EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 451:

  Theresa is an IT security analyst working for the United Kingdom Internet Crimes Bureau in London. Theresa has been assigned to the software piracy division which focuses on taking down individual and organized groups that distribute copyrighted software illegally. Theresa and her division have been responsible for taking down over 2,000 FTP sites hosting copyrighted software. Theresa's supervisor now wants her to focus on finding and taking down websites that host illegal pirated software. What are these sights called that Theresa has been tasked with taking down?

  A. These sites that host illegal copyrighted software are called Warez sites
  B. These sites that Theresa has been tasked to take down are called uTorrent sites
  C. These websites are referred to as Dark Web sites
  D. Websites that host illegal pirated versions of software are called Back Door sites
  A. These sites that host illegal copyrighted software are called Warez sites

  ---

  The Warez scene, often referred to as The Scene (often capitalized) is a term of self-reference used by a community that specializes in the underground distribution of pirated content, typically software but increasingly including movies and music.

• Question 452:

  In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them:

  FIN = 1 SYN = 2 RST = 4 PSH = 8 ACK = 16 URG = 32 ECE = 64 CWR = 128

  Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters.

  

  What is Jason trying to accomplish here?

  A. SYN, FIN, URG and PSH
  B. SYN, SYN/ACK, ACK
  C. RST, PSH/URG, FIN
  D. ACK, ACK, SYN, URG
  B. SYN, SYN/ACK, ACK

• Question 453:

  Your boss at ABC.com asks you what are the three stages of Reverse Social Engineering.

  A. Sabotage, advertising, Assisting
  B. Sabotage, Advertising, Covering
  C. Sabotage, Assisting, Billing
  D. Sabotage, Advertising, Covering
  A. Sabotage, advertising, Assisting

  ---

  Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker.

• Question 454:

  Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an

  urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!''

  From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of

  his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site.

  To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem

  connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

  H@cker Mess@ge:

  Y0u @re De@d! Fre@ks!

  After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every

  system file and all the Web content on the server were intact.

  How did the attacker accomplish this hack?

  A. ARP spoofing
  B. SQL injection
  C. DNS poisoning
  D. Routing table injection
  C. DNS poisoning

  ---

  External calls for the Web site has been redirected to another server by a successful DNS poisoning.

• Question 455:

  Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency's network. The firm first sets up a sniffer on the agency's wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency's wireless network to capture the same amount of traffic. This capture only takes about 30 minutes to get 10 GB of data.

  Why did capturing of traffic take much less time on the wireless network?

  A. Because wireless access points act like hubs on a network
  B. Because all traffic is clear text, even when encrypted
  C. Because wireless traffic uses only UDP which is easier to sniff
  D. Because wireless networks can't enable encryption
  A. Because wireless access points act like hubs on a network

  ---

  You can not have directed radio transfers over a WLAN. Every packet will be broadcasted as far as possible with no concerns about who might hear it.

• Question 456:

  Gerald is a Certified Ethical Hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit of the company's network. One of the company's primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company's home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses a session hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client's session; he simply monitors the traffic that passes between it and the server.

  What type of session attack is Gerald employing here?

  A. He is utilizing a passive network level hijack to see the session traffic used to communicate between the two devices
  B. Gerald is using a passive application level hijack to monitor the client and server traffic
  C. This type of attack would be considered an active application attack since he is actively monitoring the traffic
  D. This type of hijacking attack is called an active network attack
  C. This type of attack would be considered an active application attack since he is actively monitoring the traffic

  ---

  Session Hijacking is an active attack

• Question 457:

  You are footprinting an organization to gather competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but not it is not there.

  How would it be possible for you to retrieve information from the website that is outdated?

  A. Visit google's search engine and view the cached copy.
  B. Visit Archive.org web site to retrieve the Internet archive of the company's website.
  C. Crawl the entire website and store them into your computer.
  D. Visit the company's partners and customers website for this information.
  B. Visit Archive.org web site to retrieve the Internet archive of the company's website.

  ---

  Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that's the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org

• Question 458:

  Study the log below and identify the scan type. tcpdump w host 192.168.1.10

  

  A. nmap R 192.168.1.10
  B. nmap S 192.168.1.10
  C. nmap V 192.168.1.10
  D. nmap sO T 192.168.1.10
  D. nmap sO T 192.168.1.10

  ---

  -sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine.

• Question 459:

  Exhibit: What type of attack is shown in the above diagram?

  

  A. SSL Spoofing Attack
  B. Identity Stealing Attack
  C. Session Hijacking Attack
  D. Man-in-the-Middle (MiTM) Attack
  D. Man-in-the-Middle (MiTM) Attack

  ---

  A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.

• Question 460:

  What is GINA?

  A. Gateway Interface Network Application
  B. GUI Installed Network Application CLASS
  C. Global Internet National Authority (G-USA)
  D. Graphical Identification and Authentication DLL
  D. Graphical Identification and Authentication DLL

  ---

  In computing, GINA refers to the graphical identification and authentication library, a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services.