EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 511:

  Which of the following represent weak password? (Select 2 answers)

  A. Passwords that contain letters, special characters, and numbers Example: ap1$%##f@52
  B. Passwords that contain only numbers Example: 23698217
  C. Passwords that contain only special characters Example: and*#@!(%)
  D. Passwords that contain letters and numbers Example: meerdfget123
  E. Passwords that contain only letters Example: QWERTYKLRTY
  F. Passwords that contain only special characters and numbers Example: 123@$45
  G. Passwords that contain only letters and special characters Example: bob@andba
  H. Passwords that contain Uppercase/Lowercase from a dictionary list Example: OrAnGe
  E. Passwords that contain only letters Example: QWERTYKLRTY
  H. Passwords that contain Uppercase/Lowercase from a dictionary list Example: OrAnGe

• Question 512:

  Which of the following is one of the key features found in a worm but not seen in a virus?

  A. The payload is very small, usually below 800 bytes.
  B. It is self replicating without need for user intervention.
  C. It does not have the ability to propagate on its own.
  D. All of them cannot be detected by virus scanners.
  B. It is self replicating without need for user intervention.

  ---

  A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided.

• Question 513:

  You are gathering competitive intelligence on ABC.com. You notice that they have jobs listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization?

  A. The IP range used by the target network
  B. An understanding of the number of employees in the company
  C. How strong the corporate security policy is
  D. The types of operating systems and applications being used.
  D. The types of operating systems and applications being used.

  ---

  From job posting descriptions one can see which is the set of skills, technical knowledge, system experience required, hence it is possible to argue what kind of operating systems and applications the target organization is using.

• Question 514:

  Steven works as a security consultant and frequently performs penetration tests for Fortune 500 companies. Steven runs external and internal tests and then creates reports to show the companies where their weak areas are. Steven always signs a non-disclosure agreement before performing his tests. What would Steven be considered?

  A. Whitehat Hacker
  B. BlackHat Hacker
  C. Grayhat Hacker
  D. Bluehat Hacker
  A. Whitehat Hacker

  ---

  A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.

• Question 515:

  Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit.

  You can visit Web sites without allowing anyone to gather information on sites visited by you. Services that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address.

  These services typically use a proxy server to process each HTTP request. When the user requests a Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the information using its own server. The remote server (where the requested Web page resides) receives information on the anonymous Web surfing service in place of your information.

  In which situations would you want to use anonymizer? (Select 3 answers)

  A. Increase your Web browsing bandwidth speed by using Anonymizer
  B. To protect your privacy and Identity on the Internet
  C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.
  D. Post negative entries in blogs without revealing your IP identity
  B. To protect your privacy and Identity on the Internet
  C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.
  D. Post negative entries in blogs without revealing your IP identity

• Question 516:

  Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal? (Note: The student is being tested on concept learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dumo.) 05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400

  05/20-17:06:58.685879 192.160.13.4:31337 -> 172.16.1.101:1024 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400 What is odd about this attack? (Choose the most appropriate statement)

  A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
  B. This is back orifice activity as the scan comes from port 31337.
  C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
  D. There packets were created by a tool; they were not created by a standard IP stack.
  B. This is back orifice activity as the scan comes from port 31337.

  ---

  Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of `elite', meaning `elite hackers'.

• Question 517:

  Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL's (access control lists) to files or folders and also one that can be used within batch files. Which of the following tools can be used for that purpose? (Choose the best answer)

  A. PERM.exe
  B. CACLS.exe
  C. CLACS.exe
  D. NTPERM.exe
  B. CACLS.exe

  ---

  Cacls.exe is a Windows NT/2000/XP command-line tool you can use to assign, display, or modify ACLs (access control lists) to files or folders. Cacls is an interactive tool, and since it's a command-line utility, you can also use it in batch files.

• Question 518:

  What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

  A. All are hacking tools developed by the legion of doom
  B. All are tools that can be used not only by hackers, but also security personnel
  C. All are DDOS tools
  D. All are tools that are only effective against Windows
  E. All are tools that are only effective against Linux
  C. All are DDOS tools

  ---

  All are DDOS tools.

• Question 519:

  The GET method should never be used when sensitive data such as credit is being sent to a CGI program. This is because any GET command will appear in the URL and will be logged by any servers. For example, let's say that you've

  entered your credit card information into a form that uses the GET method. The URL may appear like this:

  https://www.xsecurity-bank.com/creditcard.asp?cardnumber=454543433532234 The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information.

  How would you protect from this type of attack?

  A. Replace the GET with POST method when sending data
  B. Never include sensitive information in a script
  C. Use HTTOS SSLV3 to send the data instead of plain HTTPS
  D. Encrypt the data before you send using GET method
  A. Replace the GET with POST method when sending data

  ---

  If the method is "get", the user agent takes the value of action, appends a ? to it, then appends the form data set, encoded using the application/x-www-form- urlencoded content type. The user agent then traverses the link to this URI. If the method is "post" --, the user agent conducts an HTTP post transaction using the value of the action attribute and a message created according to the content type specified by the enctype attribute.

• Question 520:

  Theresa is the chief information security officer for her company, a large shipping company based out of New York City. In the past, Theresa and her IT employees manually checked the status of client computers on the network to see if they had the most recent Microsoft updates. Now that the company has added over 100 more clients to accommodate new departments, Theresa must find some kind of tool to see whether the clients are up-to-date or not. Theresa decides to use Qfecheck to monitor all client computers. When Theresa runs the tool, she is repeatedly told that the software does not have the proper permissions to scan. Theresa is worried that the operating system hardening that she performs on all clients is keeping the software from scanning the necessary registry keys on the client computers.

  What registry key permission should Theresa check to ensure that Qfecheck runs properly?

  A. In order for Qfecheck to run properly, it must have enough permission to read
  B. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates registry key
  C. Theresa needs to look over the permissions of the registry key
  D. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft must be checked
  B. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates registry key

  ---

  Qfecheck check the registry HKLM\Software\Microsoft\Updates