EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 441:

  Which of the following tools are used for enumeration? (Choose three.)

  A. SolarWinds
  B. USER2SID
  C. Cheops
  D. SID2USER
  E. DumpSec
  B. USER2SID
  D. SID2USER
  E. DumpSec

  ---

  USER2SID, SID2USER, and DumpSec are three of the tools used for system enumeration. Others are tools such as NAT and Enum. Knowing which tools are used in each step of the hacking methodology is an important goal of the CEH exam. You should spend a portion of your time preparing for the test practicing with the tools and learning to understand their output.

• Question 442:

  Study the following e-mail message. When the link in the message is clicked, it will take you to an address like: http://hacker.xsecurity.com/in.htm. Note that hacker.xsecurity.com is not an official SuperShopper site! What attack is depicted in the below e-mail?

  Dear SuperShopper valued member,

  Due to concerns, for the safety and integrity of the SuperShopper community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof

  reports.

  If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result to your account cancellation. This

  notification expires within 24 hours.

  Once you have updated your account records your SuperShopper will not be interrupted and will continue as normal.

  Please follow the link below and renew your account information.

  https://www.supershopper.com/cgi-bin/webscr?cmd=update-run

  SuperShopper Technical Support http://www.supershopper.com

  A. Phishing attack
  B. E-mail spoofing
  C. social engineering
  D. Man in the middle attack
  A. Phishing attack

  ---

  Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.

• Question 443:

  Which of the following is the primary objective of a rootkit?

  A. It opens a port to provide an unauthorized service
  B. It creates a buffer overflow
  C. It replaces legitimate programs
  D. It provides an undocumented opening in a program
  C. It replaces legitimate programs

  ---

  Actually the objective of the rootkit is more to hide the fact that a system has been compromised and the normal way to do this is by exchanging, for example, ls to a version that doesn't show the files and process implanted by the attacker.

• Question 444:

  Justine is the systems administrator for her company, an international shipping company with offices all over the world. Recent US regulations have forced the company to implement stronger and more secure means of communication. Justine and other administrators have been put in charge of securing the company's digital communication lines. After implementing email encryption, Justine now needs to implement robust digital signatures to ensure data authenticity and reliability. Justine has decided to implement digital signatures which are a variant of DSA and that operate on elliptical curve groups. These signatures are more efficient than DSA and are not vulnerable to a number field sieve attacks.

  What type of signature has Justine decided to implement?

  A. She has decided to implement ElGamal signatures since they offer more reliability than the typical DSA signatures
  B. Justine has decided to use ECDSA signatures since they are more efficient than DSA signatures
  C. Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliability
  D. These types of signatures that Justine has decided to use are called RSA-PSS signatures
  B. Justine has decided to use ECDSA signatures since they are more efficient than DSA signatures

  ---

  The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic curve cryptography. http://en.wikipedia.org/wiki/Elliptic_Curve_DSA

• Question 445:

  You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.

  What should be the next logical step that should be performed?

  A. Connect to open ports to discover applications.
  B. Perform a ping sweep to identify any additional systems that might be up.
  C. Perform a SYN scan on port 21 to identify any additional systems that might be up.
  D. Rescan every computer to verify the results.
  C. Perform a SYN scan on port 21 to identify any additional systems that might be up.

  ---

  As ICMP is blocked you'll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems.

• Question 446:

  Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

  He receives the following SMS message during the weekend.

  

  An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command. Which of the following hping2 command is responsible for the above snort alert?

  A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118
  B. chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118
  C. chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118
  D. chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118
  A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118

• Question 447:

  Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(? s? str). What attack will his program expose the web application to?

  A. Cross Site Scripting
  B. SQL injection Attack
  C. Format String Attack
  D. Unicode Traversal Attack
  C. Format String Attack

  ---

  Format string attacks are a new class of software vulnerability discovered around 1999, previously thought harmless. Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write back the number of bytes formatted to the same argument to printf(), assuming that the corresponding argument exists, and is of type int * .

• Question 448:

  John is a keen administrator, and has followed all of the best practices as he could find on securing his Windows Server. He has renamed the Administrator account to a new name that he is sure cannot be easily guessed. However, there are people who already attempt to compromise his newly renamed administrator account.

  How is it possible for a remote attacker to decipher the name of the administrator account if it has been renamed?

  A. The attacker used the user2sid program.
  B. The attacker used the sid2user program.
  C. The attacker used nmap with the V switch.
  D. The attacker guessed the new name.
  B. The attacker used the sid2user program.

  ---

  User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection.

• Question 449:

  What is Cygwin?

  A. Cygwin is a free C++ compiler that runs on Windows
  B. Cygwin is a free Unix subsystem that runs on top of Windows
  C. Cygwin is a free Windows subsystem that runs on top of Linux
  D. Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment
  B. Cygwin is a free Unix subsystem that runs on top of Windows

  ---

  Cygwin is a Linux-like environment for Windows. It consists of two parts:

  A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux API functionality. A collection of tools which provide Linux look and feel. The Cygwin DLL works with all non-beta, non "release candidate", ix86 32 bit

  versions of Windows since Windows 95, with the exception of Windows CE.

• Question 450:

  Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

  A. RSA, LSA, POP
  B. SSID, WEP, Kerberos
  C. SMB, SMTP, Smart card
  D. Kerberos, Smart card, Stanford SRP
  D. Kerberos, Smart card, Stanford SRP

  ---

  Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer.