EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 481:

  This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker.

  A. Unique SQL Injection
  B. Blind SQL Injection
  C. Generic SQL Injection
  D. Double SQL Injection
  B. Blind SQL Injection

• Question 482:

  User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

  A. 18 U.S.C 1029 Possession of Access Devices
  B. 18 U.S.C 1030 Fraud and related activity in connection with computers
  C. 18 U.S.C 1343 Fraud by wire, radio or television
  D. 18 U.S.C 1361 Injury to Government Property
  E. 18 U.S.C 1362 Government communication systems
  F. 18 U.S.C 1831 Economic Espionage Act
  G. 18 U.S.C 1832 Trade Secrets Act
  B. 18 U.S.C 1030 Fraud and related activity in connection with computers

  ---

  http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html

• Question 483:

  An Employee wants to bypass detection by a network-based IDS application and does not want to attack the system containing the IDS application. Which of the following strategies can the employee use to evade detection by the network based IDS application?

  A. Create a ping flood
  B. Create a SYN flood
  C. Create a covert network tunnel
  D. Create multiple false positives
  C. Create a covert network tunnel

  ---

  HTTP Tunneling is a technique by which communications performed using various network protocols are encapsulated using the HTTP protocol, the network protocols in question usually belonging to the TCP/IP family of protocols. The HTTP protocol therefore acts as a wrapper for a covert channel that the network protocol being tunneled uses to communicate. The HTTP stream with its covert channel is termed a HTTP Tunnel. Very few firewalls blocks outgoing HTTP traffic.

• Question 484:

  Which is the right sequence of packets sent during the initial TCP three way handshake?

  A. FIN, FIN-ACK, ACK
  B. SYN, URG, ACK
  C. SYN, ACK, SYN-ACK
  D. SYN, SYN-ACK, ACK
  D. SYN, SYN-ACK, ACK

  ---

  A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.

• Question 485:

  You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

  A. MD4
  B. DES
  C. SHA
  D. SSL
  B. DES

  ---

  The LM hash is computed as follows.1. The user's password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The "fixed-length" password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string "KGS!@#$ %", resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.

• Question 486:

  Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?

  A. An integer variable
  B. A 'hidden' price value
  C. A 'hidden' form field value
  D. A page cannot be changed locally; it can only be served by a web server
  C. A 'hidden' form field value

  ---

  Changing hidden form values is possible when a web site is poorly built and is trusting the visitors computer to submit vital data, like the price of a product, to the database.

• Question 487:

  Peter has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the External Gateway interface. Further inspection reveals they are not responses from internal hosts request but simply responses coming from the Internet. What could be the likely cause of this?

  A. Someone Spoofed Peter's IP Address while doing a land attack
  B. Someone Spoofed Peter's IP Address while doing a DoS attack
  C. Someone Spoofed Peter's IP Address while doing a smurf Attack
  D. Someone Spoofed Peter's IP address while doing a fraggle attack
  C. Someone Spoofed Peter's IP Address while doing a smurf Attack

  ---

  An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target.

• Question 488:

  Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

  A. Eric network has been penetrated by a firewall breach
  B. The attacker is using the ICMP protocol to have a covert channel
  C. Eric has a Wingate package providing FTP redirection on his network
  D. Somebody is using SOCKS on the network to communicate through the firewall
  D. Somebody is using SOCKS on the network to communicate through the firewall

  ---

  Port Description:

  SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal

  host or mask true source of attack. Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port

  allows attacker to access web sites, etc. that were restricted only to.mil domain hosts.

• Question 489:

  You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

  Dear valued customers,

  We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your

  antivirus code:

  Antivirus code: 5014 http://www.juggyboy/virus/virus.html Thank you for choosing us, the worldwide leader Antivirus solutions.

  Mike Robertson PDF Reader Support Copyright Antivirus 2010 ?All rights reserved If you want to stop receiving mail, please go to: http://www.juggyboy.com or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  

  A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
  B. Connect to the site using SSL, if you are successful then the website is genuine
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
  D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

• Question 490:

  Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?

  A. A hidden form field value.
  B. A hidden price value.
  C. An integer variable.
  D. A page cannot be changed locally, as it is served by a web server.
  A. A hidden form field value.