EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 461:

  What is the expected result of the following exploit?

  

  A. Opens up a telnet listener that requires no username or password.
  B. Create a FTP server with write permissions enabled.
  C. Creates a share called "sasfile" on the target system.
  D. Creates an account with a user name of Anonymous and a password of [email protected].
  A. Opens up a telnet listener that requires no username or password.

  ---

  The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) -- $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife -- netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The #'s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on.

• Question 462:

  Consider the following code:

  

  If an attacker can trick a victim user to click a link like this and the web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page or redirecting the user to another web site.

  What is the countermeasure against XSS scripting?

  A. Create an IP access list and restrict connections based on port number
  B. Replace "" characters with ?lt; and ?gt; using server scripts
  C. Disable Javascript in IE and Firefox browsers
  D. Connect to the server using HTTPS protocol instead of HTTP
  B. Replace "" characters with ?lt; and ?gt; using server scripts

  ---

  The correct answer contains a string which is an HTML-quoted version of the original script. The quoted versions of these characters will appear as literals in a browser, rather than with their special meaning as HTML tags. This prevents any script from being injected into HTML output, but it also prevents any user- supplied input from being formatted with benign HTML.

• Question 463:

  Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill's problem?

  A. You cannot use a buffer overflow to deface a web page
  B. There is a problem with the shell and he needs to run the attack again
  C. The HTML file has permissions of read only
  D. The system is a honeypot
  C. The HTML file has permissions of read only

• Question 464:

  ____________ will let you assume a users identity at a dynamically generated web page or site.

  A. SQL attack
  B. Injection attack
  C. Cross site scripting
  D. The shell attack
  E. Winzapper
  C. Cross site scripting

  ---

  Cross site scripting is also referred to as XSS or CSS. You must know the user is online and you must scam that user into clicking on a link that you have sent in order for this hack attack to work.

• Question 465:

  Exhibit

  

  Joe Hacker runs the hping2 hacking tool to predict the target host's sequence numbers in one of the hacking session. What does the first and second column mean? Select two.

  A. The first column reports the sequence number
  B. The second column reports the difference between the current and last sequence number
  C. The second column reports the next sequence number
  D. The first column reports the difference between current and last sequence number
  A. The first column reports the sequence number
  B. The second column reports the difference between the current and last sequence number

• Question 466:

  In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

  

  A. Token Injection Replay attacks
  B. Shoulder surfing attack
  C. Rainbow and Hash generation attack
  D. Dumpster diving attack
  A. Token Injection Replay attacks

• Question 467:

  Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?

  A. Any cookie can be replayed irrespective of the session status
  B. The scenario is invalid as a secure cookie cannot be replayed
  C. It works because encryption is performed at the network layer (layer 1 encryption)
  D. It works because encryption is performed at the application layer (single encryption key)
  D. It works because encryption is performed at the application layer (single encryption key)

• Question 468:

  You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

  A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
  B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
  C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
  D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account
  C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

• Question 469:

  According to the CEH methodology, what is the next step to be performed after footprinting?

  A. Enumeration
  B. Scanning
  C. System Hacking
  D. Social Engineering
  E. Expanding Influence
  B. Scanning

  ---

  Once footprinting has been completed, scanning should be attempted next. Scanning should take place on two distinct levels: network and host.

• Question 470:

  You work as security technician at ABC.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?

  A. Use mget to download all pages locally for further inspection.
  B. Use wget to download all pages locally for further inspection.
  C. Use get* to download all pages locally for further inspection.
  D. Use get() to download all pages locally for further inspection.
  B. Use wget to download all pages locally for further inspection.

  ---

  Wget is a utility used for mirroring websites, get* doesn't work, as for the actual FTP command to work there needs to be a space between get and * (ie. get *), get (); is just bogus, that's a C function that's written 100% wrong. mget is a

  command used from "within" ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the R option (ie. wget R www.ABC.com) it could mirror a site, all expect

  protected portions of course.

  Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off.