EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 521:

  Vulnerability mapping occurs after which phase of a penetration test?

  A. Host scanning
  B. Passive information gathering
  C. Analysis of host scanning
  D. Network level discovery
  C. Analysis of host scanning

  ---

  The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning.

• Question 522:

  What makes web application vulnerabilities so aggravating? (Choose two)

  A. They can be launched through an authorized port.
  B. A firewall will not stop them.
  C. They exist only on the Linux platform.
  D. They are detectable by most leading antivirus software.
  A. They can be launched through an authorized port.
  B. A firewall will not stop them.

  ---

  As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack.

• Question 523:

  Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security.

  Maintaining the security of a Web server will usually involve the following steps:

  1.

  Configuring, protecting, and analyzing log files

  2.

  Backing up critical information frequently

  3.

  Maintaining a protected authoritative copy of the organization's Web content

  4.

  Establishing and following procedures for recovering from compromise

  5.

  Testing and applying patches in a timely manner

  6.

  Testing security periodically.

  In which step would you engage a forensic investigator?

  A. 1
  B. 2
  C. 3
  D. 4
  E. 5
  F. 6
  D. 4

• Question 524:

  MX record priority increases as the number increases.(True/False.

  A. True
  B. False
  B. False

  ---

  The highest priority MX record has the lowest number.

• Question 525:

  June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

  A. No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus
  B. Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus
  C. Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus
  D. No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program
  D. No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

  ---

  Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses.

• Question 526:

  Which are true statements concerning the BugBear and Pretty Park worms? Select the best answers.

  A. Both programs use email to do their work.
  B. Pretty Park propagates via network shares and email
  C. BugBear propagates via network shares and email
  D. Pretty Park tries to connect to an IRC server to send your personal passwords.
  E. Pretty Park can terminate anti-virus applications that might be running to bypass them.
  A. Both programs use email to do their work.
  C. BugBear propagates via network shares and email
  D. Pretty Park tries to connect to an IRC server to send your personal passwords.

  ---

  Both Pretty Park and BugBear use email to spread. Pretty Park cannot propagate via network shares, only email. BugBear propagates via network shares and email. It also terminates anti- virus applications and acts as a backdoor server for someone to get into the infected machine. Pretty Park tries to connect to an IRC server to send your personal passwords and all sorts of other information it retrieves from your PC. Pretty Park cannot terminate anti-virus applications. However, BugBear can terminate AV software so that it can bypass them.

• Question 527:

  How does traceroute map the route a packet travels from point A to point B?

  A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message
  B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
  C. Uses a protocol that will be rejected by gateways on its way to the destination
  D. Manipulates the flags within packets to force gateways into generating error messages
  B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message

• Question 528:

  What port number is used by Kerberos protocol?

  A. 44
  B. 88
  C. 419
  D. 487
  B. 88

  ---

  Kerberos traffic uses UDP/TCP protocol source and destination port 88.

• Question 529:

  Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well. Which of the choices below indicate the other features offered by Snort?

  A. IDS, Packet Logger, Sniffer
  B. IDS, Firewall, Sniffer
  C. IDS, Sniffer, Proxy
  D. IDS, Sniffer, content inspector
  A. IDS, Packet Logger, Sniffer

  ---

  Snort is a free software network intrusion detection and prevention system capable of performing packet logging and real-time traffic analysis, on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire

• Question 530:

  You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?

  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
  B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
  C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
  D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain