EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 381:

  What is Form Scalpel used for?

  A. Dissecting HTML Forms
  B. Dissecting SQL Forms
  C. Analysis of Access Database Forms
  D. Troubleshooting Netscape Navigator
  E. Quatro Pro Analysis Tool
  A. Dissecting HTML Forms

  ---

  Form Scalpel automatically extracts forms from a given web page and splits up all fields for editing and manipulation.

• Question 382:

  John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately. What would you suggest to John to help identify the OS that is being used on the remote web server?

  A. Connect to the web server with a browser and look at the web page.
  B. Connect to the web server with an FTP client.
  C. Telnet to port 8080 on the web server and look at the default page code.
  D. Telnet to an open port and grab the banner.
  D. Telnet to an open port and grab the banner.

  ---

  Most people don't care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.

• Question 383:

  Steven the hacker realizes that the network administrator of company is using syskey to protect organization resources in the Windows 2000 Server. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker" targeting the Windows 2000 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch attach.

  How many bits does Syskey use for encryption?

  A. 40 bit
  B. 64 bit
  C. 256 bit
  D. 128 bit
  D. 128 bit

  ---

  SYSKEY is a utility that encrypts the hashed password information in a SAM database using a 128-bit encryption key.

• Question 384:

  What is the correct order of steps in CEH System Hacking Cycle?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

• Question 385:

  The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.

  What kind of attack is this program susceptible to?

  A. Buffer of Overflow
  B. Denial of Service
  C. Shatter Attack
  D. Password Attack
  A. Buffer of Overflow

  ---

  C users must avoid using dangerous functions that do not check bounds unless they've ensured that the bounds will never get exceeded. A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer's boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program.

• Question 386:

  You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open.

  Which one of the following statements is probably true?

  A. The systems have all ports open.
  B. The systems are running a host based IDS.
  C. The systems are web servers.
  D. The systems are running Windows.
  D. The systems are running Windows.

  ---

  The null scan turns off all flags, creating a lack of TCP flags that should never occur in the real world. If the port is closed, a RST frame should be returned and a null scan to an open port results in no response. Unfortunately Microsoft (like usual) decided to completely ignore the standard and do things their own way. Thus this scan type will not work against systems running Windows as they choose not to response at all. This is a good way to distinguish that the system being scanned is running Microsoft Windows.

• Question 387:

  Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company

  secrets and intellectual property to competitors for monitory benefits.

  Here are some of the symptoms of a disgruntled employee,.

  These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)

  A. Frequently leaves work early, arrive late or call in sick
  B. Spends time surfing the Internet or on the phone
  C. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments
  D. Always negative; finds fault with everything
  E. Limit access to the applications they can run on their desktop computers and enforce strict work hour rules
  F. By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees
  G. Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed
  H. Limit Internet access, e-mail communications, access to social networking sites and job hunting portals
  B. Spends time surfing the Internet or on the phone
  C. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments

• Question 388:

  Joseph has just been hired on to a contractor company of the Department of Defense as their senior Security Analyst. Joseph has been instructed on the Company's strict security policies that have been implemented and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph's supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number.

  Joseph's company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication?

  A. Security token
  B. Biometric device
  C. OTP
  D. Proximity cards
  A. Security token

  ---

  A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in.

• Question 389:

  The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. From the options given below choose the one best interprets the following

  entry:

  Apr 26 06:43:05 [6282] IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

  (Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

  

  Interpret the following entry:

  Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107.53

  A. An IDS evasion technique
  B. A buffer overflow attempt
  C. A DNS zone transfer
  D. Data being retrieved from 63.226.81.13.
  B. A buffer overflow attempt

  ---

  The IDS log file is depicting numerous attacks, however, most of them are from different attackers, in reference to the attack in question, he is trying to mask his activity by trying to act legitimate, during his session on the honeypot, he changes users two times by using the "su" command, but never triess to attempt anything to severe.

• Question 390:

  A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?

  A. The CEO of the company because he has access to all of the computer systems
  B. A government agency since they know the company computer system strengths and weaknesses
  C. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants
  D. A competitor to the company because they can directly benefit from the publicity generated by making such an attack
  C. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants

  ---

  An insider is anyone who already has an foot inside one way or another.