EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 401:

  A denial of Service (DoS) attack works on the following principle:

  A. MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.
  B. All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.
  C. Overloaded buffer systems can easily address error conditions and respond appropriately.
  D. Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).
  E. A server stops accepting connections from certain networks one those network become flooded.
  D. Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).

  ---

  Denial-of-service (often abbreviated as DoS) is a class of attacks in which an attacker attempts to prevent legitimate users from accessing an Internet service, such as a web site. This can be done by exercising a software bug that causes the software running the service to fail (such as the "Ping of Death" attack against Windows NT systems), sending enough data to consume all available network bandwidth (as in the May, 2001 attacks against Gibson Research), or sending data in such a way as to consume a particular resource needed by the service.

• Question 402:

  Attackers target HINFO record types stored on a DNS server to enumerate information. These are information records and potential source for reconnaissance. A network administrator has the option of entering host information specifically the CPU type and operating system when creating a new DNS record. An attacker can extract this type of information easily from a DNS server.

  Which of the following commands extracts the HINFO record?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

• Question 403:

  Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?

  A. He can use SNMPv3
  B. Jake can use SNMPrev5
  C. He can use SecWMI
  D. Jake can use SecSNMP
  A. He can use SNMPv3

• Question 404:

  Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?

  A. Spoof Attack
  B. Smurf Attack
  C. Man in the Middle Attack
  D. Trojan Horse Attack
  E. Back Orifice Attack
  D. Trojan Horse Attack
  E. Back Orifice Attack

  ---

  To compromise the data, the attack would need to be executed before the encryption takes place at either end of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host computers. In both cases, the data would be compromised either before encryption or after decryption, so IPsec is not preventing the attack.

• Question 405:

  Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

  A. Snow
  B. Gif-It-Up
  C. NiceText
  D. Image Hide
  A. Snow

  ---

  The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.

• Question 406:

  Exhibit:

  

  Please study the exhibit carefully.

  Which Protocol maintains the communication on that way?

  A. UDP
  B. IP
  C. TCP
  D. ARP
  E. RARP
  C. TCP

  ---

  A TCP connection is always initiated with the 3-way handshake, which establishes and negotiates the actual connection over which data will be sent.

• Question 407:

  On wireless networks, a SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless network?

  A. The SSID is only 32 bits in length
  B. The SSID is transmitted in clear text
  C. The SSID is to identify a station not a network
  D. The SSID is the same as the MAC address for all vendors
  B. The SSID is transmitted in clear text

  ---

  The use of SSIDs is a fairly weak form of security, because most access points broadcast the SSID, in clear text, multiple times per second within the body of each beacon frame. A hacker can easily use an 802.11 analysis tool (e.g., AirMagnet, Netstumbler, or AiroPeek) to identify the SSID.

• Question 408:

  WEP is used on 802.11 networks, what was it designed for?

  A. WEP is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what it usually expected of a wired LAN.
  B. WEP is designed to provide strong encryption to a wireless local area network (WLAN) with a lever of integrity and privacy adequate for sensible but unclassified information.
  C. WEP is designed to provide a wireless local area network (WLAN) with a level of availability and privacy comparable to what is usually expected of a wired LAN.
  D. WEOP is designed to provide a wireless local area network (WLAN) with a level of privacy comparable to what it usually expected of a wired LAN.
  A. WEP is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what it usually expected of a wired LAN.

  ---

  WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts -any WEP key can be cracked with readily available software in two minutes or less -- and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004.

• Question 409:

  While reviewing the result of scanning run against a target network you come across the following:

  

  Which among the following can be used to get this output?

  A. A Bo2k system query.
  B. nmap protocol scan
  C. A sniffer
  D. An SNMP walk
  D. An SNMP walk

  ---

  SNMP lets you "read" information from a device. You make a query of the server (generally known as the "agent"). The agent gathers the information from the host system and returns the answer to your SNMP client. It's like having a single interface for all your informative Unix commands. Output like system.sysContact.0 is called a MIB.

• Question 410:

  How would you permanently wipe the data in the hard disk?

  A. wipe -fik /dev/hda1
  B. erase -fik /dev/hda1
  C. delete -fik /dev/hda1
  D. secdel -fik /dev/hda1
  A. wipe -fik /dev/hda1