

  A. MD4
  B. DES
  C. SHA
  D. SSL
  B. DES

  ---

  Okay, this is a tricky question. We say B, DES, but it could be A "MD4" depending on what their asking - Windows 2000/XP keeps users passwords not "apparently", but as hashes, i.e. actually as "check sum" of the passwords. Let's go into

  the passwords keeping at large. The most interesting structure of the complex SAM-file building is so called V-block. It's size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length, and hash used

  during the authentication of access to the common resources of other computers LanMan Hash, or simply LM Hash, of the same 16-byte length.

  Algorithms of the formation of these hashes are following:

  NT Hash formation:

  LM Hash formation:

• Question 339:

  Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?

  A. Charlie can use the command: ping -l 56550 172.16.0.45 -t.
  B. Charlie can try using the command: ping 56550 172.16.0.45.
  C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router
  D. He could use the command: ping -4 56550 172.16.0.45.
  A. Charlie can use the command: ping -l 56550 172.16.0.45 -t.

• Question 340:

  What is "Hacktivism"?

  A. Hacking for a cause
  B. Hacking ruthlessly
  C. An association which groups activists
  D. None of the above
  A. Hacking for a cause

  ---

  The term was coined by author/critic Jason Logan King Sack in an article about media artist Shu Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged effects similar to regular activism or civil disobedience.